Sign in to follow this  
Followers 0
ldejager

Spamvertised Web Sites

15 posts in this topic

Hi there,

I am having difficulties with a spesific user who sends out bulk email to market his website. I have had two reports from spamcop regarding this spamvertised website and have contacted the client on both occations regarding this. His argument is that he does not send it through our servers and he did add the unsubscribe email address as requested before. On the second occation we questioned his methods of obtaining email addresses (He blatantly admitted he uses email harvesting software for this purpose), now he claims he bought the email addresses. Below is what he adds to each outgoing message.

Can someone please provide general information regarding the buying of email addresses? Is it legal? What are the requirements for sending out legit marketing email? This information would be used to take appropiate action against offending user and for future refernce.

---<snip>---

To never receive any more jokes ever again click:

unsubscribe[at]domain.com

IMPORTANT: please note that we have purchased this email address - our aim

is not to sell anything, spam or annoy, but simply tell people about our site

and put a smile on their face. By unsubscribing we will respect your privacy

and remove your address. Thank you.

---</snip>---

Many thanks,

Edited by ldejager

Share this post


Link to post
Share on other sites

I cannot give you any technical answer or information. But let me ask you why would you think in the first place that it would be OK for someone to send UNWANTED email (also known as spam) to someone who has NOT subscribed or asked for it, and then use an argument that they added an "unsubscribe" link? Why should you unsubscribe from something you have not subscribed to? Makes no common sense to me.

Bottom line is it is spam. Even if the method of obtaining the email addresses seems legal, it is plain wrong.

Share this post


Link to post
Share on other sites

Making a few assumptions about your role -

... (He blatantly admitted he uses email harvesting software for this purpose), now he claims he bought the email addresses. ...
Address harvesting is illegal in many places. You are in the UK? I don't know your laws - no doubt one or more of our UK members will know more.
... Can someone please provide general information regarding the buying of email addresses? Is it legal? What are the requirements for sending out legit marketing email? This information would be used to take appropiate action against offending user and for future refernce. ...
SpamCop's recommendations for responsible list management are in the FAQ Introduction to SpamCop for recipients of spam reports. Additional resources (I haven't checked the currency of the links lately) are provided in FAQ Entry: Am I Running Mailing Lists Responsibly?. These would keep him (and you) out of the SCBL - whether what he is doing is legal or not is something you really should obtain local advice about as part of your business management obligations. It certainly is not legal in my part of the world. Note, there is (in practicality) no way a purchased list will comply with the recommendations.
... Below is what he adds to each outgoing message.

---<snip>---

To never receive any more jokes ever again click:

unsubscribe[at]domain.com

IMPORTANT: please note that we have purchased this email address - our aim

is not to sell anything, spam or annoy, but simply tell people about our site

and put a smile on their face. By unsubscribing we will respect your privacy

and remove your address. Thank you.

---</snip>---

A pretty piece of sophistry. In my part of the world he would need to convince a Magistrate he was merely perpetrating random acts of kindness (with evidence including a declining bank balance to prove it) to stay within the law. Where you come from? See above comments on legal opinion. Bottom line, he's a spammer. Rule 1 - spammers lie.

Share this post


Link to post
Share on other sites

axxx007, I agree 100% with you... no one wants something they did not subscribe to - but as it's in this spesific case... I do NOT know whether he actually purchased the email addresses / harvested them or used opt-in. When asked about this, the client was very vague and on the second occation said he purchased it (opt-in partners?).

Farelf, thank you for your input too... I have now suspended the clients account and will not be reactivating it. He can go find himself another ISP who has time to deal with these pain in the butt issues.

Many thanks,

Share this post


Link to post
Share on other sites

Can someone please provide general information regarding the buying of email addresses? Is it legal?

It is probably legal to both buy and sell email addresses. That does not make it right to use those addresses.

Legalities differ from state to state, country to country, and often depend on the location the RECEIVER is in, no thte sender.

Share this post


Link to post
Share on other sites

Cases like this are why it is very important to have clear Terms of Service. Most ISPs do not allow spamming, legal or otherwise. Unsolicited bulk email for any reason is stricly against their ToS policies.

This puts the burden on the client, if you get a complaint, they have to prove that the reported actually did subscribe to their list. This would include the date/time they subscribed, the IP address they subscribed from, a copy of the confirmation email that was sent, and the date/time and IP that the subscription was confirmed.

If the "spammer accused" can't provide this information, then it is probable that they are indeed spamming. Multiple reports from different recipients would make it even more likely.

In this case, if you have a good, clear ToS that prohibits spamming, it is very easy to close their account or give them a warning as necessary.

Share this post


Link to post
Share on other sites
Can someone please provide general information regarding the buying of email addresses? Is it legal? What are the requirements for sending out legit marketing email? This information would be used to take appropiate action against offending user and for future refernce.

Reports of a spamertised URL will not get you listed in the SCBL - these are for your information.

That said, if one of my customers started spamming - even if they did not use our SMTP server to send out - I'd give a single warning and then terminate the contract. Our TOS is clear and we don't wish to be associated with anyone who spams.

I'd encourage you to do the same. After, all the next time they might use your server and then you woud get listed.

Andrew

Share this post


Link to post
Share on other sites
Reports of a spamertised URL will not get you listed in the SCBL

And that's a real shame -- the worst news you'll hear all day.

The "Spamvertised" URL is the REASON for sending spam.

If the Spamertised site got blocked soon after the spam barrage

begins, then they lose that revenue stream -- the reason for

sending the spam in the first place.

Most spam comes from a handful of professional spammers.

Clients hire those spammers to generate traffic to their web sites

so they, themselves won't get caught.

If the advertised site is blocked from some pretty big ISPs

(AOL, Earthlink, Verizon, Comcast, etc.,) -- guess what --

they would stop hiring the spammers. Some might even demand

their money back.

That's why reporting email is ineffective and will NEVER stop the spam.

(sheesh, why can't people understand that ??? )

Follow the money trail of online crime, and you'll find the criminal.

Follow the messnger and you'll find a dead end.

(sheesh, why can't people understand that ??? )

Share this post


Link to post
Share on other sites

There are BLs available for handling URLs. However, one needs to install/use those tools .. and be prepared for the performance impact of trying to use that additional parsing ... and of course, noting that spammers have the same tools available so that they can 'work' them to see how to get around them .... see Software Development Life Cycle principles for spam

Share this post


Link to post
Share on other sites
Follow the money trail of online crime, and you'll find the criminal.

Follow the messnger and you'll find a dead end.

(sheesh, why can't people understand that ??? )

Then write a program that tracks and effectively shuts down the spamvertized sites for all the spam people receive (much like SpamCop only with a different objective) and if it works as easily and well as spamcop, people wil be begin using it. I will use it as a supplement to my spamcop reporting, because it works for me.

Another way to look at the same thing, if nobody sees the email going out or clicks on the link/opens the email, they don't find the website and there is no money coming in either.

My goal is not necessarily to stop the spammers. It is primarily to stop the spammers from reaching me. I do send reports for all spam I get, but mostly, I worry about the SCBL because that is what keeps me virtually spam free (1-3/week make it into my Inbox).

Until they started using viruses to open their holes, I was feeling that bl's alone could if not eliminate, at least greatly reduce the threat.

Share this post


Link to post
Share on other sites
Then write a program that tracks and effectively shuts down the spamvertized sites for all the spam people receive (much like SpamCop only with a different objective) and if it works as easily and well as spamcop, people wil be begin using it. I will use it as a supplement to my spamcop reporting, because it works for me.

And to prevent the Topic hijacking situation, this issue is pretty much one of the items being discussed (well, at least brought up) in BotNet scenario

Share this post


Link to post
Share on other sites
And to prevent the Topic hijacking situation, this issue is pretty much one of the items being discussed (well, at least brought up) in BotNet scenario

With the "title" of this topic being "Spamvertised Web Sites" I had no way of knowing the "BotNet Scenario" would be a more appropriate thread for discussions about spamvertised web sites. (I used search word : "spamvertised")

Since the Spamvertised site is the focus of the spam, (understanding that not all spam advertises a web site; a.k.a. 'stocks pump & dump') why is it that no one is really inventing a way to use the spamvertised URL as a target for filtering.

Someone earlier in the thread commented that the IP changes frequently or is unreliable.

However , that shouldn't be an issue when talking DOMAIN blocking. The 'name' of the domain is blockable no matter where the DNS is.

AOL blocks 'spammers' based on the domain name in conjunction to the domain's IP. One of my client's "domain" was blocked by AOL because of a zombie someone within the organization was inflicted with. Exhaustive means to get them white-listed with AOL prooved fruitless. So, I moved the domain to a totally different IP block, on a totally different ISP. Guess what? The domain still blocked.

So, it stands to reason that if spamvertised www.My-PhArMa.com is

a) blackholed, or

B) blocked in the entire DNS system

then that spamvertised domain is no longer usable.

Several years back there was some interest in "FFB" or, "Filters that fight back" ...

This was an excellent concept, and if it were implemented, we probably wouldn't

be seeing ANY spam advertising a domain any more.

See: http://www.paulgraham.com/ffb.html

Note that was in 2003.

At the time, I approached the 'inventer' with an offer to finance the

full programming and testing of that "filter" as a "proof of concept".

It was my intention to release the filter as "freeware" and encourage

people to download and instal it.

I was turned down due to the fears of reprisals from the underworld.

Five other programmers also turned down the assignment due to

the same fears.

The "Anti-spam" community slammed the idea, calling it an

"organized denial of service attack" (CAUCE and others) --

yet legal counsel advised it couldn't be prosecuted as a DOS

because thousands of pings would all be coming from all different

senders -- not trackable, much less prosecutable.

I gave up.

But when that person posted to this thread ...

Then write a program that tracks and effectively shuts down the spamvertized sites for all the spam people receive (much like SpamCop only with a different objective) and if it works as easily and well as spamcop, people wil be begin using it. I will use it as a supplement to my spamcop reporting, because it works for me.

That was a clear vote of approval for such a filter program.

How to deliver it to hundreds of thousands of computers is

yet another challenge.

But, as of today, I still believe the concept has real merit, and

deserves to be tested. If it knocks out spam that advertises a

web site -- porno, etc., then I'm all for it.

Good day

Fred

Share this post


Link to post
Share on other sites
Since the Spamvertised site is the focus of the spam, (understanding that not all spam advertises a web site; a.k.a. 'stocks pump & dump') why is it that no one is really inventing a way to use the spamvertised URL as a target for filtering.

They do. Search for SURBL. http://www.surbl.org/

However, in order to use that BL, the server needs to accept the body of every message and then scan it. I'm not sure you can reject a message after receiving the body (and it sure is going to increase the amount of data required to download).

Share this post


Link to post
Share on other sites
I'm not sure you can reject a message after receiving the body
Some servers can, they issue a 500-series error message for the dot (that terminates DATA).

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0