Internet fraud and private whois records

The Verge has a long article about Internet Marketing and how much fraud is perpetrated by people who label themselves Internet Marketers.
It was interesting, but I didn’t think it was necessarily relevant to email marketers until I saw this quote from Roberto Anguizola at the FTC Bureau of Consumer Protection.

“savvy internet fraudsters use fake information, they use a host of shell companies [and they] use internet registrations that are private or themselves are fraudulent” to cover up their tracks. “If it’s a hydra of an internet scam, and you just chop off one tentacle, you may be missing the rest of it, and it will regenerate in a form that will not be recognizable…”

Then I realized this was worth sharing with my audience. A lot of these scammers use privacy protected domain (internet) registration to hide themselves and cover their tracks.
Who else uses privacy protection? A lot of email marketers. This is happening less and less, but in the last month I had to tell clients to turn off privacy protection before I could contact the ISPs on their behalf.
Many of us who deal in spamblocking, whether it’s troubleshooting and mitigating blocks or instituting blocks, have a very negative gut reaction when we see whois information behind privacy protection.
Now, it’s not that I believe everyone who uses privacy protection has something to hide. Some small business owners use it because they don’t know any better and because their registrar sells them on it. Individuals registering personal domains use privacy protection for very valid reasons. I also know that not every company that uses privacy protection is actually a spammer.
I strongly believe companies should not use privacy protection on any domain they use for business. For domains used in email, this goes double. CAN SPAM requires every email have a postal address. If every email has to have a real address, there is no reason that domains in that mail need to be hidden behind privacy protection.
There are a lot of scammers and spammers who use privacy protection. There are so many of them that a company using privacy protection often gets classified as a scammer or spammer by people handling email, either on the inbound or the outbound. Personally, I’ve had some very bad experiences with clients who use privacy protected domains for their bulk mail. I have not gone so far as to refuse to take them on as clients, but I will no longer contact an ISP, spam filtering company or blocklist for companies that have privacy protected domains. I’m not the only delivery expert that does this.

[Return Path Certified] Program Members must maintain accurate contact information in the whois database and no privacy protection services may be used for all Sender controlled domains that appear in message headers and body text, are used for user sign-up, preference and unsubscribe sites. Return Path Minimum Certification Guide

Scammers, spammers and just plain bad marketers hide their identity behind privacy protection. Using privacy protection makes a company look like them. Don’t be that marketer.

Related Posts

More legal problems for Boris

Boris Mizhen is once again on the wrong side of legal action. This time it’s not as simple as Microsoft suing him for creating hundreds of thousands of accounts to try and game the spam scoring system. Instead, he seems to have run afoul of the FTC.
This case isn’t obviously about email, but the FTC alleges that companies under the “control or influence” of Boris set up a network of fake news sites to deceive consumers into a free trial for diet supplements. The free trial involved enrollment in a monthly renewal program which cost consumers up to $158.00 a month.
The websites did not make the enrollment process clear and the companies made it extremely difficult to stop the renewal.

Read More

Avoiding spammers in affiliate programs

How can companies avoid paying spammers and having their brand associated with spammers?
One of the easiest ways to avoid spam is to not pay for acquisition email. Simply don’t set up an affiliate email marketing program. There are a lot of folks who don’t like me saying that, and who have argued vociferously with me over the years. But email is not a good medium for acquiring new customers if you don’t intend to spam. Email is a great medium for talking with current customers who are engaged with a brand and a company, but currently it is a poor way to acquire customers without spamming.
There are ways companies have successfully used email to acquire customers. There are actually newsletters that contain content but also sell advertising in the newsletter. Look at the newsletters you are receiving, that are relevant to your business space. One example of a newsletter that did this successfully is Magilla Marketing published by DirectMag. Every week there were 4 new articles from Ken Magill, supported by advertising in the newsletter and on the website. These kind of ads will let you reach your target market without spamming.
Now, I know that there are a lot of marketing departments out there that are going to insist that there aren’t useful newsletters or advertising venues for their field and the only way they can acquire customers is to use affiliate programs. I’ve had clients tell me the exact same things. Often they came to me as clients because their own email marketing was blocked by a blocklist or a spam filtering company due to their hiring of spammers. They wanted to police and clean up their affiliate program without having to give it up.
Policing affiliate programs can be done, if the company invests the time and energy into screening the program.
For every company that wants to send email advertising your company ask them to provide information about their company and their email program.

Read More

CA court requires sender identification on emails

Venkat analyzes the appeals court decision in Balsam v. Trancos, Inc.. In this case the appeals court decided that emails have to identify some actual person or entity they are sent by or from. Emails that do not identify the sender are in violation of the California anti-spam statute.
Venkat talks about all the reasons he thinks this is a problematic ruling, and the CA courts and anti-spam activists certainly have their share of bad rulings. I’m less convinced. The crux of the case seems to be that the advertiser used a number of random domains to hide the responsible party for an email. Rotating domains is a very, very common spammer tactic that is specifically a way to avoid domain based filters.
I understand Venkat’s concern but as someone who gets a lot of these spams I think the court is certainly ruling within the spirit of the CA statute. These mailers are using random domains to avoid filters and mislead recipients as to the source of the mail. Even if the domains are legitimately owned by the advertiser, they are usually hidden behind privacy protection and give the recipient no real information about who is sending the mail.
Another interesting point is the court speaking out against privacy registration. Personally, I don’t think any business should ever hide their domain registration behind privacy protection. If you’re a business, then you should stand up and give real contact information. I know it can be scary, particularly for people working out of their home, but if you’re a real business, you need to have an address registered with your state. Furthermore, if you’re a business sending email, all that email must contain a physical postal address. Your address already needs to be public, and including that in whois records isn’t actually going to change anything.

Read More