The cycle goes on

Monday I published a blog post about the ongoing B2B spam and how annoying it is. I get so many of these they’re becoming an actual problem. 3, 4, 5 a day. And then there’s the ongoing “drip” messages at 4, 6, 8, 12 days. It is getting out of control. It’s spam. It’s annoying. And most of it’s breaking the law.
But, I can also use it as blog (and twitter!) fodder.

I get spam…

I get a lot of this mail. But typically I delete, block or filter and move on. I don’t send a lot of spam complaints because they take time and I have better things to do. I usually only send complaints to ESPs where I know folks; mostly as a favor to them. There aren’t a lot of FBLs that cover B2B mail, so the individual complaints are useful. But, complaining takes time, not much admittedly, but sometimes it’s more time than I can (or want to) spare.
Yesterday was slower than normal, though. I wanted to follow the Senate hearings, so was just catching up on stuff while watching CSPAN. I checked out the AUP at the ESP. It looked pretty good. Even better, it wasn’t the standard boilerplate borrowed from a site that borrowed it from a different site that borrowed it from somewhere else. When it comes to AUPs, it’s turtles all the way down.

Anyway, I sent a message to their abuse address. It was one of my normal notices, nothing exciting or earth shattering.  I assume anyone reading the abuse mailbox can ID their customers, they don’t need pages of whois or IP lookups. Just the facts, ma’am. My messages have full headers, a sentence or two about the message and then I click send and dispatch it into the ether. My job is done.

And they reply…

Today I was pleasantly surprised to get a reply back from them. Apparently they’re blog readers (HI!). They talked to their customer and discovered the source of the email address was bad, seems the address was ‘misrepresented’ as opt-in to their customer. I asked if they’d tell me who sold the address. They kindly told me where my address was purchased.

And I am amused…

The company selling the address was one that approached me for delivery help earlier this year. Their database has a problem, they said. They want to really clean it up, they said.  I sent a proposal, then they disappeared. Happens. But, now I know they’re representing that database as valid. Even though they know it’s a train wreck (my words, not theirs).
Monday’s post was prompted by different vendor in the space contacting me for delivery help. Seems it’s really hard to consistently spam B2B targets. I’m pleased that the commercial filters and outsourced mailbox providers are doing such a good job.

And it doesn’t end…

And, as I’m writing this post, I got ANOTHER one of these. This one is even better. It’s from someone named Vitaliy Katsenelson. The subject line is a real winner: Hello from your LinkedIn BFF. Except it’s not sent to an address LinkedIn has for me. So, right then, I know they’re lying. But, because I’m blogging about this and I’m in a frivolous mood, I decide to look him up on LinkedIn.
Guess how long we’ve been connected on LinkedIn? How long a relationship would you expect “BFF” to describe? A week? A month? A year?
Whatever you guess, you’re probably wrong. We’re not connected on LinkedIn. He’s my BFF and we’re not even connected.
OK, so that’s not a true sign of BFFs. I mean, there are folks I’m quite good friends with that I’m not connected to on LinkedIn. Just not realized it, or haven’t taken the last step. Fair enough. Guess how many connections we have in common?
One. We have ONE whole connection in common. And I’m not even quite sure who that connection is – I generally accept all LinkedIn connections, so there are a lot of folks I don’t know on my list. Not exactly someone I’d call my BFF.

And now one of them calls…

I have a boilerplate I was sending for a while. In it I point out they’re violating CAN SPAM (because 99 times out of 100, they are). I point out they should really have that looked at and that we sell services for CAN SPAM compliance. Usually, that actually makes them go away, which is the real point. But one of the spammers called me while I was writing this. Really.
He assured me that the hundreds of messages he sent out every day were indeed written by him. All of these hundreds of messages are one-to-one. I don’t believe him. I told him that. He said of course they were. I said he was buying addresses and dropping them into his automation software. He denied everything.
Just FYI: these “one to one” messages are coming direct from Salesforce.
I asked where he got my address. He tells me LinkedIn. AGAIN with the LINKEDIN! No. No it’s not LinkedIn. That’s not the address LinkedIn has for me. Sorry dude. Then he backtracks and says he gets addresses from lots of places. Duh. I told you that above. You’re buying addresses and I know it and you know it. And you’re violating the law when you do it.
Just FYI: I have different emails in different places to make it easier for me to respond appropriately to messages.
He really just wanted me to know, though, that he worked very hard to find my name. These are one-to-one messages because he just knows that his services would help my day to day workload. It’s really hard for him to send hundreds of personalized messages a day and he doesn’t use software and it’s all about the recipient.
Just FYI: my LinkedIn profile makes it very clear we’re not a candidate for their services.
And… now he’s asking to be connected to me on LinkedIn. “Because he likes my passion.” Yeah. Maybe not.

So what’s your point…

I don’t really have one, I’m feeling punchy.
Well, OK, maybe I do. Look, I am a small business person. I AM your target market. B2B drip campaigns are annoying. They’re spam. Just because you upload a list of addresses and click “send” individually doesn’t make them one-to-one mail. They’re still bulk. Filters are evolving to catch and block or spam folder this kind of mail. I expect there’s probably 12 or 18 months left until the filters really catch up.
Right now most of the software sends mail through the users’ Gmail or Office365 account. Those ISPs have limits to the amount of mail any one account can send per day. They will change these limits to deal with outbound abuse.
Even more important, filters continue to evolve. They’re always improving. These messages get through now, but the more that are sent, the more the filters have to work with. Small business owners are moving their domains to Google Apps or Office365. These filters know it’s not one email, or 10 emails, but it’s hundreds or thousands of emails every day. Business users now have TIS buttons. Google and Microsoft measure engagement on business emails. They’ll adapt quickly. These “one-on-one” messages will end up in the bulk folder and rot away.
Spammers will, of course, find a new way to annoy recipients. And the filters will adapt. So it goes.
 
 
 

Related Posts

Your purchased list … is spam.

This morning I got spam from someone selling email addresses. The mail starts:

Read More

Google and Amazon and B2B spam

Many of the operational goals of a commercial spammer aren’t related to email delivery at all, rather they revolve around optimizing ROI and minimizing costs. That’s even more true when the spammer isn’t trying to sell their own product, rather they’re making money by sending spam for other companies.
Most legitimate network providers pay at least lip service to not allowing abusive behaviour such as spam from their networks, so a spammer has to make a few choices about what infrastructure to use to optimize their costs.
They can be open about who they are and what they do, and host with a reputable network provider, and build out mailservers much as any legitimate ESP would do. But eventually they’ll get blacklisted by one of the more reputable reputation providers – leading to little of their mail being delivered, and increasing the pressure on their provider to terminate them. They social engineer their provider’s abuse desk, and drag their feet, and make small changes, but eventually they’ll need to move to another provider. Both the delaying tactics and the finally moving are expensive.
Or they can host with a network provider who doesn’t care about abuse from their network, and do the same thing. But they’ll still get blacklisted and, unlike on a more reputable network, they’re much less likely to get any benefit of the doubt from any reputation providers.
Every time they get blacklisted they can move to a new network provider. That’s easy to do if your infrastructure is virtual machine based and moving providers just involves buying a new hosting account. But as anyone who’s heard the phrase “ramping-up” knows mail from new network space is treated with suspicion, and as they’re continually moving their mail won’t reach the inbox much.
Preemptively spreading the sources of your spam across many different IP addresses on different providers, and sending spam out at low enough levels from each address that you’re less likely to be noticed is another approach. This is snowshoe spam and spam filters are getting better at detecting it.
What to do? In order to get mail delivered to the inbox the spammer needs to be sending from somewhere with a good reputation, ideally intermingled with lots of legitimate email, so that the false-positive induced pain of blocking the mailstream would be worse than their spam. That’s one reason a lot of spammers send through legitimate ESPs. They’re still having to jump from provider to provider as they’re terminated, but now they’re relying on the delivery reputation of the shared IP pools at each new ESP they jump to. But that still takes work to move between ESPs. And ESP policy enforcement people talk to each other…
As a spammer you want your mail to be sent from somewhere with good reputation, somewhere you can use many different accounts, so your spam is spread across many of them,  flying below the radar. Ideally you wouldn’t have any documented connection to those accounts, so your activity won’t show up on any aggregated monitoring or reporting.
If nothing in the mail sent out identifies you there is nowhere for recipients to focus their ire. And if recipients can’t tell that the hundreds of pieces of spam in their inbox came from a single spammer, they’re much less likely to focus efforts on blocking that mail stream.
Over the past couple of years I’ve seen a new approach from dedicated B2B spammers, the sort who sell “buy and upload a list, blast out something advertising your company, track responses, send multiple mails over a series of weeks” services to salespeople. They’re the ones who tend to have glossy, legitimate websites, talking about “lead nurturing”, “automated drip campaigns” or “outreach automation”.
They have each of their customers sign up for gmail or google apps accounts, or use their existing google apps accounts, and then the spammer funnels the spam sent on behalf of that customer through that google account. There’s no obvious connection between the spammer and the google account so there’s no risk to the spammer. Google is fairly unresponsive to spam complaints, so as long as the volume sent by each customer isn’t spectacularly high it’s going to be well below Google automation’s threshold of notice.
Google do record where mail that’s injected into their infrastructure in this way comes from, in the Received headers. But the spammers run their sending infrastructure – list management, message composition, tracking and so on – on anonymous, throwaway virtual machines hosted on Amazon’s EC2 cloud, so there’s nothing in the email that leads back to the spammer.
And, for recipients, that’s a problem. Spam filters aren’t going to block this sort of mail, as they can’t easily tell it is this sort of mail. It’s coming from Google MTAs, just like a lot of legitimate mail does. In terms of sheer volume it’s dwarfed by botnet sourced mail or dubious B2B manufacturing spam out of Shenzhen. But, unlike most of that, it’s in your inbox, in front of your eyeballs and costing you time and focus. And that’s much more expensive than network infrastructure or mailbox storage space.
I’m not sure what, if anything, Google or Amazon can do about it at scale, but it’s something that’s going to need to be dealt with eventually.
Meanwhile, if you receive some marginally personalized mail from a sales rep, one attempting to look like 1:1 mail, look at the headers. If you see something like this …

Read More

Affiliate mailers struggling

What are affiliate mailers?

Affiliate mailers collect email addresses and then rent access to those addresses out to 3rd parties. There are a wide range of vendors that fall into the affiliate category. Some vendors compile lists through co-registration, others compile lists themselves through website opt-ins and some affiliate vendors fulfill mailing requests by hiring affiliates. There are, of course, some senders in the affiliate space that don’t even pretend to send opt-in mail, they just buy, compile or harvest addresses and blast mail to those addresses.

Read More