Sharing content, sharing reputation

Over at SpamResource Al talks about how sharing content is like sharing needles.

If you’re going to share email templates with somebody else, you’re sharing in their reputation. Lots of good spam filters, like those at Cloudmark, Brightmail, Yahoo and elsewhere, they use what is commonly called “content fingerprinting.”

Content fingerprinting is something that a lot of people don’t talk about. However, it is the logical next step to deal with spammers who spend a lot of time attempting to work around IP based reputation. It is also why a number of senders with good reputation can see random poor delivery.
The moral of the story is be careful of who you allow to advertise in or generate content for your newsletters. Otherwise, you may see your delivery suffer.

Related Posts

White House sending spam?

There has been some press about political spam recently. People are receiving email from the White House that they have not opted into. At a recent press conference a reporter challenged the press secretary to defend the practice.
Chris Wheeler over at Bronto blog points out that CAN SPAM doesn’t apply as this is political mail, and CAN SPAM only covers commercial email. He also notes that most of the mail came from “forward to a friend” links which the sender has little to no control over.
Gawker has a post up “Everything you need to know about Obama’s Spam-Gate.”
There are a lot of issues here. Chris asks a number of questions on his blog, that I encourage people to think about.

Read More

Contact addresses and spam

One of the challenges anyone doing business on the internet faces is how to provide contact information so that potential customers can reach you in a form that spammers can’t easily abuse. Contact forms are the classic method, but they can (and are) abused by spammers. We decided to try something different. About 2 months ago, we started using rotating contact addresses. Every day a new address is deployed on the contact form on our website. Each address is valid for a fixed period of time, and is then retired.
This seems to be working well for us. Spammers are harvesting the email addresses, but because they are only valid for a fixed period of time, the amount of spam in my mailbox is not overwhelming. I am spending less time searching for sales mails through spam. An interesting side effect is I can actually see who is harvesting addresses and spamming.
It’s not perfect, I’m still getting spam to that address. But it’s spam at a level where I’m not losing real mail.

Read More

Beware: Phishing and Spam in Social Networks

Trend Micro warns us today about how spam and phishing can hit you even in the closed ecosystem of a social networking system such as Facebook. Malware abounds. And in the social network arena, just like anywhere else, “using your account to send spam” is a common thing for the bad guys to want to do.
In Rik Ferguson’s investigation (which I read about on CNet News), he came across a link to a URL that asked for his Facebook credentials, supposedly necessary to allow installation of a specific Facebook application. Once the credentials were handed over, the app immediately spammed all of his Facebook friends, sending them a bogus notification, attempting to draw them into visiting the phishing/malware URL, with (one assumes) the hope of spreading the infection even wider.
He’s a researcher for Trend Micro, so he knows what he’s doing. But for the rest of us, this highlights how necessary it is to be careful with who you give your usernames and passwords to. In my opinion, it’s never safe to take your username and password from one site and hand it over to another site. Some social networking make the problem even worse by blurring the lines between safe and unsafe by asking for usernames and passwords to third party accounts, but you just can never know with 100% certainty which sites are legitimate and which ones aren’t.
— Al Iverson

Read More