Internet fraud and private whois records

The Verge has a long article about Internet Marketing and how much fraud is perpetrated by people who label themselves Internet Marketers.
It was interesting, but I didn’t think it was necessarily relevant to email marketers until I saw this quote from Roberto Anguizola at the FTC Bureau of Consumer Protection.

“savvy internet fraudsters use fake information, they use a host of shell companies [and they] use internet registrations that are private or themselves are fraudulent” to cover up their tracks. “If it’s a hydra of an internet scam, and you just chop off one tentacle, you may be missing the rest of it, and it will regenerate in a form that will not be recognizable…”

Then I realized this was worth sharing with my audience. A lot of these scammers use privacy protected domain (internet) registration to hide themselves and cover their tracks.
Who else uses privacy protection? A lot of email marketers. This is happening less and less, but in the last month I had to tell clients to turn off privacy protection before I could contact the ISPs on their behalf.
Many of us who deal in spamblocking, whether it’s troubleshooting and mitigating blocks or instituting blocks, have a very negative gut reaction when we see whois information behind privacy protection.
Now, it’s not that I believe everyone who uses privacy protection has something to hide. Some small business owners use it because they don’t know any better and because their registrar sells them on it. Individuals registering personal domains use privacy protection for very valid reasons. I also know that not every company that uses privacy protection is actually a spammer.
I strongly believe companies should not use privacy protection on any domain they use for business. For domains used in email, this goes double. CAN SPAM requires every email have a postal address. If every email has to have a real address, there is no reason that domains in that mail need to be hidden behind privacy protection.
There are a lot of scammers and spammers who use privacy protection. There are so many of them that a company using privacy protection often gets classified as a scammer or spammer by people handling email, either on the inbound or the outbound. Personally, I’ve had some very bad experiences with clients who use privacy protected domains for their bulk mail. I have not gone so far as to refuse to take them on as clients, but I will no longer contact an ISP, spam filtering company or blocklist for companies that have privacy protected domains. I’m not the only delivery expert that does this.

[Return Path Certified] Program Members must maintain accurate contact information in the whois database and no privacy protection services may be used for all Sender controlled domains that appear in message headers and body text, are used for user sign-up, preference and unsubscribe sites. Return Path Minimum Certification Guide

Scammers, spammers and just plain bad marketers hide their identity behind privacy protection. Using privacy protection makes a company look like them. Don’t be that marketer.

Related Posts

News and announcements: March 1, 2010

Some news stories and links today.
Spamhaus has announced their new domain block list (DBL). The DBL is a list of domains that have been found in spam.

Read More

Spam from mainstream companies

Yesterday I wrote about spam I received advertising AARP and used it as an example of a mainstream group supporting spammers by hiring them (or hiring them through proxies) to send mail on their behalf.
My statement appears to have upset someone, though. There is one comment on the post, coming from an IP address allocated to the AARP.

Read More

Mainstream spam wrap-up

Over the last week Steve and I have posted about the AARP hiring affiliates to send spam on their behalf: starting with the poorly done email message, moving through the process of identifying the responsible entity and then walking through the details of how we tracked the spammer.
Why spend a week writing about the AARP spamming? I initially posted about the AARP spam because it was such a horrible example of email marketing. Not just that it was spam but it was careless spam. Plus, in a lot of my interactions with marketers, clients and delivery experts I hear a lot about how “real” companies don’t spam, don’t support spam and wouldn’t ever let someone spam on their behalf. This isn’t true, not even a little bit.
The post actually came to the attention of the AARP and someone from their national headquarters commented that it was “just spam” and had nothing to do with AARP. I’ll be honest, I was annoyed with their reaction. I did my homework before calling the AARP out and was convinced this mailing was authorized by them.
Over the next 2 days Steve investigated the spam and reported on his findings. He only documented the full investigation on one of the emails I received (yes, there were multiple emails sent to the same address, most of them coming from different domains owned by the spammer). We did this to document that yes, mainstream companies do hire spammers and that trail can sometimes be tracked. We also wanted to show the lengths spammers and their customers will go to in order to get through filters and spam blocks.
A lot of mainstream groups do support spam and hire other people to send it on their behalf. Many of these same companies expect ISPs to hurry up and let mail through because “we’re a legitimate company” when their mail is blocked.
To be fair, some companies may not initially intend to support spam, but when they see the money rolling in they can’t stop. Some may pay lip service to no-spam policies, but deliberately turn a blind eye to spam advertising their company. Some hire spammers, but with enough distance between themselves and the spammer that they can deny they knew about the spam.
Every company using email for acquisition without actively managing the email program is at risk of spammers being hired on their behalf. There are some things that can be done to lower the risk of spammers being used to send spam, but the spammers are clever and if the payouts are high enough they will spam on your behalf.
There are things a company can do to minimize the chances that an affiliate program will attract spammers. Check back tomorrow for some processes that have proven effective for my clients.

Read More