Politics

What is spearphishing?

As I’m writing this, I’m watching Deputy Atty General Rod Rosenstein discuss the indictments of 12 Russian military officers for hacking activities during the 2016 election cycle. One of the methods used to gain access to systems was spearphishing.
I think most of us know what phishing is, sending lots of emails to a wide range of people in an attempt to collect some credentials. These credentials are usually passwords to bank or email accounts, but can also be things like amazon or other accounts.
Spearphishing is an attempt to collect credentials from a specific person. The net isn’t thrown wide, to collect any credentials, rather individuals are targeted and researched. These attacks are planned. The targets are carefully researched and observed. The emails are crafted specifically for that target. If one set of emails doesn’t work, then they try again.
In terms of email marketing and deliverability, phishing is something detectable by many anti-spam filters. They’re sent in bulk, and they all look similar or identical to the filters. Spearphising isn’t as simple to detect with standard tools. What many organizations have done is try and combat this with warnings in the client. Like this one from gmail:

Security is becoming a bigger and bigger part of email filtering. I expect that as filters start addressing security more, we’ll see increased warnings like the above.
What can senders do?

Political Fraud & Spam

The Conservative Party is one of the largest political parties in the UK. They’re center-right politically (by European standards), nationalist and pro-business. You’ll often see them called the Tory party or Tories – a pejorative nickname they acquired 350 years ago.
While they’re part of the ruling coalition today, there’s a general election coming up in the next couple of weeks and they’re, well, campaigning aggressively. A group of 500 small business owners co-signed a letter to the Telegraph (a mainstream UK newspaper that supports the Conservatives consistently enough that it’s widely known as the Torygraph) expressing strong support for Conservative economic policies and drumming up votes for the election.
So far, nothing unusual. So why am I talking about it? And why am I talking about it here, on an email blog?
As people began to look at the letter, the story began to unravel. First, the letter was published on the Telegraph website as a PDF – and the PDF metadata showed it had been written by the Conservative’s press office, not a group of small businesses.

https://twitter.com/GabrielScally/status/592476275362529280

Then it turned out that many of the signatories seemed to have signed it multiple times, each representing slightly different company names. Somebody didn’t dedupe their purchased list, it seems.
When contacted, many of the signatories denied signing anything. Several of them did mention receiving email (spam?) and clicking on a link.

A series of tubes

The Internet and pundits had a field day with Senator Stevens, when he explained the Internet was a series of tubes.
I always interpreted his statement as coming from someone who demanded an engineer tell him why his mail was delayed. The engineer used the “tube” metaphor to explain network congestion and packets and TCP, and when the Senator tried to forward on the information he got it a little wrong. I do credit the Senator with trying to understand how the Internet works, even if he got it somewhat wrong. This knowledge, or lack there of, drove his policy positions on the issue of Net Neutrality.
In the coming years, I believe we’re going to be seeing more regulations around the net, both for individuals and for corporations. These regulations can make things better, or they can make things worse. I believe it’s extremely important that our elected officials have a working understanding of the Internet in order to make sensible policy. This understanding doesn’t have to be in their own head, they can hire smart people to answer their questions and explain the implications of policy.
Apparently I’m not the only one who thinks it is important for our elected officials to have a working knowledge of technology. Paul Schreiber put up a blog post comparing the website technology used by the current Presidential candidates. Do I really expect the candidate to be involved in decisions like what domain registrar or SSL certificate provider to use? No. But I do expect them to hire people who can create and build technology that is within current best practices.

Update on Herman Cain advertising male enhancement drugs

Shawn Studer from newsmax.com contacted me today with a statement about the Herman Cain mailing list.

The perils of politics

I’ve talked a little bit about political and activist mail in the past. In general, I believe political mailers tend to be aggressive in their address collection techniques and sloppy in acquiring permission.
For the most part, politicians can get away with aggressive email marketing in a way that commercial emailers can’t always. The laws for commercial email don’t really apply to political emails. Politicians and activists don’t have to comply with CAN SPAM. They don’t even have to stop mailing if you opt-out. They don’t have to identify themselves the way commercial emailers do. They trade, sell, barter and borrow voter data, including email addresses.
This doesn’t mean the politicians don’t get blocked. They most certainly do suffer delivery consequences to their behaviour.
Well, today I saw another article talking about the pitfalls of political mailings. According to US News, a number of people who are unlikely to be Republican supporters were reporting that they were spammed by the Romney campaign.
The Romney campaign says it wasn’t them, and that they are only sending mail to people who signed up to receive it. This is possible, the article at US News says that the signups came from an IP address that is part of the Tor network. What is Tor? Tor is a way to hide your location on the internet. Ever watch a crime show and see the master geek track a bad guy all over the world by IP address? That’s basically what Tor does.
It’s very possible someone did find a list of email addresses of people guaranteed to be angry about getting mail from the Romney campaign. It’s very possible they used Tor nodes to submit those addresses the campaign lists. It’s been known to happen, and it’s not like this election is getting any less contentious as we get closer to November.
Forged subscriptions are a problem for every activist and political mailing list. But most of them don’t take any steps to protect themselves from maliciousness. Welcome emails, confirmation emails, audit trails, monitoring can help minimize the chance of subscribing a lot of people who don’t want that mail. Most political and activist groups won’t take that step, though. They’d rather increase lists by any means necessary without adding any controls on making sure those addresses are valid.
The irony is that the first thing activists blame when they do have email delivery problems is their political opponents forging addresses into their list. But they still push back against actually implementing controls and protections against the practice.
As with many things, politicians want to have their cake and eat it too. They want the extra volume that comes from indiscriminate signups, but don’t think that should cause them any problems. It doesn’t work that way in the real world, though.

Barack Obama vs Mitt Romney

@LorenMcDonald over at SilverPop has an interesting comparison of the email marketing habits of the two presidential campaigns:

Censorship, email and politics

Spamfiltering blocks email. This is something we all know and understand. For most people, that is everyone who doesn’t manage an email server or work in the delivery field or create spamfilters, filtering is a totally unseen process. The only time the average person notices filters is when they break. The breakage could be blocking mail they shouldn’t, or not blocking mail they should.
Yesterday, a bunch of people noticed that Yahoo was blocking mail containing references to a protest against Wall Street. This understandably upset people who were trying to use email as a communication medium. Many people decided it was Yahoo (a tool of the elites!) attempting to censor their speech and stop them from organizing a protest.
Yeah. Not so much.
Yahoo looked into it and reported that the mail had gotten caught in their spam filters. Yahoo adjusted their filters to let the mail through and all was (mostly) good.
I don’t think this is actually a sign of filters being broken. The blocked mail all contained a URL pointing to a occupywallst.com. I know there was a lot of speculation about what was being blocked, but sources tell me it was the actual domain. Not the phrase, not the text, the domain.
The domain was in a lot of mostly identical mail coming out of individual email accounts. This is a current hallmark of hijacked accounts. Spammers compromise thousands of email accounts, and send a few emails out of each of them. Each email is mostly identical and points to the same URL. Just like the protest mail.
There was also a lot of bulk mail being sent with that URL in it. I’ve been talking to friends who have access to traps, and they were seeing a lot of mail mentioning occupywallst.com in their traps. This isn’t surprising, political groups have some horrible hygiene. They are sloppy with acquisition, they trade names and addresses like kids trade cold germs, they never expire anything out. It’s just not how politics is played. And it’s not one party or another, it’s all of them. I’ve consulted with major names across the political spectrum, and none actually implement best practices.
As I have often said the secret to delivery is to not have your mail look like spam. In this case, the mail looked like spam. In fact, it looked like spam that was coming from hijacked accounts as well as spam sent by large bulk mailers. I suspect there was also a high complaint rate as people sent it to friends and family who really didn’t want to hear about the protests.
To Yahoo!’s credit, though, someone on staff was on top of things. They looked into the issue and the filter was lifted within a couple hours of the first blog post. A human intervened, overruled the algorithm and let the mail out.
I bet this is one of the few times anyone has seen that Yahoo does outbound filtering. Given it’s a politically charged situation, I can see why they assume that Yahoo is filtering because of politics and censorship. They weren’t though.
More on politics, filtering and censorship.

They’re not blocking you because they hate you
It really can be your email
More on Truthout
Another perspective on the politico article

Blasting the message!

Sending frequency is an important part of any email campaign. Too little mail and recipients forget about the mail and don’t open it when it does arrive. Too much mail and folks start complaining, like John Cole over at Balloon Juice.

How not to build a mailing list

I mentioned yesterday one of the major political blogs launched their mailing list yesterday. I pointed out a number of things they did that may cause problems. Today, I discovered another problem.
This particular blog has been around for a long time, probably close to 10 years. It allows anyone to join and create their own blogs and comment with registered users. As part of their new mailing list, they added everyone who has ever registered to their mailing list. They did not send a “we have a new list, want to join it?” email, they added every registered user to the list and said “you can opt out if you want.”
This is such a bad idea. My own account was used once, to make one comment, back in 2005. Yes, 2005. It’s been almost 5 years since I last logged into the site. Sure, I have email addresses that go back that far, but not everyone does. That list is going to be full of problems: dead addresses, spamtraps, duplicates, unengaged and uninterested.
Seriously, they’re adding people who’ve not logged into their site in 5 years to a mailing list. How can this NOT go horribly wrong?
My initial thought was this was going to blow up in a week. I’m now guessing they’ll start seeing delivery problems a lot sooner than that.

Email and politics

I occasionally consult for activists using email. Their needs and requirements are a little different from email marketers. Sure, the requirements for email delivery are the same: relevant and engaging mail to people who requested it. But there are complicating issues that most marketers don’t necessarily have to deal with.
Activist groups are attractive targets for forged signups. Think about it, when people get deeply involved in arguments on the internet, they often look for ways to harass the person on the other end of the disagreement. They will often signup the people they’re disagreeing with for mailing lists. When the disagreements are political, the logical target is a group on the other side of the political divide.
People also sign up spamtraps and bad addresses as a way to cause problems or harass the political group itself. Often this results in the activist group getting blocked. This never ends well, as instead of fixing the problem, the group goes yelling about how their voice is being silenced and their politics are being censored!!
No, they’re not being silenced, they’re running an open mailing list and a lot of people are on it who never asked to be on it. They’re complaining and the mail is getting blocked.
With that as background, I noticed one of the major political blogs announced their brand new mailing list today. Based on their announcement it seemed they that they may have talked to someone who knew about managing a mailing list.