Recent Posts

Cloudflare and Spamhaus

Spamhaus has been the subject of a lot of discussion the last few weeks. I touched on this a little in June when I blogged that a number of large brands were getting SBL listings.
But big brands are not the only companies with publicly discussed SBL listings.
Cloudflare, the content delivery network that grew out of project honeypot, has a number of SBL listings, covering at least 2 /18s and a /20. Representatives and customers of Cloudflare have been discussing the listings on twitter.
As a content provider, Cloudflare isn’t actually sending mail nor are they actually hosting the content. What they are doing is providing consistent name service and traffic routing to malicious websites. In fact, they’ve been providing services to a malware botnet controller (SBL138291) since May, 2012. They’re also providing services to a number of SEO spammers. Both of these actions are justification for a SBL listing, and Spamhaus has a history of listing providers protecting spammers.
Cloudflare claims they take action on all “properly filed complaints” and they may actually do that. But their reports require quite a bit of information and require consent for releasing information to 3rd parties. Looking at the website, it appears to me to be a site designed to discourage abuse reports and stop people from reporting problems to Cloudflare.
When you look at the Cloudflare business model it’s clearly one that will be abused. Cloudflare acts as a reverse proxy / pass through network that caches data from their customers. This protects the abusers webhosting setup and prevents people tracking the abuser from being able to determine the true host of a website. As a responsible internet citizen, Cloudflare should be disconnecting the customers hiding behind Cloudflare’s services.
Unfortunately, Cloudflare seems unwilling to actually police their customers. They’ve taken a totally hands off approach.
Let’s be frank. Cloudflare has been providing service to Botnet C&C servers for at least two months. It doesn’t matter that the abuser has the malware on a machine elsewhere, Cloudflare’s IP is the one that serves the data. I don’t care what you think about spam, providing service to malware providers is totally unacceptable. It’s even more unacceptable when you claim to be a security company. Nothing about malware is legitimate and the fact that Cloudflare is continuing to host a malware network command and control node is concerning at the very least.
Cloudflare (.pdf) is listed on Spamhaus for providing spam support services. The most obvious of these is providing service to a malware controller. And Spamhaus escalated the listings because they are allowing other abusers to hide behind their reverse proxy.

Read More

What's up with CASL?

Al has a guest post from Kevin Huxham of CakeMail talking about how a majority of people surveyed don’t know anything about the Canadian Anti-Spam Legislation.
I have to admit, I’ve not talked about CASL very much here as I’ve been waiting for the implementation and rulemaking. Unfortunately, the implementation date has been pushed back again and again and it doesn’t look like the law will be in effect until 2013.
CASL takes an incredibly narrow look at permission. It prohibits any commercial mail sent without the recipient’s consent to email addresses, social networking accounts and phones (SMS). Not only that, it also prohibits adddress harvesting and installation of computer programs without consent of the owner of the computer.
This law affects all email sent to a Canadian citizens and does allow for private right of action.
I know that a lot of companies that market in Canada have been working out permission issues before the law takes effect. They are also looking at how to comply with the permission requirements for addresses collected after the law goes into effect.
One of the challenges of this law is going to be identifying what addresses are covered. In some cases senders will have physical addresses, but they’re not going to have physical addresses for all addresses. And that may mean that CASL will actually impact more that just Canadian residents.
 
 

Read More

How to make sure your mail is read

ThinkGeek have a bit of a challenging audience to connect with. Many of their customers are, well, geeks. And many geeks have a reputation for being suspicious of marketing. I’d even go so far as to say that ThinkGeek has a bigger marketing challenge than other popular retailers.
One of the challenges all marketers face, though, is getting people to actually open and read an email carefully. ThinkGeek have addressed this challenge by turning reading email into a competitive game.
In June they sent out an email with a hidden coupon code in it. The first person to redeem the code received $100 off their order. What a creative way to get people to actually look through an email and make a purchase.
This, of course, is not a new marketing technique. I have at least 2 different Sigma t-shirts using the same style of marketing. This was in the dark ages and we didn’t have online forms, but the new catalog came with a postcard of questions to answer and return and the first 100 post cards got t-shirts. It was actually kinda nifty. As head tech, I got catalogs all the time. But answering the questions got me to look through the Sigma catalog and see their new products. Plus! T-shirt!

What new an interesting ways have you seen marketers use to engage recipients?

Read More

Wiretapping and email

An Alabama resident is suing Yahoo for violating the California wiretapping law. Specifically he’s suing under CA Penal Code section 631. The thing is, this section of the law deals with wiretapping over “telephone or telegraph” wires. That doesn’t seem to apply in this case as Yahoo isn’t using either telephone or telegraph wires to transmit their packets.
Holomaxx tried the wiretapping argument when they sued Yahoo and Hotmail. That case cited a cause of action under both federal law and California law. The wiretapping claim was addressed specifically by the lawyers for the defendants.

Read More

DNS Changer servers going offline

There are a whole host of different botnets. One botnet run by Rove Digital infected computers with viruses that changed their DNS settings, giving the botnet runners the ability to control how the infected computers viewed the Internet.
The criminals behind the DNS Changer virus were arrested in November of last year. The court ordered the Internet Systems Consortium (ISC) to operate replacement DNS servers for computers infected with the botnet viruses in order to give users a chance to clean and fix their computers.
That court order expires on Monday.
Anyone who is still infected with the DNS Changer malware will see their internet services greatly curtailed when the DNS servers go offline.
If you run Windows and you haven’t yet checked to see if you’re infected, you should do so soon. There are a number of websites you can visit that will tell you if you are actually infected with the DNS changer virus and if you are will give you information on how to fix your system.

Read More

Targeting and Segmentation

MarketingSherpa has a great case study of a retailer that got a 208% higher conversion (purchase) rate for a targeted email sent to a small segment (10%) of their list.

Read More

Gevalia spamming

A number of people have contacted me over the last week pointing out that Paul Wagner was handed a negative jury verdict in his lawsuit against Gevalia and Connexus. (background Wash Post Article Washington Post verdict article, Ken Magill Article).
I spent some time this afternoon downloading different documents from Pacer trying to understand what was going on in the case and what the implications were. This lawsuit was originally filed in 2008 and has had nearly 600 documents filed with the court. Suffice it to say, I didn’t start at the beginning and work forward, I started at the end and worked backwards.
Beyond Systems, Inc. filed suit against Kraft and Connexus for spamming addresses under the California and Maryland anti-spam laws.
This recent “mini-trial” assessed 3 questions:

Read More

Services, abuse and bears

A couple weeks ago I wrote a post about handling abuse complaints. As a bit of a throwaway I mentioned that new companies don’t always think about how their service can be abused before releasing it on the unsuspecting internet.
Today’s blog post by Margot Romary at the Return Path In the Know blog reminds me that it’s not always new companies that don’t think about abuse potential before launching services.

Read More

Report Spam button

Cloudmark has an interesting discussion about the Report Spam button and how it’s used.

Read More

Working as intended

There’s a certain type of sender that thinks every ISP block or email delivered to the bulk folder is a false positive. They’re so sure that the filters aren’t actually supposed to catch their mail that they’ll spend any amount of money and do every possible thing to get their mail to the inbox.
The problem for these senders, though, is that their mail is exactly the type of mail filters are designed to catch. They’re sending mail without recipient permission. I’m not talking about the lists that get a few typos or problem addresses on them. I’m talking about senders that buy and trade mailing lists. I’m talking about senders that don’t believe they have to have permission to send mail.
This mail getting filtered is a sign that the filters are working as intended. They’re keeping the unsolicited email out.
A lot of us take for granted that all commercial mail, at least that isn’t selling fake watches or herbal viagra, is always sent with permission. But there’s an awful lot of mail out there that doesn’t even have a minor fig leaf of permission. Filters stop that mail. And senders have very little recourse when they do.

Read More
Categories
Tags