White House sending spam?

There has been some press about political spam recently. People are receiving email from the White House that they have not opted into. At a recent press conference a reporter challenged the press secretary to defend the practice.
Chris Wheeler over at Bronto blog points out that CAN SPAM doesn’t apply as this is political mail, and CAN SPAM only covers commercial email. He also notes that most of the mail came from “forward to a friend” links which the sender has little to no control over.
Gawker has a post up “Everything you need to know about Obama’s Spam-Gate.”
There are a lot of issues here. Chris asks a number of questions on his blog, that I encourage people to think about.

  1. Do you think it’s fair that political emails are exempt from CAN-SPAM?
  2. Should “Tell a Friend” be an option on a heated topic such as this that will inevitably land in some folks’ inboxes and peeve them?
  3. Is it enough for the White House to say it only sent to recipients who opted in at the site or should they provide further evidence of this position?
  4. Do you believe politicians, including but not limited to those in the White House, engage in using rented lists?

I have some other thoughts on the subject. Mostly centered around how difficult the complainers are making it for the White House to investigate this.
Refusing to turn over email addresses to abuse desks or senders is one of the things that can be a good idea or may not be a good idea. But if you don’t turn over the email address where you received spam, then you have to accept the fact that the sender may not be able to answer the question “Why did I get this mail?” (aka, why are you spamming me!?!?!).
It may be that the White House is buying lists and spamming. It’s just as likely that there are other explanations. People politically involved online do sometimes put email addresses of people they disagree with in signup forms, and then all of it sudden it looks like The Other Side is spamming. It could be a forward to a friend process where individuals are forwarding mails to friends (and enemies!). It could be any number of things.
The only way the truth is going to be known is if people who received the mail provide full copies of the mail, including headers, and if the White House ESP folks have the ability to audit the source of the addresses. Without both of those things, it can be impossible to determine why a particular recipient received spam.

Failed delivery of permission based email
Yahoo and Verizon

Related Posts

What Mark Said

Mark Brownlow skewers the arguments from opt-out proponents. A definite must read.

Read More

Contact addresses and spam

One of the challenges anyone doing business on the internet faces is how to provide contact information so that potential customers can reach you in a form that spammers can’t easily abuse. Contact forms are the classic method, but they can (and are) abused by spammers. We decided to try something different. About 2 months ago, we started using rotating contact addresses. Every day a new address is deployed on the contact form on our website. Each address is valid for a fixed period of time, and is then retired.
This seems to be working well for us. Spammers are harvesting the email addresses, but because they are only valid for a fixed period of time, the amount of spam in my mailbox is not overwhelming. I am spending less time searching for sales mails through spam. An interesting side effect is I can actually see who is harvesting addresses and spamming.
It’s not perfect, I’m still getting spam to that address. But it’s spam at a level where I’m not losing real mail.

Read More

Fake privacy policies

I sign up at a lot of websites and liberally spray email addresses across the net. These signups are on behalf of one customer or another and each webform gets its own tagged and tracked email address. I always have a specific goal with each signup: getting a copy of a customer’s email, checking their signup process, auditing an affiliate on behalf of a customer or identifying where there might be a problem in a process. Because I have specific goals, I am pretty careful with these signups and usually uncheck every “share my email address” box I can find on the forms.
In every case the privacy policies of my clients and the things they tell me are explicit in that addresses will not be shared. It’s all opt-in, and email addresses are not shared without permission. Even in the cases where I am auditing affiliates, my clients assure me that if I follow this exact process my address will not be shared. Or so the affiliates have assured them.
Despite my care and the privacy policies on the websites, these addresses occasionally leak or are sold. This is actually very rare, and most of the websites I test never do anything with my address that I don’t expect. But in a couple cases these email addresses have ended up in the hands of some hard core spammers (hundreds of emails a day) and there was no useful tracking I could do. In other cases the volume has been lower, and I’ve watched the progression of my email addresses being bought and sold with morbid fascination.
Today an address I signed up at a website about a year ago got hit with multiple spams in a short time frame. All came from different IPs in the same /24. All had different domains with no websites. Whois showed all the domains were registered behind a privacy protection service. Interestingly, two of the domains used the same CAN SPAM address. The third had no CAN SPAM address at all. None of these addresses match the data I have on file related to the email signup.
It never ceases to amaze me how dishonest some address collection outfits. Their websites state clearly that addresses will not be bought an sold, and yet the addresses get lots of spam unrelated to the original signup. For those dishonest enough to do this they’ll never get caught unless recipients tags and tracks all their signups. Even worse, unless their partners test their signups or their mailing practices, the partners may end up unwittingly sending spam.

Read More