The Federal Government Sanctioned Spam Trap

Would you like to buy a mailing list and start a Broadcast Campaign? Then just put some kind of message at the bottom of the email that says unsubscribe or opt-out and a physical address like 201 Mullview Place, Bigfoot, Montana 59106. Make sure you have a subject line and a header.

If you did that you just fulfilled the requirements for broadcasts or blind spamming. You can also make the opting out mechanism as difficult as possible. For example, I attempted to opt out of a newsletter to which I didn’t subscribe and when I got to the company’s web site, it asked me for a password. To get a password, I had to register. You can draw your own conclusion.

The term Broadcast is a euphemism for spamming anybody. If you want a mailing list, you can hold a contest for something like a hot car or a mink coat and make sure each entry has a line for an e-mail address. Why an e-mail address? So, the department store can e-mail you if you win? Somehow that seems a little deceitful to me. The law says you just opted-in and triggered a transaction or triggerd e-mails, which differ from Broadcast e-mail.

You can build a mailing list at any of your chain establishments. Brick and Mortar businesses with a national presence seem safe enough. Can you imagine the military buying lists and broadcasting for recruits from something like your national chain restaurant? They do.

Collecting e-mail addresses and selling them is legal. You can also ask for marriage status, phone numbers, age, interests and so forth. That seems benign enough. After all, you gave your name and e-mail address to your friendly high-class restaurant chain.

Companies use those e-mail demographics to determine what message to send you and what products to entice you. After a few clicks and printing a coupon on-line, they have almost everything they need. Now, they can manipulate your on-line behavior until you either buy something or not. If your e-mail returns they can determine if you have a full inbox or cancelled your account when you moved from Atlanta to Oregon. The e-mailer calls those hard and soft bounces. The soft bounce? E-mail them again.

Different Kinds of e-mail Campaigns

Let’s review the difference between a Broadcast campaign and a Transactional campaign. Senders also call the latter a triggered e-mail. The law says that if you take some action to cause a response, you moved into the Transactional pool. That changes the game. The requirements to provide a mechanism to unsubscribe or opt-out is not required. Also, the sender does not have to provide a physical address. Imagine some company having you on their permanent spam list. How do you get off?

Some company’s have scruples and will only send you a receipt for something you purchase on-line. I can live with that. They do not keep a data warehouse of everything they know about you. The temptation remains though especially if they receive visits from email service providers who explain how they can manipulate you to either buy something on-line or visit the company store.

Who are these ESPs and what do they do?

The big players include Cheetamail, SmartDM, @Once, Bigfoot Interactive, ExactTarget, Silverpop, Zustek, Yesmail, e-Dialog, Responsys and many smaller companies. Their clients would surprise you. If you knew the clients, you might avoid them. Look for case studies on their web sites.

Now, we can add another surprise by telling you that the major Credit Bureaus have gone on a buying spree to grab these ESPs. Imagine what kind of spam you could get with the information supplied by a Credit Bureau like Experian. Well, they have done it. Experian purchased HitWise who collects and aggregates information on over 25 million consumers in the U.S., U.K., Australia and other countries in Asia Pacific.

Hitwise should expand those numbers dramatically with a database company. Experian already had Exactis for e-mail delivery and added Cheetahmail at the end of last year. We also have information that the other Credit Bureaus are on the prowl or have already made purchases. We just do not know yet.

The e-mail service provider (ESP) is supposed to deliver mail and that’s all. They do much more. The e-mail is sent by the ESP’s servers and the header is an alias that looks like it’s coming from the company you thought sent the e-mail. That's how the ESP collects information and gives it to their client.

The ESP can collect a lot of data such as who clicks what links, how segments of the population responds to different messages and integrate with web analytic firms like a HitWise or ClickTracks, VisiStat, Coremetrics, Google Analytics, CoreMetrics, OpenTracker, IntelliTracker, and so forth.

Note: How do you like Google going into this busiess? I think it's a travesty. Does Google need this revenue?

These Web Metrics firms even have a professional association called The Web Analytics Association.org. They publish articles like other associates and hold seminars in various cities and so forth.

Congress passed the Controlling the Assault of Non-Solicited Pornography And Marketing Act of 2003 known as Can-Spam. They turned the regulation over to the FTC. Congress seems to have moved on to more pressing issues like funding the war.

What are the Differences between Can Spam and FBI Phone Taps?

Perhaps your privacy is invaded and no one seems to care. FBI phone taps and the Patriot Act get media attention. When a marketer for a big department store follows your actions when they send an e-mail and uses a host of strategies to move you from a casual observer to a buyer using psychological incentives that does not get media attention.

Congress and the courts speak about privacy, but how much privacy do you see when you receive a purchase confirmation from iTunes when a part of the e-mail real estate has advertisements designed to lure you back. iTunes collects your purchase behavior and offers you the opportunity to make an impulse buy. The FTC allows part of a purchase confirmation to contain advertising.

You know what I mean. When you wait at the checkout counter at the grocery store, you will see plenty of candy and magazines like the National Inquirer and Cosmo where Brad begins seeing Jen again.

Marketers using e-mail as part of a comprehensive marketing campaign have more tools and techniques with which to work. It may not seem like a criminal action, but who is going to do anything about it and make it a criminal action? Do you think your privacy has been violated? Or do you think by surfing the web you give people permission to follow you around and use psychological techniques to move you to web sites?

Is this Adware?

Unfortunately, you don't become a broadcast machine. You have given someone your personal information either by initiating an on-line sale or opting-in to one of their newsletters. When you register at a web site for a trial download, you've done the same thing. The marketer has also captured your IP address and your ISPs information.

Recently, I downloaded a 30 day trial version of some expensive software. The next day, I received more SPAM in a single day than I have in any single day in two years. The e-mail marketer can use SpamAssassin in reverse. They can analyze their e-mail to see if they can lower their key words to make it by an ISP blocking SPAM.

What can you do?

I don't know all the ways to avoid this insideous situation. I began buying Visa gift cards to protect my credit card account. I consider the extra cost insurance. I have a firewall with NAT, but that doesn't do much because my IP address still gets transmitted. I also have stopped registering at web sites. When I have to do that, I use an e-mail address other than my main one.

I still feel trapped. Maybe Jimmy Page said it best in Stairway to Heaven: Don't it make ya wonder?

Tom Adelstein currently works as a contract technical writer in the Information Technology Field. In March 2007, his latest O'Reilly Book, Linux System Administration was released. Tom's home web site Open Source Today has tips and techniques for system administrators and Open Source VARs.

Comments

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

Is there no escape from it?

Anonymous's picture

I noted with amusement that the first thing I saw below this article was the following:

Special Magazine Offer -- Free Gift with Subscription
... CLICK HERE for offer

Another obvious marketing ploy, and yes, they will undoubtedly collect and use e-mail addresses.

Hey--this is the capitalist way of life. After a lifetime of enduring non-stop marketing advertising, I've resigned myself to the fact that the best I can do--all I can do--is defend myself, i.e., my mind, my privacy and my wallet. I think most people that weren't born yesterday do the same.

Power to the spam blockers, filters and destroyers!

thanks

mario's picture

thanks

Paranoid much?

analytics_dude's picture

While I do appreciate your concern for privacy, I feel like I've reached my monthly quota of paranoia after reading this article. Seriously, do you live in a bunker? Every time you walk into a retail store (especially the big boxes), your every move is videotaped and potentially analyzed by marketers. Why do you think your grocery store rearranges the inventory every couple of years? They are simply optimizing the buying experience. Online marketers should be allowed to do the same with the tools they have available. If that still creeps you out, just turn off JavaScript and cookies in your browser and see how much fun you have online then.

Paranoid much?

Author's picture

I don't have a concern for privacy. Paranoia is a personality disorder. Generalizations like "every time"...leaves few options. In a nutshell, give me a break. I wonder if you read the article.

I wonder if the future

Manuel's picture

I wonder if the future brings a better solution to the spam problem. Even with a good filter I receive about 50 spam messages in my inbox daily!

another neat trap for spammers

TK's picture

Go to http://www.kalfaoglu.com and see the link at the very bottom of the page. yep go ahead and click it. you will get a randomly generated web page with lots of fake emails, and many LINKS. all the links generated however, point BACK to that same page. so the harvesters go into a loop :) filling databases with crappy email addresses.
try refreshing the page - or follow a non-mailto link on that page. heh heh.. I wrote it in Object Rexx. Regards, -t

Interested in sharing this neat little tool of yours?

Terrell Prude' Jr.'s picture

Hmm...this does looks pretty darned cool. Would you be interested in making it available for download? I'm a former mainframe REXX programmer, from back in the procedural days, and I'd like to try it out...perhaps even tweak it to make a bunch of "greytrap" email addresses for OpenBSD spamtrappers.

Would you be willing?

--TP

One very effective way to deal with this problem

Terrell Prude' Jr.'s picture

Consider implementing OpenBSD's spamd tarpit...and specifically, use the greytrapping option. No, I don't mean greylisting, though this is also helpful. I mean greyTRAPPING. It works like this.

You set up your spamd, get it working, and then add a fake email address to its "spamdb." An example would be "myspamtrap@mydomain.com". Since this is a fake email address that you're making up, we know that anyone who sends email to it is automatically a spammer. Why? You don't give it to people you *want* to talk with. :-)

Now, the spammer somehow gets this fake email address and tries to send email to it. Spamd will consult its "spamdb" table, see that the recipient is "myspamtrap@mydomain.com", and immediately blacklist and tarpit the spammer's IP address. It is *VERY* effective. Furthermore, even if that spammer has your real email address, the spammer's still *very* likely to get tarpitted before it can send you email. This is due to how spamd works.

Another way to get this fake "greytrap" email address into spammers' databases is to include it as a link in a Weblog post, like the one I just did. Take a close look at the word "link" in the previous sentence. It's a hotlink, and no, it's not my real email address. This way, a human won't be likely to send email to it, since they don't see it...but a spam harvester bot, heh heh, *will* see it. I leave it as an exercise for you to figure out how to make it less visible; it's not hard. I have several users on my mail server (most of them now GNU/Linux users), and I've taught every one of them this trick. There are now, therefore, several "greytrap" email address on the cmosnetworks.com domain, and they love the reduction in spam that they see.

I wrote an article on how to do all of this on www.linux.com. Here it is:

http://www.linux.com/feature/114261

--TP

Spamers are like peverts hiding in the bushes !

Anonymous's picture

They are just COWARDS. SLIME. SCUM. BOTTOM FEEDERS.

Throw your e-mail address away.

PUBLISH THE LIST OF MAJOR COMPANIES THAT DO THIS AND EXPLAIN IT IN TERMS THAT THE GENERAL PUBLIC CAN UNDERSTAND, AND PUT IT ON YOUTUBE !

Spamers are like peverts hiding in the bushes !

Anonymous's picture

They are just COWARDS. SLIME. SCUM. BOTTOM FEEDERS.

Throw your e-mail address away.

PUBLISH THE LIST OF MAJOR COMPANIES THAT DO THIS AND EXPLAIN IT IN TERMS THAT THE GENERAL PUBLIC CAN UNDERSTAND, AND PUT IT ON YOUTUBE !

Spamers are like peverts hiding in the bushes !

Anonymous's picture

They are just COWARDS. SLIME. SCUM. BOTTOM FEEDERS.

Throw your e-mail address away.

PUBLISH THE LIST OF MAJOR COMPANIES THAT DO THIS AND EXPLAIN IT IN TERMS THAT THE GENERAL PUBLIC CAN UNDERSTAND, AND PUT IT ON YOUTUBE !

Spamers are like peverts hiding in the bushes !

Anonymous's picture

They are just COWARDS. SLIME. SCUM. BOTTOM FEEDERS.

Throw your e-mail address away.

PUBLISH THE LIST OF MAJOR COMPANIES THAT DO THIS AND EXPLAIN IT IN TERMS THAT THE GENERAL PUBLIC CAN UNDERSTAND, AND PUT IT ON YOUTUBE !

Spamers are like peverts hiding in the bushes !

Anonymous's picture

They are just COWARDS. SLIME. SCUM. BOTTOM FEEDERS.

Throw your e-mail address away.

PUBLISH THE LIST OF MAJOR COMPANIES THAT DO THIS AND EXPLAIN IT IN TERMS THAT THE GENERAL PUBLIC CAN UNDERSTAND, AND PUT IT ON YOUTUBE !

Spamers are like peverts hiding in the bushes !

Anonymous's picture

They are just COWARDS. SLIME. SCUM. BOTTOM FEEDERS.

Throw your e-mail address away.

PUBLISH THE LIST OF MAJOR COMPANIES THAT DO THIS AND EXPLAIN IT IN TERMS THAT THE GENERAL PUBLIC CAN UNDERSTAND, AND PUT IT ON YOUTUBE !

disposable email addresses

Anonymous's picture

I'm lucky in that all my email comes into my GNU/Linux machine
via SMTP and I can control my own /etc/aliases file to create
new email addresses at will. I use this freedom to use disposable
email addresses when forced to sign up for something, or when I
buy something on-line. For instance, a line in /etc/aliases might
read

bigvendor: myrealaddress

By doing this I can track which on-line outfits are selling my
email address, and I can also remove the entry from /etc/aliases
causing those emails to bounce, and without puting my real email
address in as much jeopardy. This has worked quite well for me.
It seems that out of 50-75 email addresses of this type, I've had
two vendors do bad things with the address I gave them. Another
5 or so addresses were for mailing lists I subscribed to that
somehow got hacked. An example of this is that I signed up for
the GnuCash mailing list a very long time ago, and I quit the
list a year or two ago. I still see spam bounces to that email
address, and I imagine that the address was stolen and is being
resold.

Good luck to us all....

Do you even know what web analytics is?

KenP's picture

In reference to your "Who are these ESPs and what do they do?"
Google Analytics and email service providers?? and then the WAA??

why are you putting business intelligence software and a professional organization for web business analysts in the same category as a marketing firm that specializes in email marketing. "Note: How do you like Google going into this business?" OK lets blame a Google web reporting tool for spam.

Tell me with the overkill of ads.livejournal.com code on your site and the ungodly weight for your site to finish loading. No one looks at any data to see click throughs? How do you measure your ROI for your website?

With the extreme misconceptions in this article I strongly question the integrity of this website and its information.

Your W2

Anonymous's picture

Does your W2, Dividend checks etc have Google printed anywhere?

yes, and no

SEO Toronto's picture

I'll agree with you that this article has some pretty basic misconceptions. But then again, the author's most likely not an email marketer, and probably not as intimately familiar with all the concepts as some of us. All in all, he raises some decent points, though nothing extraordinarily profound.

Liar, Liar pants on Fire

TA's picture

Do either of you work in the industry? This article has nothing to do with what I know or don't know about the web analytics or so-called e-mail marketing. You appear to have a vested interest in this. Instead of attacking the author, contradict the points and make a case for using web analytics like Coremetrics, for example, and let the readers know exactly what happens on the web sites they visit. And while you're at it, tell them about the little transmitter in the e-mail that reports back to the esp. Just average? Right.

The author are not that far away from the truth IMO

Devenia Internet Marketing's picture

Email marketing and tracking is - and has been a horrible problem for most consumers and companies. I agree with the author fully.

The only solution we could find in our company to not get spammed to the point where using mail was pointless, was to switch to Google Mail for companies (or whatever they call it). Spam Assasin had no chance to stop the spamming.

Actually, there *is* another solution

Terrell Prude', Jr.'s picture

You should keep your SpamAssassin. Just put an OpenBSD spamd gateway in front of it. It will reduce the load on your SpamAssassin greatly and virtually eliminate your spam problem.

Interesting. Can the OpenBSD

Devenia Internetowy Marketing's picture

Interesting. Can the OpenBSD spamd gateway be on the same machine? We do not have the server inhouse.

for some reason, the company

Anonymous's picture

for some reason, the company that manages gmail does not inspire a lot of confidence in me. it has been recently singled out as the WORST company for privacy.

Different in the UK

Alec's picture

Just as a starter - I work in Marketing so you can accuse me of bias if you want:

I would have said that most companies use their web analytics software to enhance your user experience. As soon as you stop allowing them to do their job you are effectively making it difficult for a company to work out how best to get you to where you want to be. Biting your own nose off to spite your face. The WAA isn't actually set up for the Web Analytics vendors, it's set up for Web Analysts working for companies. There is probably one looking at what is going on with this website now (how else do you know how many people read your article :)).

Ditto with ESPs. If the address your email gets sent from gets blacklisted from hotmail, gmail, etc, it means that you won't get any of your emails delivered. Using this nice tracking gif means that we can send you emails that you want. The ones that you (and me as well) get sent that we don't want are an annoyance, but you can block them really easily and their Business will crash. Emails aren't free to send out and most people are starting to use them for real ways of communicating with customers. In fact, underestimating the effect that spamming can have on your brand is criminal. The unsolicited ones we get will peter out as people in a relatively new market realise this.

Maybe the laws on providing data are a little different in the UK though, I hardly ever have spam, despite not worrying about providing my details.

that is true

mika's picture

Nowdays google also kicks spammers ot of their index.

White Paper
Linux Management with Red Hat Satellite: Measuring Business Impact and ROI

Linux has become a key foundation for supporting today's rapidly growing IT environments. Linux is being used to deploy business applications and databases, trading on its reputation as a low-cost operating environment. For many IT organizations, Linux is a mainstay for deploying Web servers and has evolved from handling basic file, print, and utility workloads to running mission-critical applications and databases, physically, virtually, and in the cloud. As Linux grows in importance in terms of value to the business, managing Linux environments to high standards of service quality — availability, security, and performance — becomes an essential requirement for business success.

Learn More

Sponsored by Red Hat

White Paper
Private PaaS for the Agile Enterprise

If you already use virtualized infrastructure, you are well on your way to leveraging the power of the cloud. Virtualization offers the promise of limitless resources, but how do you manage that scalability when your DevOps team doesn’t scale? In today’s hypercompetitive markets, fast results can make a difference between leading the pack vs. obsolescence. Organizations need more benefits from cloud computing than just raw resources. They need agility, flexibility, convenience, ROI, and control.

Stackato private Platform-as-a-Service technology from ActiveState extends your private cloud infrastructure by creating a private PaaS to provide on-demand availability, flexibility, control, and ultimately, faster time-to-market for your enterprise.

Learn More

Sponsored by ActiveState