Spot the CAN SPAM violations

I received this piece of unsolicited email today, to an address harvested off a website. How many CAN SPAM violations can you count?

Return-Path:
Received: by m.wordtothewise.com (Postfix, from userid 1003)
  id 166562E196; Wed,  5 Oct 2011 13:50:25 -0700 (PDT)
Received: from [164.193.177.203] (86.sub-75-248-121.myvzw.com
  [75.248.121.86]) by m.wordtothewise.com (Postfix) with SMTP id
  850862E185 for <MUNGED>; Wed,  5 Oct 2011 13:50:23 -0700 (PDT)
Received: from [164.193.177.203][127.0.0.1] by [164.193.177.203]
  [127.0.0.1] (SMTPD32); Wed, 5 Oct 2011 13:49:44 -0700
  Message-ID: <275a6de8fff734e0abd353db00143bb7@g2gm.com>
From: "Ashley Anderson"
To: <MUNGE>
Subject: Do You Want Access to NEW Customers?
Date: Wed, 5 Oct 2011 13:49:42 -0700
MIME-Version: 1.0
Content-Type: text/plain;
charset="windows-1252"
Content-Transfer-Encoding: quoted-printable
Hello,
Does you company need access to fresh databases that can be used
for E-mail Marketing, Direct Mail & Telemarketing?
We have access to 200 Million Consumers & 45 Million
Businesses.=09
Some of our most popular lists are:
> U.S. Realtors - 1,281,916 Full Records=09
> U.S. Lawyers - 269,787 Full Records=09
> U.S. Financial Planners - 265,425 Full Records=09
> U.S. Businesses - 4.8 Million Full Records=09
> U.S. Manufacturers - 1,057,119 Full Records=09
> U.S. Homeowners - 1,326,620 Full Records=09
> U.S. Physicians - 741,809 Full Records=09
> Worldwide Investors - 8,562,140 Emails Only=09
*Much More Available Upon Request=2E
Call us to get a FREE quote!
Thank You,
Ashley Anderson
Data Specialist
Business Networking Services
1 (800) 841-5070

I’m counting at 4 violations, plus aggravated damages because the address was harvested.
How many violations can you find?
Would you trust this company to sell you actual opt-in addresses?

Related Posts

Uptick in botnet spam

There’s been a heavy uptick in botnet spam over the last few days, judging by things I’m hearing and my own mailboxes. There are a few common subject lines, but all of them are trying to get recipients to either run programs or visit malicious web pages.
The first subject line I’m seeing a lot of is “<name> wants to be friends with you on facebook!” In my mailbox most of those names have not been common European names. The give away that this isn’t actually a Facebook invite is the Reply-To address pointing to Linkedin. The URLs in the message appear to be random strings of numbers, and may actually encode recipient information in them.
The second has a subject that that is a variation on “End of July Statement.” The spammers are mixing capitals, adding in “Re:” and “FWD:” and sometimes increasing the urgency by adding required or STAT!! to the mail. These mails contain a .zip file which probably contains some virus which will turn the recipient machine into the next spam spewing bot.
The third variation has the subject line “Uniform Traffic Ticket.” The content is a citation that tells the recipient they were speeding somewhere in New York (possibly other states, I have only done a spot check of the couple hundred copies I have). There is, however, a .zip attachment with a virus.
Most people probably aren’t seeing these. SpamAssassin is doing a reasonably good job here of catching the spam and filtering it. I’m sure that the bigger ISPs are also filtering it effectively. But one person did forward a copy of the spam to a mailing list and ask if anyone knew what was going on.
If you get any of these messages, you don’t need to ask. It’s virus spam. Don’t open it and don’t forward it.

Read More

CAN SPAM Plaintiff ordered to pay 800K in lawyer fees

Asis Internet service has been ordered to pay over $800,000 in lawyer fees to Optin Global. Venkat has details. This is the same company that was recently awarded $2.5M judgment in a different case.

Read More

What Happens Next…

or Why All Of This Is Meaningless:
Guest post by Huey Callison
The analysis of the AARP spam was nice, but looking at the Mainsleaze Spammer Playbook, I can make a few educated guesses at what happens next: absolutely nothing of consequence.
AARP, if they acknowledge this publicly (I bet not) has plausible deniability and can say “It wasn’t us, it was an unscrupulous lead-gen contractor”. They probably send a strongly-worded letter to SureClick that says “Don’t do that again”.
SureClick, if they acknowledge this publicly (I bet not) has plausible deniability and can say ‘It wasn’t us, it was an unscrupulous affiliate”. They probably send a strongly-worded letter to OfferWeb that says “Don’t do that again”.
OfferWeb, if they acknowledge this publicly (I bet not) has plausible deniability and can say ‘It wasn’t us, it was an unscrupulous affiliate”. And maybe they DO fire ‘Andrew Talbot’, but that’s not any kind of victory, because he probably already has accounts with OTHER lead-gen outfits, which might even include those who also have AARP as
a client, or a client-of-a-client.
So the best-case result of this analysis being made public is that two strongly-worded letters get sent, the URLs in the spam and the trail of redirects change slightly, but the spam continues at the same volume and with the same results, and AARP continues to benefit from the millions of spams sent on their behalf.
I’m not a lawyer, but I was under the impression that CAN-SPAM imposed liability on the organization that was ultimately responsible for the spam being sent, but until the FTC pursues action against someone like this, or Gevalia, corporations and organizations will continue to get away with supporting, and benefiting from, millions and millions of spams.
As JD pointed out in a comment to a previous post: sorry, AARP, but none of us are going to be able to retire any time soon.

Read More