TWSD: breaking the law

I tell my clients that they should comply with CAN SPAM (physical postal address and unsubscribe option) even if the mail they are sending is technically exempt. The bar for legality is so low, there is no reason not to.
Sure, there is a lot of spam out there that does not comply with CAN SPAM. Everything you see from botnets and proxies is in violation, although many of those mails do actually meet the postal address and unsubscribe requirements.
One of my spams recently caught my eye today with their disclaimer on the bottom: “This email message is CAN SPAM ACT of 2003 Compliant.” The really funny bit is that it does not actually comply with the law. Even better, the address it was sent to is not published anywhere, so the company could also be nailed for a dictionary attack and face enhanced penalties.
It reminds me of the old spams that claimed they complied with S.1618.

In accordance with Bill S.1618 Title III passed by the 105th U. S. Congress, this letter can not be considered spam as long as we include: (1) Contact information and (2) a way to be removed from future mailings.

That bill was passed, but never signed into law. That did not stop spammers from adding the disclaimer to spam, though. When I was working as abuse@ we actually treated the presence of the Murkowski disclaimer (the original bill was sponsored by Senator Murkowski) as a defacto sign that our customer was spamming. It was not a bad rule of thumb, either. People who used that disclaimer usually did not have permission to send the mail they were sending. Murkowski disclaimers were common up until mid-2003, and every once in a while they will still be seen in spam.
All readers who may be thinking of actually buying SEO services, avoid Internet-marketing-one.com. They may tell you they will comply with the law, but if their spam is any evidence they do not.

Related Posts

Just Leave Me Alone Already

I tend to avoid online sites that require you to register and provide information including email addresses. In my experiences companies cannot resist sending email and my email load is extremely heavy and I want less email, not more. Sometimes, though, what I need to do requires an online registration and giving an email address to a company I would really prefer not to have it.
Recently, I had to register online with AT&T Wireless. My iPhone was getting repeated text spams and I wanted it to stop. The only way to do this is register online. Registering online required giving them an email address.
The text spam has stopped, but they have been sending me almost daily emails since then. Each email has an opt-out, and I have availed myself of every opportunity to opt-out. Each opt-out link takes me to a different site, a different page, a different process.
In two of the cases, AT&T seems to be violating the new CAN SPAM provisions. For one, I had to tell them what I wanted to opt-out of (email or phone) and then was taken to a page where I had to input my cell number, my email address and request to be removed. In another case,  I was forced to login to my online wireless account and then was able to change preferences. In only one of the 3 opt-outs I have requested, was the opt-out form actually a single click, just requiring my email address.
I am wondering just how many mailing lists AT&T added my address to and how often they will continue sending me mail after their 10 days are up. It is this level of frustration, that mail just keeps coming and coming and coming even after the recipient has repeatedly attempted to opt-out, that causes people to hit the “this is spam” button on mail that the sender thinks is opt-in.
But, really, AT&T, please stop sending me mail that I never asked for, and that I have repeatedly asked you to stop sending me by jumping through your hoops. Oh, and you may consider sharing the opt-out data with all the same internal groups that you shared my email address with initially.

Read More

McColo goes offline

Last week a major player in the botnet arena was taken offline when they were shutdown by their upstream provider.  With the demise of McColo, there has been a 30 – 50% drop in the amount of spam as measured by any number of different techniques. The CBL team has posted an article about their view of the McColo disconnection, which includes links to press articles about the shutdown. Spamhaus has their own take on the shutdown and another collection of links to articles about the shutdown.
In my own mailbox, I have noticed a drastic decrease in the amount of spam over the last week. I am too jaded to expect that the change is permanent, but it is nice while it lasts.

Read More

Monitoring customers at ESPs

In the past I’ve talked about vetting clients, and what best effort encompasses when ESPS try to keep bad actors out of their systems. But what does an ESP do to monitor clients ongoing? Al Iverson from ExactTarget says that they:

Read More