BLOG

Mike might be spamming, but why?

I’ve been talking a lot about ongoing B2B spam. That is, where senders drop your address into some sort of automation, that sends mail from gmail or amazon and just spams and spams and spams. This is what my mailbox looked like this morning

Yes, every one of those emails is sent to the same address. “you are still using the address laura-info@…” Well, no, actually. That was the original address I used as part of our contact on the first iteration of the WttW website. I stopped using that address somewhere around 2002? 3? It’s been a very long time in any case.

Folks, B2B spam is still spam. It doesn’t matter if you register a new domain and use Gmail as your outbounds as a way to avoid filters.

It doesn’t matter…

… if it’s to a business address.

… if you think it’s relevant to the recipient.

… if you correctly de-dupe your list.

… if it doesn’t look like this in the recipients mailbox.

This is a blatant example that makes it clear Mike is a spammer. I was going to write about how I was sure that Mike would tell you he was a real business person, selling a real product. Then I tried to go to his website after pulling off everything after the domain name. It redirects to Facebook. … mmmkay. We’ve just passed legitimate business to out and out spammer.

Now I’m intrigued

I drop the domain name into Google to see what that can tell me about it. 3rd hit is Scamdex showing an exact copy of the message I got. Hey, that’s a public link, so I clicked on it. That, too redirected to Facebook.

Hrm… So what’s going on here? Why is Mike sending out so much crap without a real website on it? I suspect that someone bought a Really Old List. More than 15 years old. My guess is, they went to a company that offered data hygiene services. In this case, the data hygiene is spamming out dozens of email to the addresses on the list. Any clicks, even on the unsub or report this links is added to a list of live users. The cleaned list then goes through a few more iterations of the spam / clean. Then it goes through a few iterations of “real” mail where complainers and non responders are removed. Then it’s dubbed “clean” and can be moved to any ESP out there.

They’ve taken off the dead addresses. They’ve taken off the people who will complain. What they’ve got left is a list that doesn’t look bad to metrics. I mean opens and clicks are going to be low, but, eh, no one has ever lost their ESP simply due to low open and click rates. (this is where one of you jumps in and tells me a horror story of being cut off… I’m pretty sure there were other factors involved, even if the final message to you was ‘low open and click rates’.)

What’s the point

Well, my initial point was going to be that mail like this was still spam, even if it advertised a legitimate company. But I was doing the lookups and research as I was writing the blog post so it kinda went off the rails when I discovered it wasn’t a real company. Then I started wondering about what they could be doing and why they were doing this.

What’s the point of the email?  Best I can come up with is list hygiene. There may be something with the phone number, as well, but there’s no way I’m calling it to find out. If anyone does, feel free to comment.

 

2 comments

  1. steve says

    It’s a real landing page operated by the spammer, one that’s choosing to redirect you to Facebook rather than the original payload.

    It could be because all they’re doing is recording clicks, but it’s at least as likely that they’re deciding whether to show you the payload based on previous clicks on the link, geolocation, browser details, time between the mail being sent and the link clicked or all sorts of other things. Not unusual behaviour from particularly nasty spammers.

    I’m about 99% sure it’s Sunbloom Marketing / The Wellbeing Zone, being run out of a nice semi-detached in North London.

  2. ifightspam says

    Hi Steve, Laura,

    You mean this company https://www.linkedin.com/search/results/people/?facetCurrentCompany=%5B%224320516%22%5D

    Also, the names of the individuals are present here https://beta.companieshouse.gov.uk/company/08256571/officers

Comment:

Your email address will not be published. Required fields are marked *

  • OTA joins the ISOC

    The Online Trust Alliance (OTA) announced today they were joining forces with the Internet Society (ISOC). Starting in May, they will operate as an initiative under the ISOC umbrella. “The Internet Society and OTA share the belief that trust is the key issue in defining the future value of the Internet,” said Internet Society President and CEO, Kathryn Brown. “Now is the right time for these two organizations to come together to help build user trust in the Internet. At a time when cyber-attacks and identity theft are on the rise, this partnership will help improve security and data privacy for users,” added Brown.No Comments


  • Friday blogging... or lack of it

    It seems the last few Friday's I've been lax on posting. Some of that is just by Friday I'm frantically trying to complete all my client deliverables before the weekend. The rest of it is by Friday I'm just tired. Today had the added complication of watching the Trumpcare debate and following how (and how soon) it would affect my company if it passed. That's been a bit distracting, along with the other stuff I posted about yesterday. I wish everyone a great weekend.1 Comment


  • Indictments in Yahoo data breach

    Today the US government unsealed an indictment against 2 Russian agents and 2 hackers for breaking into Yahoo's servers and stealing personal information. The information gathered during the hack was used to target government officials, security employees and private individuals. Email is so central to our online identity. Compromise an email account and you can get access to social media, and other accounts. Email is the key to the kingdom.No Comments


Archives