Steve and I were talking this evening and I mentioned to him that I got “a lot of spam that wasn’t really spam. Know what I mean?”
He did. But if I tell that to you, what does it mean to you?
More on this in a couple days, but I’m onsite at a client’s for the next few days so it may take me a plane ride home to put all the thoughts down.
One of the challenges anyone doing business on the internet faces is how to provide contact information so that potential customers can reach you in a form that spammers can’t easily abuse. Contact forms are the classic method, but they can (and are) abused by spammers. We decided to try something different. About 2 months ago, we started using rotating contact addresses. Every day a new address is deployed on the contact form on our website. Each address is valid for a fixed period of time, and is then retired.
This seems to be working well for us. Spammers are harvesting the email addresses, but because they are only valid for a fixed period of time, the amount of spam in my mailbox is not overwhelming. I am spending less time searching for sales mails through spam. An interesting side effect is I can actually see who is harvesting addresses and spamming.
It’s not perfect, I’m still getting spam to that address. But it’s spam at a level where I’m not losing real mail.
Twitter and some of the other delivery blogs are all abuzz today talking about the consumer survey released by MAAWG (pdf link, large file) looking at end user knowledge and awareness of email security practices.
The survey has a lot of good data and I strongly encourage people to look at the full report. There are a couple of results that are generating most of the buzz, including the fact that nearly half of the respondents have clicked on a link or replied to a spam email. Additionally, 17% of respondents said they made a mistake when they clicked on the link.
The magic statistic, though, is that 12% of the respondents said that they responded to spam because they were interested in the products or services offered in the spam. This, right there, is one of the major reasons why spam continues and is a growing problem. Out of 800 people surveyed, almost 100 of them were interested enough in the products sold by spam to respond positively. There are roughly 1.6 billion people on the Internet, which gives spammers a market of 200 million people for their spam.
Other studies have seen similar responses, that is consumers do respond to spam. Most surveys don’t define spam, however, and given a lot of consumers call “mail I don’t like” or “all commercial email” as spam it’s hard to know what the respondents are responding too. In some studies, some respondents even defined mail from companies that they had given their email address to, but had not explicitly asked for email from as spam. In this study MAAWG did request how the respondent defined spam. Of the respondents, 60% say spam is mail they did not solicit, and 41% say spam is mail that ends up in the spam folder. Given that 60% of respondents define spam as “unsolicited email” it is possible that some people are responding to mail they never requested.
Sad news for those of us who were hoping that lack of consumer response would make spamming unprofitable enough that spammers would stop.
The crosstab between “how do you define spam” and “how do you react to spam” may be an interesting data set to see.
Spammers and spamming companies have elevated obfuscating their corporate identities to an artform. Some of the more dedicated, but just this side of legal, spammers set up 3 or 4 different front companies: one to sell advertising, one or more to actually send mail, one to get connectivity and one as a backup for when the first three fail. Because they use rotating domain names and IP addresses all hidden behind fake names or “privacy protection services”, the actual spammer can be impossible to track without court documents.
One example of this is Ken Magill’s ongoing series of reports about EmailAppenders.
Aug 5, 2008 Ouch: A List-Purchase Nighmare
Sept 9, 2008 Umm… About EmailAppenders’ NYC Office
Sept 15, 2008 E-mail Appending Plot Thickens
Nov 11, 2008 EmailAppenders Hawking Bogus List, Claims Publisher
Dec 23, 2008 Internet Retailer Sues EmailAppenders
Feb 1, 2009 EmailAppenders Update
Mar 10, 2009 Another Bogus E-mail List Claimed
April 14, 2009 EmailAppenders a Court No-Show, Says Internet Retailer
April 21, 2009 EmailAppenders Gone? New Firm Surfaces
May 5, 2009 EmailAppenders Back with New Web Site, New Name
Their actions, chronicled in his posts, are exactly what I see list providers, list brokers and “affiliate marketers” do every day. They hide, they lie, they cheat and they obfuscate. When someone finally decides to sue, they dissolve one company and start another. Every new article demonstrates what spammers do in order to stay one step ahead of their victims.
While Ken has chronicled one example of this, there are dozens of similar scammers. Many of them don’t have a persistent reporter documenting all the company changes, so normal due diligence searches fail to turn up any of the truth. Companies looking for affiliates or list sources often fall victim to scammers and spammers, and suffer delivery and reputation problems as a result.
Companies that insist on using list sellers, lead generation companies and affilates must protect themselves from these sorts of scammers. Due diligence can be a challenge, because of the many names, domains and businesses these companies hide behind. Those tasked with investigating affiliates, address sources or or mailing partners can use some of the same investigative techniques Ken did to identify potential problems.