5 posts tagged “junk mail”

Shame on the following companies today:

Panda Security, for spamming the Medinge Group. While there is always a possibility that forged headers led to our address being subscribed, there was never any confirmation from us, plus I’ve since used all their unsubscribe methods in their spams, and have even written to the company using its feedback form. This is sad for a company that supposedly is looking after home computer security.

Tech2.com: never subscribed, yet the target of spamming for a year at least. We have Tech2.com’s IP addresses manually entered into our server, which means we get a tiny header notification in our trash—signalling that they are still coming. Again, a company that should know better.

   Have other Voxers ever been surprised at who spams, given what their corporate missions are?

Email downloading

I hate days that start like this. Last night, about 20-odd spammers decided to collude and put in one of our addresses—not one of our firm, but one which I get cced on—in the ‘From’ header in their email. Where do the bounces go? Right here.
   I’ve received roughly 2,300 bounces in the last 24 hours.
   My spam filters are pretty good but it’s the sheer time that one needs to download. The morning one was the above—945 messages to download, with roughly 850 of them bounces overnight.
   We had probably reported all of the spammers to SpamCop automatically, and our filtering software probably filed a second report, so it is annoying that so many ISPs left open proxies and unprotected servers for spammers to exploit.
   Many of these were with respectable American firms (e.g. Verizon), plus the usual suspects in Thailand, Red China, Poland, Italy, Hungary and South Korea.
   I’m annoyed at the bounces but I cannot see a second way out. I hate it when I get no bounce from an invalid address or if my email has been delayed. But surely ISPs can recognize offending IP address from blacklists and conclude, ‘Right, this is spam, it is selling Viagra, and we won’t bounce it because there’s a blacklist match.’
   We filed our SpamCop reports when the count was around 400 so I am disappointed that so many ISPs left either their server proxies open or failed to check with their blacklists. Even we have a blacklist that we use here on the work server. As a result, another 1,900 bounces came in during the next 22 hours. Seven megabytes’ worth of traffic.
   The spammers’ techniques themselves are fairly clever: by colluding on spamming (and there was no consistency to what was sent—it included porn, fake watches, Viagra and fake handbags) they try to ensure that if you shut down one, there are still another 20 operating.
   But it gets annoying with the sheer quantity of bounces. I believe this is the third such incident in as many weeks, so I’m waiting for these idiots to move to another domain! They probably have no idea that the latest domain is even connected to us.
   Hey, spammers, instead of creating even more negative karma for yourselves, why don’t you stick in some non-existent addresses into the ‘From’ header? You are assholes already but did you have to go even lower down on the food chain?
   And with all that there were two people, perhaps out of 10,000 spam bounces over the last three weeks, that wrote to us to complain. That’s not too bad. We simply explain to them, as they seem unaware of the nature of spam, that spammers forge ‘From’ fields in email.
   Roughly 40 spam bounces since I began typing this post.

[Cross-posted] There have been a lot of domestic businesses emailing me of late out of fear that, if they sent me more bulk emails, they would violate the new anti-spam legislation that comes into force in New Zealand tomorrow.
   This has been good in the case of NZ Post, to whom I never gave permission to spam me. It has also allowed me to get off another list that I sent a remove request to some time ago that was not honoured.
   But the majority are from businesses that need to communicate with me as a member of the press. Why they need to verify that I wish to continue on their mailing lists seems a waste of time.
   Of course journalists need to continue receiving press releases, and the Unsolicited Electronic Messages Bill, in its final draft form, provides an exception for them.
   The interpretation part of any legislation is always interesting as you an infer some of Parliament’s intent there. ‘Consented to receiving’ means, inter alia:

consent that can reasonably be inferred from—
   (A) the conduct and the business and other relationships of the persons concerned; and
   (B) any other circumstances specified in the regulations;

It goes on to provide other interpretations of consent, e.g. when an email address has been ‘conspicuously published by a person in a business or official capacity; and’ there is nothing to suggest that the person does not want to be spammed; and:

   (C) the message sent to that address is relevant to the business, role, functions, or duties of the person in a business or official capacity; but
(b) does not include the circumstances specified in the regulations from which consent cannot be inferred[.]

   For those businesses (like ours) that have mailing lists that only includes people that have specifically and expressly requested to be on it, then this Act presents no problems. The only ones where we have compiled addresses are press mailings, covered by the definition of consent.
   It shows that by respecting laws over a decade before they are drafted, we are sitting pretty.
   In fact, I am not sure how this law might apply to us, with the only problem being false addresses that are fed in to our request forms. It does mean that we need to keep more records, which is a burden on honest businesses.
   We, and the many emailing us, may actually have a final out, with the following not qualifying as unsolicited commercial email (UCE):

provides notification of factual information about a subscription, membership, account, loan, or similar relationship involving the ongoing purchase or use by the recipient of goods or services offered by the person who authorised the sending of the message, or the recipient’s ongoing subscription, membership, account, loan, or similar relationship;

which largely covers notices that we send out.
   I wanted an anti-spam law here in New Zealand because I was getting unsolicited junk email from the ACT Party over the course of maybe one year. But when one considers the bigger picture, the majority of spam in New Zealand is not from New Zealanders. The majority is from American, Russian and eastern European countries, often routing through Far East servers. And this act does nothing to prevent them.
   In that frustration, I foresee a rush to judgement by regular people now panicked by all these extra-cautious requests from companies. What if they had signed up to a list and forgot about it? Does this Act now arm them, making them into amateur Perry Masons who believe that they have one up on legitimate, honest companies? Honest people will be pursued.
   In such a case, is it fair to shift the onus of proof on to the sender, when the sender might not have kept records prior to the Act coming in to force of the original subscribe request?
   I believe honest companies can discharge the onus of proof by providing evidence of how their emailing lists are compiled. In our case, we send an initial email, outlining that someone had signed up with that address. We ask the recipient to notify us immediately in case of fraud. Since 2006, we send out two emails to confirm the fact (one acknowledgement, one confirmation) with clear removal and feedback links.
   Sorry, Kiwis, tomorrow will not be a spam-free day. We will receive as many spams about penis enlargements, drugs and porn as we did today. The same SOBs will email us about wins in lotteries we never entered, or ask if we can transfer funds for some ousted African dictator. It targets the wrong people, but then, Parliament cannot exactly enact laws that go outside our borders—and that is where spam mostly comes from.

Disclaimer: don’t rely just on me. Seek legal advice.

I swear I never signed up to anything from Ziff–Davis’s Eweek, yet here I am, receiving their spam. And it’s not the first time I have had something from this firm, which I always took to be respectable. Hence, today, I had to write.

Date: Thu, 22 Mar 2007 12:55:42 +0000
To: wbg@enews.webbuyersguide.com
From: Jack Yan
Subject: Re: Running a managed services business: The fundamentals
In-Reply-To: <20070322124922.3DEC4D53026E7@smtp.enews.webbuyersguide.com>

Hi guys:

For the last few weeks, each time I unsubscribe from a Ziff–Davis mailing, I find I am automatically put on to another one. I unsub from that, and then find myself on another one. What's happening?! Can you please just stop sending me these, and not subscribe me to anything else?! Remove means remove!

Sincerely,

Jack Yan

   The only Ziff–Davis newsletter I ever subbed to was for Publish magazine, and that’s it. I’m sick of having to go to the company’s site to unsubscribe myself from newsletters I have not even heard of. In fact, I’m removing myself from anything from their company, effective today.
   These weird ones began when CIO began spamming me in July 2005 with a ‘complimentary subscription’. Baseline spam started in December 2006. Eweek began in March 2007. Ziff–Davis event emails began in March 2007 as well.
   If anyone from Ziff–Davis is reading: remove means remove. Don’t keep spreading my email address all over your corporation.

PS.: Well, that was amazing. Mary Hart from Ziff–Davis read this, and instantly responded. Now, that’s someone who cares about the company. I have to say I am impressed by their taking responsibility. It’s very easy for those of us outside the US to presume the worst in corporate behaviour, and this really helps restore a little bit of that old reputation.

We received a Google notification about your blog on March 22nd regarding spam from the Ziff Davis Web Buyer’s Guide. I checked our system and noted that the same day you posted that blog, you successfully unsubscribed from the Channel Update (which you were on as a former member of Publish); Publish, CIO Insight and Web Professional s. I’ll go one step further and completely remove your information from the newsletter system so that you don’t ever receive any unwanted mailings from us again.

For the last few months, my Blogger account gets around eight to twelve blog spams a day. These are folks who use automated programs to feed in fake comments, containing their URLs, into blogs. The good thing about Vox is that, knock on wood, I have been free of this junk.
   I have to wonder whether blog spammers are plain wasting their time. Comments on my other blog are moderated. When their posts appear, they are blindingly obvious. Most are signed ‘Anonymous’ and in the first-line preview that Blogger gives you, it’s clear their words have nothing to do with the post.
   Blog spammers simply are making blogs about as useless as email. I remember when email communications were more collegial, respectful. Now, most of email is spam. For a time in 2006, I would surf the blogs first, then check my emails, because I didn’t want to deal with spam (today, McAfee SpamKiller, admittedly, does a reasonable job and my inbox remains around the 80 mark).
   Some folks, for whom blogging is just a hobby, will leave the blogosphere, and then to whom will the blog spammers market?
   And, let’s face it, who is dumb enough to buy off those cretins anyway? Get with the 21st century: consumers have become more and more savvy, and, blog spammers, no one gives two hoots about you or the crap you are flogging.