BLOG

Mike might be spamming, but why?

I’ve been talking a lot about ongoing B2B spam. That is, where senders drop your address into some sort of automation, that sends mail from gmail or amazon and just spams and spams and spams. This is what my mailbox looked like this morning

Yes, every one of those emails is sent to the same address. “you are still using the address laura-info@…” Well, no, actually. That was the original address I used as part of our contact on the first iteration of the WttW website. I stopped using that address somewhere around 2002? 3? It’s been a very long time in any case.

Folks, B2B spam is still spam. It doesn’t matter if you register a new domain and use Gmail as your outbounds as a way to avoid filters.

It doesn’t matter…

… if it’s to a business address.

… if you think it’s relevant to the recipient.

… if you correctly de-dupe your list.

… if it doesn’t look like this in the recipients mailbox.

This is a blatant example that makes it clear Mike is a spammer. I was going to write about how I was sure that Mike would tell you he was a real business person, selling a real product. Then I tried to go to his website after pulling off everything after the domain name. It redirects to Facebook. … mmmkay. We’ve just passed legitimate business to out and out spammer.

Now I’m intrigued

I drop the domain name into Google to see what that can tell me about it. 3rd hit is Scamdex showing an exact copy of the message I got. Hey, that’s a public link, so I clicked on it. That, too redirected to Facebook.

Hrm… So what’s going on here? Why is Mike sending out so much crap without a real website on it? I suspect that someone bought a Really Old List. More than 15 years old. My guess is, they went to a company that offered data hygiene services. In this case, the data hygiene is spamming out dozens of email to the addresses on the list. Any clicks, even on the unsub or report this links is added to a list of live users. The cleaned list then goes through a few more iterations of the spam / clean. Then it goes through a few iterations of “real” mail where complainers and non responders are removed. Then it’s dubbed “clean” and can be moved to any ESP out there.

They’ve taken off the dead addresses. They’ve taken off the people who will complain. What they’ve got left is a list that doesn’t look bad to metrics. I mean opens and clicks are going to be low, but, eh, no one has ever lost their ESP simply due to low open and click rates. (this is where one of you jumps in and tells me a horror story of being cut off… I’m pretty sure there were other factors involved, even if the final message to you was ‘low open and click rates’.)

What’s the point

Well, my initial point was going to be that mail like this was still spam, even if it advertised a legitimate company. But I was doing the lookups and research as I was writing the blog post so it kinda went off the rails when I discovered it wasn’t a real company. Then I started wondering about what they could be doing and why they were doing this.

What’s the point of the email?  Best I can come up with is list hygiene. There may be something with the phone number, as well, but there’s no way I’m calling it to find out. If anyone does, feel free to comment.

 

2 comments

  1. steve says

    It’s a real landing page operated by the spammer, one that’s choosing to redirect you to Facebook rather than the original payload.

    It could be because all they’re doing is recording clicks, but it’s at least as likely that they’re deciding whether to show you the payload based on previous clicks on the link, geolocation, browser details, time between the mail being sent and the link clicked or all sorts of other things. Not unusual behaviour from particularly nasty spammers.

    I’m about 99% sure it’s Sunbloom Marketing / The Wellbeing Zone, being run out of a nice semi-detached in North London.

  2. ifightspam says

    Hi Steve, Laura,

    You mean this company https://www.linkedin.com/search/results/people/?facetCurrentCompany=%5B%224320516%22%5D

    Also, the names of the individuals are present here https://beta.companieshouse.gov.uk/company/08256571/officers

Comment:

Your email address will not be published. Required fields are marked *

Archives