Internet fraud and private whois records

The Verge has a long article about Internet Marketing and how much fraud is perpetrated by people who label themselves Internet Marketers.
It was interesting, but I didn’t think it was necessarily relevant to email marketers until I saw this quote from Roberto Anguizola at the FTC Bureau of Consumer Protection.

“savvy internet fraudsters use fake information, they use a host of shell companies [and they] use internet registrations that are private or themselves are fraudulent” to cover up their tracks. “If it’s a hydra of an internet scam, and you just chop off one tentacle, you may be missing the rest of it, and it will regenerate in a form that will not be recognizable…”

Then I realized this was worth sharing with my audience. A lot of these scammers use privacy protected domain (internet) registration to hide themselves and cover their tracks.
Who else uses privacy protection? A lot of email marketers. This is happening less and less, but in the last month I had to tell clients to turn off privacy protection before I could contact the ISPs on their behalf.
Many of us who deal in spamblocking, whether it’s troubleshooting and mitigating blocks or instituting blocks, have a very negative gut reaction when we see whois information behind privacy protection.
Now, it’s not that I believe everyone who uses privacy protection has something to hide. Some small business owners use it because they don’t know any better and because their registrar sells them on it. Individuals registering personal domains use privacy protection for very valid reasons. I also know that not every company that uses privacy protection is actually a spammer.
I strongly believe companies should not use privacy protection on any domain they use for business. For domains used in email, this goes double. CAN SPAM requires every email have a postal address. If every email has to have a real address, there is no reason that domains in that mail need to be hidden behind privacy protection.
There are a lot of scammers and spammers who use privacy protection. There are so many of them that a company using privacy protection often gets classified as a scammer or spammer by people handling email, either on the inbound or the outbound. Personally, I’ve had some very bad experiences with clients who use privacy protected domains for their bulk mail. I have not gone so far as to refuse to take them on as clients, but I will no longer contact an ISP, spam filtering company or blocklist for companies that have privacy protected domains. I’m not the only delivery expert that does this.

[Return Path Certified] Program Members must maintain accurate contact information in the whois database and no privacy protection services may be used for all Sender controlled domains that appear in message headers and body text, are used for user sign-up, preference and unsubscribe sites. Return Path Minimum Certification Guide

Scammers, spammers and just plain bad marketers hide their identity behind privacy protection. Using privacy protection makes a company look like them. Don’t be that marketer.

Related Posts

Did anyone actually look at this email before sending?

I received spam advertising AARP recently. Yes, AARP. Oh, of course they didn’t send me spam, they hired someone who probably hired someone who contracted with an affiliate marketer to send mail.
The affiliates, while capable of bypassing spam filters, are incapable of actually sending readable mail.

Read More

What Happens Next…

or Why All Of This Is Meaningless:
Guest post by Huey Callison
The analysis of the AARP spam was nice, but looking at the Mainsleaze Spammer Playbook, I can make a few educated guesses at what happens next: absolutely nothing of consequence.
AARP, if they acknowledge this publicly (I bet not) has plausible deniability and can say “It wasn’t us, it was an unscrupulous lead-gen contractor”. They probably send a strongly-worded letter to SureClick that says “Don’t do that again”.
SureClick, if they acknowledge this publicly (I bet not) has plausible deniability and can say ‘It wasn’t us, it was an unscrupulous affiliate”. They probably send a strongly-worded letter to OfferWeb that says “Don’t do that again”.
OfferWeb, if they acknowledge this publicly (I bet not) has plausible deniability and can say ‘It wasn’t us, it was an unscrupulous affiliate”. And maybe they DO fire ‘Andrew Talbot’, but that’s not any kind of victory, because he probably already has accounts with OTHER lead-gen outfits, which might even include those who also have AARP as
a client, or a client-of-a-client.
So the best-case result of this analysis being made public is that two strongly-worded letters get sent, the URLs in the spam and the trail of redirects change slightly, but the spam continues at the same volume and with the same results, and AARP continues to benefit from the millions of spams sent on their behalf.
I’m not a lawyer, but I was under the impression that CAN-SPAM imposed liability on the organization that was ultimately responsible for the spam being sent, but until the FTC pursues action against someone like this, or Gevalia, corporations and organizations will continue to get away with supporting, and benefiting from, millions and millions of spams.
As JD pointed out in a comment to a previous post: sorry, AARP, but none of us are going to be able to retire any time soon.

Read More

AARP, SureClick, Offerweb and Spam

On Tuesday Laura wrote about receiving spam sent on behalf of the AARP. The point she was discussing was mostly just how incompetent the spammer was, and how badly they’d mangled the spam such that it was hardly legible.
One of AARPs interactive advertising managers posted in response denying that it was anything to do with the AARP.

Read More