Recent Posts

J.D. Falk Award

This morning M³AAWG announced the creation of the J.D. Falk award to recognize and honor people like J.D. who work to make the Internet safer for all users.

Nameless and faceless

Ken Magill wrote about Spamhaus last week. In the article he commented about the volunteers.

There’s a new feedback loop at mail.ru. This is a DKIM based FBL (like Yahoo) and is designed primarily for ESPs. I am hearing there is an IP based FBL for ISPs in the works, but there isn’t a firm release date for that yet.
Senders and ESPs can signup for the new FBL at http://postmaster.mail.ru/. One caveat is that you must have a mail.ru account in order to get access to the stats page and there isn’t currently an English webmail page. I tried but couldn’t get online translators to work on the signup page.

Policing customers

In yesterday’s post about Cloudflare and Spamhaus Fazal comments that Cloudflare may have been asked by law enforcement to leave the website up.
This does happen and it’s not totally out of the question that’s what is going on with this particular website. But I used the malware C&C as an example of the poor behaviour condoned by Cloudflare, it’s certainly not the only bad behaviour. There’s also the issue that Cloudflare disavows all responsibility for the behaviour of their customers.

Cloudflare and Spamhaus

Spamhaus has been the subject of a lot of discussion the last few weeks. I touched on this a little in June when I blogged that a number of large brands were getting SBL listings.
But big brands are not the only companies with publicly discussed SBL listings.
Cloudflare, the content delivery network that grew out of project honeypot, has a number of SBL listings, covering at least 2 /18s and a /20. Representatives and customers of Cloudflare have been discussing the listings on twitter.
As a content provider, Cloudflare isn’t actually sending mail nor are they actually hosting the content. What they are doing is providing consistent name service and traffic routing to malicious websites. In fact, they’ve been providing services to a malware botnet controller (SBL138291) since May, 2012. They’re also providing services to a number of SEO spammers. Both of these actions are justification for a SBL listing, and Spamhaus has a history of listing providers protecting spammers.
Cloudflare claims they take action on all “properly filed complaints” and they may actually do that. But their reports require quite a bit of information and require consent for releasing information to 3rd parties. Looking at the website, it appears to me to be a site designed to discourage abuse reports and stop people from reporting problems to Cloudflare.
When you look at the Cloudflare business model it’s clearly one that will be abused. Cloudflare acts as a reverse proxy / pass through network that caches data from their customers. This protects the abusers webhosting setup and prevents people tracking the abuser from being able to determine the true host of a website. As a responsible internet citizen, Cloudflare should be disconnecting the customers hiding behind Cloudflare’s services.
Unfortunately, Cloudflare seems unwilling to actually police their customers. They’ve taken a totally hands off approach.
Let’s be frank. Cloudflare has been providing service to Botnet C&C servers for at least two months. It doesn’t matter that the abuser has the malware on a machine elsewhere, Cloudflare’s IP is the one that serves the data. I don’t care what you think about spam, providing service to malware providers is totally unacceptable. It’s even more unacceptable when you claim to be a security company. Nothing about malware is legitimate and the fact that Cloudflare is continuing to host a malware network command and control node is concerning at the very least.
Cloudflare (.pdf) is listed on Spamhaus for providing spam support services. The most obvious of these is providing service to a malware controller. And Spamhaus escalated the listings because they are allowing other abusers to hide behind their reverse proxy.

What's up with CASL?

Al has a guest post from Kevin Huxham of CakeMail talking about how a majority of people surveyed don’t know anything about the Canadian Anti-Spam Legislation.
I have to admit, I’ve not talked about CASL very much here as I’ve been waiting for the implementation and rulemaking. Unfortunately, the implementation date has been pushed back again and again and it doesn’t look like the law will be in effect until 2013.
CASL takes an incredibly narrow look at permission. It prohibits any commercial mail sent without the recipient’s consent to email addresses, social networking accounts and phones (SMS). Not only that, it also prohibits adddress harvesting and installation of computer programs without consent of the owner of the computer.
This law affects all email sent to a Canadian citizens and does allow for private right of action.
I know that a lot of companies that market in Canada have been working out permission issues before the law takes effect. They are also looking at how to comply with the permission requirements for addresses collected after the law goes into effect.
One of the challenges of this law is going to be identifying what addresses are covered. In some cases senders will have physical addresses, but they’re not going to have physical addresses for all addresses. And that may mean that CASL will actually impact more that just Canadian residents.

How to make sure your mail is read

ThinkGeek have a bit of a challenging audience to connect with. Many of their customers are, well, geeks. And many geeks have a reputation for being suspicious of marketing. I’d even go so far as to say that ThinkGeek has a bigger marketing challenge than other popular retailers.
One of the challenges all marketers face, though, is getting people to actually open and read an email carefully. ThinkGeek have addressed this challenge by turning reading email into a competitive game.
In June they sent out an email with a hidden coupon code in it. The first person to redeem the code received $100 off their order. What a creative way to get people to actually look through an email and make a purchase.
This, of course, is not a new marketing technique. I have at least 2 different Sigma t-shirts using the same style of marketing. This was in the dark ages and we didn’t have online forms, but the new catalog came with a postcard of questions to answer and return and the first 100 post cards got t-shirts. It was actually kinda nifty. As head tech, I got catalogs all the time. But answering the questions got me to look through the Sigma catalog and see their new products. Plus! T-shirt!

What new an interesting ways have you seen marketers use to engage recipients?

Wiretapping and email

An Alabama resident is suing Yahoo for violating the California wiretapping law. Specifically he’s suing under CA Penal Code section 631. The thing is, this section of the law deals with wiretapping over “telephone or telegraph” wires. That doesn’t seem to apply in this case as Yahoo isn’t using either telephone or telegraph wires to transmit their packets.
Holomaxx tried the wiretapping argument when they sued Yahoo and Hotmail. That case cited a cause of action under both federal law and California law. The wiretapping claim was addressed specifically by the lawyers for the defendants.

DNS Changer servers going offline

There are a whole host of different botnets. One botnet run by Rove Digital infected computers with viruses that changed their DNS settings, giving the botnet runners the ability to control how the infected computers viewed the Internet.
The criminals behind the DNS Changer virus were arrested in November of last year. The court ordered the Internet Systems Consortium (ISC) to operate replacement DNS servers for computers infected with the botnet viruses in order to give users a chance to clean and fix their computers.
That court order expires on Monday.
Anyone who is still infected with the DNS Changer malware will see their internet services greatly curtailed when the DNS servers go offline.
If you run Windows and you haven’t yet checked to see if you’re infected, you should do so soon. There are a number of websites you can visit that will tell you if you are actually infected with the DNS changer virus and if you are will give you information on how to fix your system.

Targeting and Segmentation

MarketingSherpa has a great case study of a retailer that got a 208% higher conversion (purchase) rate for a targeted email sent to a small segment (10%) of their list.