Profiting off spam

The FTC filed suit against Match.com for using fake accounts to entice people into signing up for accounts. (WA Post) Part of the FTC’s allegations include that Match flagged the accounts and prevented them from contacting paying Match users while simultaneously allowing the users to contact free Match users.

Image of a courthouse.

I’m actually surprised the FTC took action. I’m not surprised Match allowed, and possibly even encouraged, fraudulent accounts to send mail to registered users. The revenue they were making from the fraud was significant, according to Match’s own numbers.

Hundreds of thousands of consumers subscribed to Match.com shortly after receiving a fraudulent communication. In fact, Defendant has consistently tracked how many subscribers these communications have generated, typically by measuring the number of consumers who subscribe to Match.com within 24 hours of receiving an advertisement that touts a fraudulent communication. From June 2016 to May 2018, for example, Defendant’s analysis found that consumers purchased 499,691 subscriptions within 24 hours of receiving an advertisement touting a fraudulent communication. FTC Complaint (.pdf)

What doesn’t surprise me is that Match didn’t stop the outbound abuse. There are a lot of technology companies that will protect their own users and their own networks, while continuing to profit off of abuse of other networks. I’ve repeatedly talked with companies having delivery problems and pointed out that the fraud was a likely part of the delivery problems. I’ve rarely found any company that cared about fraud that was making them money.

An open is not permission
Tulsi v. Google: 1st amended complaint

Related Posts

Facebook scams move to LinkedIn

There’s a fairly common Facebook scam where someone clones an account, then sends out friend requests to friends of that person. This actually happened to a friend over the holiday break. The only problem was that most of the folks who got friend requests were actually security people. Security people who thought it was very, very funny to play along with said scammer.
The scam account didn’t last long, partly because FB security is pretty good and partly because a few of the folks the scammer invited were FB employees. I’m sure, though, that for a brief moment the scammer thought he’d found the motherlode of scam victims.
Today I got a similar scam on LinkedIn. A very bare account with little in the way of information about who this was.
LI_Scam_Profile
I don’t like connecting with these kinds of profile. But, the name does sound vaguely familiar. So I do a little Googling. And I find another LinkedIn profile for the same person, but this profile has a lot more info: A picture, a statement, 500+ connections, all the things one expects from a real person on LinkedIn.
So yes, Facebook scams have rolled over to LinkedIn. Be careful out there, folks. Pay attention to who you’re friending on all social media, not just FB or LinkedIn. Discretion is the better part of valor and all.

Read More

News in the email space

Various things happening in the email space recently that are worth mentioning but don’t have enough to justify a whole blog post.
Verizon announced a new umbrella company for the AOL and Yahoo media properties, including things like Engadget, Huffington Post. Based on the various press articles I’ve seen this doesn’t appear to affect the email handling for either set of domains.

Read More

March 2017: The Month in Email

It’s that time again… here’s a look at our last month of blog posts. We find it useful to recap each month, both to track trends and issues in email delivery and to provide a handy summary for those who aren’t following along breathlessly every single day. Let us know if you find it useful too!

As always, I wrote about email filters. It’s so important to recognize that filters aren’t arbitrary — they’re detailed instructions that help meet specific user needs, and the more you are cognizant of that, the better you’ll be able to work with them. Additionally, filters aren’t perfect and likely never will be. False positives and false negatives are frustrating, but as long as spam is still a viable business for spammers, they’ll continue to figure out how to work around filters. As such, we can’t expect filters to be 100% accurate in determining what constitutes wanted and unwanted mail.
Part of this, of course, is due to the problem of fraudulent signups. Companies aren’t particularly vigilant about address acquisition and hygiene, and as a result, they’ll claim you “signed up” for their email when you did not. Some people believe that a confirmed opt-in (COI) will solve this problem, but our experience is companies are reluctant to leave revenue on the table, and that they will continue to mail to addresses that have not confirmed.
Address sharing and co-reg is also part of the problem. As we saw in the extensive RCM data breach, many major brands continue to work with third-party senders to send mail in ways that are quite clearly spam. And in more criminal activity, I looked at the rise of botnets and how some of those criminals were brought to justice. In other justice news, there’s been an indictment in the Yahoo breach and another CASL enforcement action.
I wrote a post about bounce handling and “relaying denied” error messages, which are quite rare. It’s useful to have an understanding of these and other error messages, since bounces are sometimes indicative of a larger technical issue, such as when AOL accidentally bounced all messages for a short period last week. Speaking of AOL, we noted that there’s no official timeline for the move from Verizon addresses to AOL addresses following the 2015 acquisition, but it may be worth considering asking your customers to update their addresses.
Spam and filters aren’t the only factors of course. It can be challenging to figure out the multiple factors that make up the black box of delivery. And of course, the most important part of delivery continues to be engagement, engagement, engagement.
I wrote a few posts this month on why I do what I do, and why it’s so important to me. First, I wrote about A Day Without A Woman, and my choice not to participate in offering advice and guidance for that day. The truth is that I enjoy sharing what I know and helping people solve problems. I was honored to be named one of 11 Innovators in Email, and I know that my volunteer work in the industry and my unpaid blogging work is a big part of that. It may sound corny, but I really do believe we are on the front lines of the fight of good vs. evil online, and despite the distractions of politics and world events, we must all continue to do our part.

Read More