AARP, SureClick, Offerweb and Spam

On Tuesday Laura wrote about receiving spam sent on behalf of the AARP. The point she was discussing was mostly just how incompetent the spammer was, and how badly they’d mangled the spam such that it was hardly legible.
One of AARPs interactive advertising managers posted in response denying that it was anything to do with the AARP.

This isn’t from AARP…this is a SPAM that’s been going around for years now. Did you bother looking into the source code to see where it sends you? My guess is it aint AARP…Do you know what your talking about?

Yes, Scott, we do know what we’re talking about, and we did look into the source code.
Yesterday Laura discussed in general principles how mainstream companies typically send spam by hiring a company who hires a company who hires a company to send spam.
We’re fairly familiar with how this works – one of the things Word to the Wise does is to provide forensics and expert witness services in email-related cases – so we dug into this email so as to work out what the story behind it was.
The story, as far as we can tell at a quick look, is that the AARP hired a company called SureClick to generate “Qualified Leads”.

SureClick homepage
You can see that they’re fairly proud to have the AARP as a flagship client.
What do SureClick do for their flagship client? They pay affiliates to drive traffic to their AARP membership signup page. I’m not sure exactly how much they’re paying for each signup, but it must be more than $12 as that’s how much SureClick’s affiliates are, in turn, offering to pay their affilliates.
In the case of the spam sent to Laura the affiliate SureClick hired was OfferWeb. What do OfferWeb do? They pay affiliates to drive traffic to their landing page. Seeing a pattern yet?
OfferWeb then hired a hard core spammer to actually send the spam on AARPs behalf. This guy, apparently based in Utah but spamming from a machine hosted in Pennsylvania, is doing everything he can to avoid his spam being recognised and blocked, using dozens of domains and IP addresses and sending messages stuffed full of hashbusters that have hardly any text, just images, to try and hide from spam filters.
One irony is that the Pennsylvania ISP who is hosting the spammer is also the same ISP who host the email account the spam was sent to. Sometimes the best place to start cleaning up is close to home.
So the spammer sends out millions of pieces of email to addresses he’s harvested or bought, most of which is blocked or ends up in the junk folder. When someone responds he passes them on to OfferWeb, who pass them on to SureClick who sign them up for the AARP. Then the AARP pays SureClick, who keep some of the money and pay OfferWeb, who keep some of the money and give the rest to the spammer.
It’s the advertising budget at AARP, and hundreds of companies like them, that makes this sort of spamming worthwhile.
If you’re interested in where all this data came from, check back tomorrow.

Related Posts

Did anyone actually look at this email before sending?

I received spam advertising AARP recently. Yes, AARP. Oh, of course they didn’t send me spam, they hired someone who probably hired someone who contracted with an affiliate marketer to send mail.
The affiliates, while capable of bypassing spam filters, are incapable of actually sending readable mail.

Read More

News from MAAWG

During MAAWG a number of companies in the email space announce new initiatives, mergers, products and the like. This MAAWG is no different.
Spammers adjust to security trends. This is not really news, spammers have been adjusting to new security measures since folks started blocking from: addresses back in ’95 and ’96. The tactics are different and developing, but for every security hole that is blocked, spammers will search for another hole to exploit. The unfortunate truth is that end user is the weak point, and spammers and scammers are very very good at social engineering.
Spam statistics stalemate. Spam is still accounting for approximately 90% of all email traffic.
Cloudmark acquires Bizanga. I talked to some of the Cloudmark folks and they seem very excited with their acquisition of the Bizanga MTA and email technology.
Bizanga Storage announced. Bizanga Store is a scalable storage system brought to you by some of the people who were instrumental in building the Bizanga MTA acquired by Cloudmark.
ReturnPath announced partnership with RPost. Yet more ongoing changes in the certification field.

Read More

Permission is not a legal concept

One trap I see companies fall into when looking at opt-in and permission is they seem to think that permission is a blanket thing. They believe permission can be bought and sold by the companies that collected email addresses.

Read More