Ongoing subscription attack

Brian Krebs posted a couple days ago about his experience with the subscription bomb over the weekend. He talks about just how bad it was over the weekend.

At approximately 9:00 a.m. ET on Saturday, KrebsOnSecurity’s inbox began filling up with new newsletter subscriptions. The emails came in at a rate of about one new message every 2-3 seconds. By the time I’d finished deleting and unsubscribing from the first page of requests, there would be another page or two of new newsletter-related emails. For most of the weekend until I got things under semi-control, my Gmail account was basically useless.

He also mentions this is something he’s been targeted with in the past.
This is malicious behavior on the part of the folks who are subscribing people. It is harassment.
I’m pleased at the number of ESPs and brands that are taking this seriously. We had a M3AAWG call this morning and much of the discussion was about how people are dealing with the issue. Some data is being shared here on the blog (signup IPs and stuff) and it’s very helpful.
If you are an ESP and you have data you want to share but don’t want to share it publicly contact me directly. The contact address works, I’m also on LinkedIn.
If you’re a recipient and you want some help cleaning up, feel free to contact me as well. I have some ideas of how we can help you and how you can help mitigate this for other people.
This isn’t a problem that’s going to just go away. We, as senders, cannot ignore the abuse. Now that this is out there we need to address it head on and protect both our brands, our network space and those unwilling recipients from being harassed through our services.
That does mean changes in behavior for all of us. Let’s not have the email space fall down on handling abuse like some of the social networking sites have.

Related Posts

Fake DNSBLs

Spamhaus recently announced a few years ago that they have discovered a company that is pirating various blocklists, relabeling them and selling access to them. Not only is the company distributing the zones, they’re also running a “pay to delist” scheme whereby senders are told if they pay money, they’ll be removed from the lists.
The fake company does remove the listing from the fake zones, but does nothing to remove the IP from the original sender. This company has been caught in the past and was blocked from downloading Spamhaus hosted zones in the past, but have apparently worked around the blocks and are continuing to pirate the zone data.
It’s not clear how many customers the blocklist has, although one ESP rep told me they were seeing bounces referencing nszones.com at some typo domains.
No legitimate DNSBL charges for delisting. While I, and other people, do consult for senders listed on the major blocklists, this is not a pay for removal. What I do is act as a mediator and translator, helping senders understand what they need to do to get delisted and communicating that back to the blocklist. I work with senders to identify good, clean addresses, bad address segments and then suggest appropriate ways to comply with the blocklist requirements.

Read More

BlueHornet spun off from Digital River

Earlier this week, the investment firm Marlin Equity Partners announced they purchased BlueHornet Networks from Digital River. BlueHornet has been around for quite a while. In 2004 they were acquired by Digital River and run as a wholly owned subsidiary.
Congrats to the folks working at BlueHornet.

Read More

July 2016: The Month in Email

We got to slow down — and even take a brief vacation — in July, but we still managed to do a bit of blogging here and there, which I’ll recap below in case you missed anything.
Sonoma1
At the beginning of the month, I wrote about email address harvesting from LinkedIn. As you might imagine, I’m not a fan. A permissioned relationship on social media does not equate to permission to email. Check out the post for more on mailing social media contacts.
Even people who are collecting addresses responsibly can face challenges. One of the most important challenges to address is paying attention to your existing subscription processes, testing them regularly, evaluating effectiveness and optimizing as needed.
Our most commented-upon post this month was a pointer to a smart writeup about Hillary Clinton’s email server issues. Commenters were pretty evenly split between those who agreed that they see this kind of workaround frequently, and those who felt like regulatory processes do a good job managing against this kind of “shadow IT” behavior. I wrote a followup post on why we see this kind of workaround frequently in email environments, even in regulated industries, and some trends we’re seeing as things improve.
In other election-related email news, we saw the challenges of campaign email being flagged as spam. As I pointed out, this happens to all campaigns, and is nothing unique to the Trump campaign. Still, there are important lessons for marketers here, too, in terms of list management, email content, frequency, and engagement — all of which are inextricably linked to deliverability.
Speaking of spam and engagement, Steve took a look at some clickthrough tracking revealed through a recent spam message I received — and why legitimate marketers should avoid using these sorts of URL referrers.
On the topic of authentication, I wrote a quick post about how seeing ?all in the SPF record tells me one thing: the person managing the record isn’t doing things properly. Need a refresher on authentication? Our most-read blog post of all time can help you out.
And as always, send me your interesting questions and I’ll be happy to consider them as I resume my Ask Laura column in August.

Read More