Question from the comments

On yesterday’s post there is a question in the comments that I think needs a bit more discussion.

I guess the real question as a recipient is if you are getting so much spam that you cannot spot the good from the chaff, what did you do to start with to get your address syndicated on so many bad lists?

There are a lot of ways spammers get addresses. Some of them rely on users to submit email addresses to various web forms. Many of them don’t.

  1. Having an email address for a long time. The address I’ve had for 15+ years (and stopped actively using for any mail in mid 2003) gets a lot of spam.
  2. Have an email address in any sort of public place. The two email addresses I have on webpages get lots of spam. One of those addresses is actually the contact address for Word to the Wise sales and receives perhaps 3 or 400 spams a day.
  3. Send email to someone who subsequently gets infected with a virus. Viruses are scraping computers and sending lists of email addresses back to the mother ship.
  4. Send email to any public mailing list.
  5. Sign up with a trustworthy company that subsequently gets hacked and their list stolen. My addresses have leaked from such giant companies as Intuit and Sony.
  6. Just have an email address, even if you never use it or never give it to anyone. There is a lot of very bad spamware out there that will create email addresses. I get lots of spam to laura-infodd@ and laura-infonn@ addresses. These are not tagged addresses I’ve ever used anywhere, but they’re getting spam (hundreds a day).

Not every bit of spam is a result of what the recipient has done. Having the same email address for more than a year or 18 months means that it is out there and the spammers find it, even if the recipient is very careful with where they give the address. For instance, one of my email addresses has never been used to sign up for any commercial email, but received almost 300 spams yesterday.
Spammers will find you, even if you closely protect your email address.

Related Posts

McColo goes offline

Last week a major player in the botnet arena was taken offline when they were shutdown by their upstream provider.  With the demise of McColo, there has been a 30 – 50% drop in the amount of spam as measured by any number of different techniques. The CBL team has posted an article about their view of the McColo disconnection, which includes links to press articles about the shutdown. Spamhaus has their own take on the shutdown and another collection of links to articles about the shutdown.
In my own mailbox, I have noticed a drastic decrease in the amount of spam over the last week. I am too jaded to expect that the change is permanent, but it is nice while it lasts.

Read More

Email and the Obama Campaign

Late in the summer there were people talking about the spam coming from Senator Obama’s presidential campaign. At that time, most of the discussion was focused on the open subscription form on their website and that there were some individuals who had been fraudulently signed up and were now receiving email from the campaign.
Last week, the Senator’s campaign again became a topic of discussion among some anti-spam groups. The maintainer of one of the more respected public blocklists and members of his family received mail from Senator Obama’s presidential campaign at their personal addresses. Because the mail was unsolicited and met the qualifications for listing, the sending IP addresses were listed on the blocklist. In response, the campaign’s ESP started moving the Senator’s mail to other IP addresses, resulting in those IPs also being listed on the blocklist as well.
I talked with the blocklist maintainer and I believe that his address, and those of his family members, were added to the Senator’s mailing list as the result of an email append. All of them are registered Democrats and they all live in a battleground state.
This may have made for good campaign strategy, not being an expert I cannot comment on that. It is, however, very poor email marketing strategy.
First, the campaign decided to appropriate permission to send email. There is not ever permission associated with an email append. Just because you have a name and a street address does not mean that you have permission to send email. In very, very limited circumstances, an opt-in append (click here to continue receiving email) may be acceptable. However, that is not how appending is normally done.
There is no pretense of permission to send email. Just because someone is registered to a particular party does not mean they want to receive email from that party.
Second, when the campaign started seeing delivery problems they started sending off different IP addresses. Moving IPs around is out and out spammer behavior, no questions asked.
Now, I know this is a very hotly contested election and I know that some people believe that any method of getting the word out is good. I also expect that there may have been some positive reaction from recipients. The overall reaction, based on the IPs changing, may not have been so positive.
Do I really believe that Senator Obama is a evil and willful spammer? No, not really. But that does not change the fact that the Obama campaign seems to be sending email without the permission of the recipient and seem to be attempting to evade blocks by moving IP addresses.
From a marketing perspective, the campaign may be using email effectively and doing everything right. But from an email delivery perspective, they are getting many, many of the basics wrong and are looking like spammers in the process.
Other news and blogs that talk about spam from the Obama campaign:

Read More

McCain Campaign Spamming

As I mentioned in my post on spam from the Obama campaign, there have been reports of spam coming from the McCain campaign. However, the McCain campaign does not seem to be sending the volume of mail that the Obama campaign is, and so they are not as visible.
A recent post over at Denialism Blog shows that the McCain campaign has some of the same problems as the Obama campaign. Chris talks about the unsubscribe options he is presented when trying to stop the spam he is receiving. He suggests the campaign adds another option:

Read More