TWSD: Lying and Hiding

Another installment in my ongoing series: That’s What Spammers Do. In today’s installment we take a look at a company deceiving recipients and hiding their real identity.
One of my disposable addresses has been getting heavily spammed from mylife.com. The subject lines are not just deceptive, they are provably lies. The mail is coming from random domains like urlprotect.com or choosefrequency.com or winnernotice.com advertising links at safetyurl.com or childsafeblogging.com or usakidprotect.com.
The spam all claims someone is “searching for…” at their website. The only thing is, the email address is associated with a fake name I gave while testing a website on behalf of a client. I know what website received the data and I know what other data was provided during the signup process. I also know that the privacy policy at the time said that my data would not be shared and that only the company I gave the information to would be sending me email.
Just more proof that privacy policies aren’t worth the paper they’re written on. But that’s not my real issue here.
The real issue is that I am receiving mail that is clearly deceptive. The subject lines of the emails up until yesterday were “(1) New Message – Someone Searching for You, Find Out…” Yesterday, I actually clicked through one of the messages to confirm that the emails were ending up at mylife.com. After that, the subject lines of the emails changed to “(1) New Person is Searching for You.”  I don’t know for sure that my click has caused the change in subject lines, but the timing seems a bit coincidental.
It’s not that someone, somewhere gave mylife.com bad data, or that someone typed a name into the mylife.com search engine and the mylife.com database showed that name and my email address were the same. Neither this name or this email address show up in a google search and I can say with certainty that this is a unique address and name combination given to a specific website. Therefore, the subject lines are clearly and demonstrably lies.
The spams are also coming from different domains and advertising links in different domains. The content is identical, the CAN SPAM addresses are identical. While the court may not rule this is deceptive under the rules of CAN SPAM, it certainly is an attempt to avoid domain level spam filters.
Who are mylife.com? Well, their website and the CAN SPAM address on their spam claims they are the company formerly known as reunion.com. I’ve talked about reunion.com here before. They have a history of harvesting addresses from users address books. They were sued for deceptive email practices under California law, but won the case just recently. They seem to think that the court case was permission to send deceptive email and have thus ramped up their deceptive practices.
If you are a legitimate email marketer, there are a couple take home messages here.
1) Spammers send mail with different domains, from different IP addresses, that contain identical content, landing pages and CAN SPAM addresses. Legitimate marketers should not rotate content and sends through different domains or different IP addresses. Pick your domain, pick your IP and stick with it.
1a) Spammers use randomly chosen domain names and cycle through domains frequently. Legitimate marketers must not use unrelated domains in marketing. Use a domain name that relates to your product, your industry or you.
2) Spammers send mail with deceptive subject lines. Legitimate marketers should make sure their subject lines are clear and truthful.
3) Spammers send mail in violation of the privacy policy under which information was collected. Legitimate marketers should be very careful to handle data in accordance with their privacy policies.
That’s what spammers do. Is that what you do?

Related Posts

Privacy policies in court

Venkat has an analysis of a case where an individual provided a unique address to a vendor and that vendor released the address in violation of the posted privacy policy. The federal court rejected the suit due to the failure of the plaintiff to provide evidence of harm.
I posted last week about privacy policies and how often they are intentionally or unintentionally violated and when email addresses leak. Courts have consistently ruled against plaintiffs. It seems that the courts believe merely revealing information, even in contradiction to a posted privacy policy, is not actionable by the plaintiff.
As a consumer, I really don’t like the ruling. If a company is going to post a privacy policy, then they should follow it and if they don’t, I should be able to hold them responsible for their lies. Back in the land of reality, I am not surprised at the rulings. Individuals have never owned their personal information, it is the property of the people who compile and sell data
It does mean, however, that privacy polices are not worth the paper they’re written on.

Read More

But that's what spammers do!

A few weeks ago I was asked my opinion about a delivery situation. It seems that a sender wanted to mail to a purchased email list. They asked what I thought about getting fresh IP addresses and domains to use to send mail to the purchased list. “We know we’re going to get complaints, probably hit spamtraps and generally have problems with the first few sends of the list. We want to do this without harming our reputation. We figure if we move over to different domains and different IP addresses than we can send this mail and not suffer a reputation hit.”
Uh. Yeah. That’s what spammers do. They split off their mail into discrete sets so that they can spam with impunity and still have one or two ranges that have a good reputation and decent delivery. Some spammers have taken the discrete companies to extremes, and have a series of companies. They purchase a new list and send it through their companies one by one. At each step, they aggressively purge off bounces and complainers. Gradually, they move the list through their steps, resulting in a list that generates few complaints that they can send through their high reputation companies with few delivery problems.
Sure, legitimate mailers can do the same type of thing. But how legitimate can a sender be if they are using spammer tactics? And these are not mailers unwittingly doing something that spammers also do, these are mailers who are using spammer tactics for exactly the same reason spammers do it. They are trying to send mail people do not want, but send it in a way that does not negatively affect their bottom line.
Spammers hide and try to avoid their bad reputation. Legitimate mailers do not.

Read More

How to devalue your mailing lists

This morning I got spam about college basketball – Subject: Inside: your ESPN Tourney Guide. That’s anything but unusual, but this spam got through my spam filters and into my inbox. That’s a rare enough event that I’m already annoyed before I click on the mail in order to mark it as spam.
Wait a second, the spam claims to be from Adobe. And it’s sent to a tagged address that I only gave to Adobe. Sure enough, it’s Adobe and ESPN co-branded spam about college basketball sent to an Adobe list.
Down at the bottom of the email there’s a blob of tiny illegible text, in very pale grey on white. Buried in there is an opt-out link: “If you’d prefer not to receive e-mail like this from Adobe in the future, please click here to unsusbscribe“.
I’d prefer not to receive college sports spam from anyone, including Adobe, so I click on it and find a big empty white webpage with this in the middle of it:

Read More