Reaching targets, the wrong way

I’ve been increasingly annoyed by these drip automation campaigns. You know the ones I mean. Senders use some software to find some flimsy pretext to send a mail. Then there emails drop every few days. Sometimes this cycle goes on for months. Most of these messages violate CAN SPAM. It’s annoying. It’s illegal. It is spam.
I can even opt out of most of these messages, they don’t offer that ability.

Spammers Gonna Spam

I have so many examples of these emails. They’re all the same, really. They start out with a statement someone is reading my website. Then they mention they have an article that they or their customers wrote. This article is, of course, perfect for my site and the article.
Well that’s the theory anyway.  They tend to miss the mark pretty significantly.
There was this one example where the company found a post linking to a newspaper article.

Hi there,
I was just browsing Word To The Wise and saw you were interested in travel from this post (https://wordtothewise.com/2011/01/fines-for-not-honoring-unsubscribes/). So I thought you might also be interested in linking to a resource we put together on how travelling can improve your health.
Here is a link for your review:
This example is the first in the second series of emails from Eric. He’s changed his email address and got my name wrong on this round, but otherwise this is identical to the messages he sent me in late May. I can even predict the cadence. Three days after the first messages, I’ll get a “hey, did you get my email?” On the fourth and fifth days the message will change a bit. By day 7 he’ll start asking for the “right person” at my company.
Hey Lauren –
I hope everything is going well on your end 🙂
I just finished going through your article here: https://wordtothewise.com/2015/04/a-series-of-tubes/. Thanks for the resource!
My colleague Lavanya put together a pretty comprehensive piece on the net neutrality just last week.There is a lot of info out there about net neutrality, and it’s sort of a hot topic at the moment. Our guide was designed to cut through the noise a bit.
The article is here: [link removed]
Would you consider linking to it in the post of yours I mentioned above? I saw you linked to en.wikipedia.org in there, so I figured I’d see if you’d link to mine as well. Perhaps your visitors find it helpful, but hey, it’s up to you.
Thanks,- Eric
P.S. I respect the relationship you have with your readers, I wouldn’t ask you to link to anything I didn’t think was an excellent resource for your site.

B2B spam is still spam

I was recently contacted by one of the software companies that provides infrastructure for these types of emails. Surprisingly, they are having a difficult time getting their mail delivered. It seems no one wants their mail. The thing is, I can’t help them. No one can help them. They’re sending mostly unwanted mail. I’m sure even the bloggers who make their money from blogging hate these kinds of messages.
This was someone building software that is causing significant amount of annoyance. I get the messages this software company, and their competitors, are facilitating. I am not going to help their spam get through to people who don’t want it.
During the call, they did name some of their competitors and I fell down the rabbit hole of B2B spamware. The vendors go through all sorts of contortions to convince their users this isn’t spam. Many of the phrases used on the websites were the same I heard on the phone. It’s one-to-one mail. It’s targeted. It’s focused on the recipient. It’s important.
Guess what? I’m a frequent recipient of that kind of mail. I know the mail isn’t targeted and it’s not focused on the recipient. The two examples above show that clearly. One of them couldn’t even get my name right! Both of them missed the context of the links and posts. None of this has to do with me or my readers, other than an example of what not to do.

CAN SPAM applies

The above examples aren’t anything special, I picked out the first two I saw in my mailbox. I have dozens of examples of these campaigns.  In almost every case the messages violate CAN SPAM. Very rarely they’ll include an opt-out link, but they almost never include a physical postal address.  Sometimes they include an opt-out, but they almost never have a physical address.
CAN SPAM says nothing about bulk, it only mentions commercial email. Specifically the act says:
The term “commercial electronic mail message” means any electronic mail message the primary purpose of which is the commercial advertisement or promotion of a commercial product or service (including content on an Internet website operated for a commercial purpose).
It’s clear to me that the messages I’m getting are commercial. CAN SPAM applies. They need to have a physical address and an opt-out link for every message. They don’t.

Unwanted mail doesn’t reach the inbox.

Last week’s phone call demonstrated I am not alone in hating this mail. The software company contacted me for help because they can’t get to the inbox. It seems no one wants their mail. Due to blocking problems many of the senders resort to tactics used by spammers. They use different domains for their unsolicited mail. Sometimes they’re analog or cousin domains, like a .co for the unsolicited messages and a .com domain for their response emails. In other cases, they use Office365 or Google apps or Gmail for their outbound mail stream. Most places won’t block @gmail.com, so it’s a fairly safe to use gmail addresses.

Some of the messages are upfront about their marketing strategy using the Gmail. Let’s be clear, this strategy is a way to avoid spam filters.

Permission is key to delivery

Marketing programs that rely on spammer tactics are doomed to failure long term. Mail sent without permission does not work, even in the B2B space. Companies relying on unsolicited email discover it’s not that simple. Spam filters block unsolicited email. That’s their job, it’s what they’re designed to do. The way they detect unsolicited varies, but filters target unsolicited email.
There are large companies, many of them clients of mine, who do get caught in filters, usually because some of their mail is unsolicited. This isn’t intentional. Their overall program is sending mail to people who have asked for it and want it. Permission is a central piece of the email strategy. But, particularly as programs age, we find grotty corners where permission is a little iffy. These are small parts of their database, but they can cause significant problems.
Good email marketers know that permission is key. They invest time, energy and resources into getting permission and maintaining data. They think long term. They know recipients don’t want spam and that any gains from spamming are fleeting.

Related Posts

Parasites hurt email marketing

As a small business owner I am a ripe target for many companies. They buy my address from some lead generation firm, or they scrape it off LinkedIn, and they send me a message that pretends to be personalized but isn’t really.
“I looked at your website… we have a list of email addresses to sell you.”
“We offer cold calling services… can I set up a call with you?”
“I have scheduled a meeting tomorrow so I can tell you about our product that will solve all your technical issues and is also a floor wax.”
None of these emails are anything more than spam. They’re fake personalized. There’s no permission. On a good day they’ll have an opt out link. On a normal day they might include an actual name.
These are messages coming to an email address I’ve spent years trying to protect from getting onto mailing lists. I don’t do fishbowls, I’m careful about who I give my card to, I never use it to sign up for anything. And, still, that has all been for naught.
I don’t really blame the senders, I mean I do, they’re the ones that bought my address and then invested in business automation software that sends me regular emails trying to get me to give them a phone number. Or a contact for “the right person at your business to talk to about this great offer that will change your business.”
The real blame lies with the people who pretend that B2B spam is somehow not spam. Who have pivoted their businesses from selling consumer lists to business lists because permission doesn’t matter when it comes to businesses. The real blame lies with companies who sell “marketing automation software” that plugs into their Google Apps account and hijacks their reputation to get to the inbox. The real blame lies with list cleansing companies who sell list buyers a cleansing service that only hides the evidence of spamming.
There are so many parasites in the email space. They take time, energy and resources from large and small businesses, offering them services that seem good, but really are worthless.
The biologically interesting thing about parasites, though, is that they do better if they don’t overwhelm the host system. They have to stay small. They have to stay hidden. They have to not cause too much harm, otherwise the host system will fight back.
Email fights back too. Parasites will find it harder and harder to get mail delivered in any volume as the host system adapts to them. Already if I look in my junk folder, my filters are correctly flagging these messages as spam. And my filters see a very small portion of mail. Filtering companies and the business email hosting systems have a much broader view and much better defenses.
These emails annoy me, but I know that they are a short term problem.  As more and more businesses move to hosted services, like Google Apps and Office365 the permission rules are going to apply to business addresses as well as consumer addresses. The parasites selling products and services to small business owners can’t overwhelm email. The defenses will step in first.
 

Read More

Malicious email terms defined.

Legitimate mailers need to distinguish themselves from spammers. One important piece of that is knowing what spammers do. SendGrid has put together some information on common scams and techniques spammers use to get email delivered.
Some of these terms, like doxxing and swatting, are not specifically email related. However, they are used against people who are fighting abuse on the Internet. People who are actively investigating darker portions of the internet face real danger. Brian Krebs has made some of the harassment he’s received public. I know other people in the space have been harassed but don’t make it so public.
I think it’s valuable for marketers to understand the malicious and criminal end of mail. It makes some filtering decisions less random when you know the types of bad traffic that the filters are trying to stop. The SendGrid document is a fantastic first stop to learn about them.

Read More

A due diligence story

due diligence
noun. research and analysis of a company or organization done in preparation for a business transaction

It’s a term that’s been around for five centuries or so. Originally it meant the effort that was necessary for something, but it evolved into a legal term for “the care that a reasonable person takes to avoid harm to other persons or their property“.
More recently it’s evolved to mean “the research that a company should perform before engaging in a financial transaction“.
One aspect of that is doing at least a bare minimum of research on a customer before you let them take advantage of your reputation.
I just got some SMS spam from a short code, advertising two domains – 29designx.us and customlogocoupon.us. It’s SMS spam, so there’s no hidden content, no affiliate tags, just the bare domains. One spam has both domains in it, the other has 29designx.us twice.
According to the company that operates the SMS gateway this is a dedicated short code, not a shared code. In ESP terms that’s kinda equivalent to a customer on a dedicated IP address rather than one sharing a pool. Except much more so – short codes are a scarcer resource than IP addresses, with the US having fewer short codes in total than some ESPs have IP addresses.
What would 60 seconds of due diligence have told the SMS provider about this customer?
Let’s start by looking at the two websites.
They’re clearly built from the same template. Same annoying animation, same fake sale countdown timers, same live chat window.
The live chat was answered by Harvey (who is a real person, one I managed to annoy by talking with him through multiple live chat windows on their different sites simultaneously). Different ‘phone numbers though – 1-866-212-2217 for the coupon site vs 1-619-942-5964.
Then lets look at whois for the domains:
Domain Name:  29DESIGNX.US
Registrant Name: Mildred Smith
Registrant Organization: 29designs
Registrant Address1: 1854 Valley View Drive (that’s in Kansas)
Registrant City: Boston
Registrant State/Province: MA (not Boston, Massachusetts)
Registrant Postal Code: DN3 6GB (see note)
Registrant Country: UNITED KINGDOM (nor the United Kingdom)
Registrant Country Code: GB
Registrant Phone Number: +92.3233000306 (nor Pakistan)
Registrant Email: rhiannon.desir@gmail.com (gmail? rhiannon != Mildred)
Registrant Application Purpose: P1 (= business registration)
Registrant Nexus Category: C11
and
Domain Name: CUSTOMLOGOCOUPON.US
Registrant Name: Antonio R. Flores
Registrant Organization: Oranges Records & Tapes (see note)
Registrant Address1: 4243 Marie Street Annapolis (doesn’t exist)
Registrant City: MD
Registrant State/Province: MD
Registrant Postal Code: 21401
Registrant Country: United States
Registrant Country Code: US
Registrant Phone Number: +1.4108498868
Registrant Email: mj9729395@gmail.com (seven digit number, huh?)
Registrant Application Purpose: P3 (= personal website)
Registrant Nexus Category: C11
That’d make me suspicious enough to put the customer on hold and maybe doing a little actual investigation of them before allowing them to send. That’s the due diligence an ESP or SMS provider should do.

Laura is in Las Vegas today, so I have a little spare time. Let’s do the next level of investigation to find a little more. Nothing fancy, just some creative use of Google.
“DN3 6GB” is an interesting UK postcode. Not because Doncaster – the South Yorkshire town that “DN3” would imply – is particularly interesting, nor because of the fact that DN3 6GB doesn’t exist, despite being syntactically correct.
No. It’s interesting because it is the first postcode in a test suite for validating UK postcodes via regular expression so it’s all over developers forums and FAQs when people are talking about valid UK postcodes. Not only a fake, but a manually created fake.
“Orange’s Records and Tapes” is interesting too. It’s an odd looking business name to have attached to a logo design company. And the mention of “Tapes” looks rather dated. It seems to be a Chicago-based record store (or, possibly, small chain) that either went out of business or was bought out and the name abandoned quite some years ago. It’s still on some easily available lists of business names, though.
And it’s also in output from fakenamegenerator.com – a handy little site that generates fake names, email addresses, employer names, birth dates, credit card numbers and everything else you might want to have as test data. That makes me pretty sure that everything about customlogocoupon.us is fake.
Reverse whois search suggests that the same “Mildred Smith” also registered 29design.us, paperx.us, 99videos.us, 29designs.us and 99videoz.us. As well as the similarity in domain names, the sites that are up are using the same template as the first two sites and selling services in much the same style. And appear to use equally fake registration data.
We still have the ‘phone numbers published on the original sites…
The 866 number on customlogocoupon.us shows up in the contact information for logoventure.com and logoventure.net. They’re a small graphic design and flash animation company, consisting of Russell Bryant, Jessica Sandler, George Isaacson and Jason somebody. No Antonio R. Flores, and it’s a much more restrained site than the customlogocoupon.us hyperactivity.
The 619 number from 29designx.us shows up on animationsharks.com. Which is a little better designed, but still has the same live chat box manned by Harvey. (Hi, Harvey!). It’s been mentioned elsewhere in the SMS spam context too.
There’s no useful contact information on the site, and the domain registration data is falsified via Domains by Proxy (reasonable for a personal site, a bad sign on a business site).
My best guess is that animationsharks.com / 29designx.us / 29design.us / 29designns.com are the SMS spammers, while logoventure.com are a customer of theirs.
Hidden by CSS on the animationsharks.com site is a list of services, support and postal contact information that’s identical to that of a legitimate corporate animation studio based out of Boston. It’s possible that they just ripped off the site of another company, but it’s also possible it’s a side-job, something done by an ex-employee…
But that’s all I have time to look at now. Back to work.

Read More