Still Spamming…

StillSpammingThis morning I woke up to news that Sanford Wallace pled guilty to spamming. Again.
Sanford was one of the very early spammers (savetrees.com). He moved to email from junk faxing when Congress made junk faxing illegal in 2005. He sued AOL when AOL blocked his mail. He lost and the courts maintained that blocking spam was not a violation of the sender’s rights. Sanford then moved on to using open relays to avoid blocks. He was eventually disconnected from his backbone provider (AGIS) for abuse. Sanford sued AGIS for breach of contract and was reconnected for a brief period of time.
After his disconnection from AGIS, Sanford and a few of the other folks proposed a backbone provider that allowed bulk email marketing. That never really went anywhere.
Reading these old articles is a major blast in the past. The legal case between AGIS and Cyberpromotions was the event that led to my involvement in email marketing and spam. I even spent a Saturday afternoon in the late 90s with about a dozen people on a con call with Sanford and Walt talking about his backbone idea. My position was pretty simple: it wasn’t going to work, but as long as there was consent it was his network and he could do what he wanted.
I kinda lost track, just because he moved onto other ways of advertising and I got deeper and deeper into deliverability consulting. He did show up on my radar a few years ago when Facebook sued him for breaking into user accounts and using those accounts to spam. He lost a $711 million dollar judgement to Facebook, but given he didn’t have the resources the judge in that case recommended criminal charges.
Criminal charges were filed a few years later. Yesterday, Sanford pled guilty to fraud and criminal contempt as well as violating a court order to stay off Facebook’s network.
He now faces $250,000 in fines and up to 16 years in jail. Given his history, I expect he’ll figure out some way to still send spam even if he’s locked up.
Sanford is one of the reasons so many folks have such a low opinion of anyone who describes their business as “legitimate email marketing.” Sanford used the same phrase back in the late 90s. Of course no one, with the possible exception of him, actually believed that. But when someone like that adopts the moniker “legitimate email marketer” it’s hard to take them seriously when someone like Sanford has been using that since the late 90s.
61765300

Related Posts

4 things spammers do legitimate marketers don't

I’ve never met a spammer that claims to be a spammer. Most that I’ve met claim to be legitimate marketers (or high volume email deployers). But there are things spammers do that I never expect to see a legitimate marketer doing.
I’ve written about these things throughout the blog (tag: TWSD), but it’s probably time to actually pull them together into a single post.

Read More

Are botnets really the spam problem?

Over the last few years I’ve been hearing some people claim that botnets are the real spam problem and that if you can find a sender then they’re not a problem. Much of this is said in the context of hating on Canada for passing a law that requires senders actually get permission before sending email.
Botnets are a problem online. They’re a problem in a lot of ways. They can be used for denial of service attacks. They can be used to mine bitcoins. They can be used to host viruses. They can be used to send spam. They are a problem and a lot of people spend a lot of time and money trying to take down botnets.
For the typical end user, though, botnets are a minor contributor to spam in the inbox. Major ISPs, throughout the world, have worked together to address botnets and minimize the spam traffic from them. Those actions have been effective and many users never see botnet spam in their inbox, either because it’s blocked during send or blocked during receipt.
Most of the spam end users have to deal with is coming from people who nominally follow CAN SPAM. They have a real address at the bottom of the email. They’re using real ISPs or ESPs. They have unsubscribe links. Probably some of the mail is going to opt-in recipients. This mail is tricky, and expensive, to block, so a lot more of it gets through.
Much of this mail is sent by companies using real ISP connections. Brian Krebs, who I’ve mentioned before, wrote an article about one hosting company who previously supported a number of legal spammers. This hosting company was making $150,000 a month by letting customers send CAN SPAM legal mail. But the mail was unwanted enough that AOL blocked all of the network IP space – not just the spammer space, but all the IP space.
It’s an easy decision to block botnet sources. The amount of real mail coming from botnet space is zero. It’s a much bigger and more difficult decision to block legitimate sources of emails because there’s so much garbage coming from nearby IPs. What AOL did is a last resort when it’s clear the ISP isn’t going to stop spam coming out from their space.
Botnets are a problem. But quasi legitimate spammers are a bigger problem for filter admins and end users. Quasi legitimate spammers tend to hide behind ISPs and innocent customers. Some send off shared pools at ESPs and hide their traffic in the midst of wanted mail. They’re a bigger problem because the mail is harder to filter. They are bigger problems because a small portion of their recipients actually do want their mail. They’re bigger problems because some ISPs take their money and look the other way.
Botnets are easy to block, which makes them a solved problem. Spam from fixed IPs is harder to deal with and a bigger problem for endusers and filters.

Read More

Don't like opt-outs? Target your program better.

I get a LOT of spam here. Most of it is marked and trivial to get rid of. Some of it is what I would call semi-legitimate. It’s a real product, but I never asked to receive any information from this company and am not actually part of their demographic. For one time things I just hit delete and move on. Life is too short to complain or opt out of every spam I get. (Tried that, got more mail)
But sometimes if the same sender keeps bothering me, I will send back an email asking them to cease contact. I recently had an occasion where someone sent an initial email trying to sell me bulk SMS, online video and other services. I ignored it because we’re not in the market for any of these services. A week later I get a followup asking why I hadn’t provided feedback to them and if there was a better person to talk to at the company. I looked for a way to opt-out of this message stream, but there wasn’t one. I send a reply telling them we were not interested in speaking to them and to please cease all communication. (“You didn’t receive feedback because I have no interest in talking to you. Please cease all future contact.” Admittedly that was terse, but it was polite.)
My request to cease communication was not well received, nor was it honored. Mind you, they first contacted me trying to sell me services that are totally off what we offer. When I asked them not to contact me, they turned it around that we’d lost business.

Read More