The Federal Government Sanctioned Spam Trap

by Tom Adelstein

Would you like to buy a mailing list and start a Broadcast Campaign? Then just put some kind of message at the bottom of the email that says unsubscribe or opt-out and a physical address like 201 Mullview Place, Bigfoot, Montana 59106. Make sure you have a subject line and a header.

If you did that you just fulfilled the requirements for broadcasts or blind spamming. You can also make the opting out mechanism as difficult as possible. For example, I attempted to opt out of a newsletter to which I didn’t subscribe and when I got to the company’s web site, it asked me for a password. To get a password, I had to register. You can draw your own conclusion.

The term Broadcast is a euphemism for spamming anybody. If you want a mailing list, you can hold a contest for something like a hot car or a mink coat and make sure each entry has a line for an e-mail address. Why an e-mail address? So, the department store can e-mail you if you win? Somehow that seems a little deceitful to me. The law says you just opted-in and triggered a transaction or triggerd e-mails, which differ from Broadcast e-mail.

You can build a mailing list at any of your chain establishments. Brick and Mortar businesses with a national presence seem safe enough. Can you imagine the military buying lists and broadcasting for recruits from something like your national chain restaurant? They do.

Collecting e-mail addresses and selling them is legal. You can also ask for marriage status, phone numbers, age, interests and so forth. That seems benign enough. After all, you gave your name and e-mail address to your friendly high-class restaurant chain.

Companies use those e-mail demographics to determine what message to send you and what products to entice you. After a few clicks and printing a coupon on-line, they have almost everything they need. Now, they can manipulate your on-line behavior until you either buy something or not. If your e-mail returns they can determine if you have a full inbox or cancelled your account when you moved from Atlanta to Oregon. The e-mailer calls those hard and soft bounces. The soft bounce? E-mail them again.

Different Kinds of e-mail Campaigns

Let’s review the difference between a Broadcast campaign and a Transactional campaign. Senders also call the latter a triggered e-mail. The law says that if you take some action to cause a response, you moved into the Transactional pool. That changes the game. The requirements to provide a mechanism to unsubscribe or opt-out is not required. Also, the sender does not have to provide a physical address. Imagine some company having you on their permanent spam list. How do you get off?

Some company’s have scruples and will only send you a receipt for something you purchase on-line. I can live with that. They do not keep a data warehouse of everything they know about you. The temptation remains though especially if they receive visits from email service providers who explain how they can manipulate you to either buy something on-line or visit the company store.

Who are these ESPs and what do they do?

The big players include Cheetamail, SmartDM, @Once, Bigfoot Interactive, ExactTarget, Silverpop, Zustek, Yesmail, e-Dialog, Responsys and many smaller companies. Their clients would surprise you. If you knew the clients, you might avoid them. Look for case studies on their web sites.

Now, we can add another surprise by telling you that the major Credit Bureaus have gone on a buying spree to grab these ESPs. Imagine what kind of spam you could get with the information supplied by a Credit Bureau like Experian. Well, they have done it. Experian purchased HitWise who collects and aggregates information on over 25 million consumers in the U.S., U.K., Australia and other countries in Asia Pacific.

Hitwise should expand those numbers dramatically with a database company. Experian already had Exactis for e-mail delivery and added Cheetahmail at the end of last year. We also have information that the other Credit Bureaus are on the prowl or have already made purchases. We just do not know yet.

The e-mail service provider (ESP) is supposed to deliver mail and that’s all. They do much more. The e-mail is sent by the ESP’s servers and the header is an alias that looks like it’s coming from the company you thought sent the e-mail. That's how the ESP collects information and gives it to their client.

The ESP can collect a lot of data such as who clicks what links, how segments of the population responds to different messages and integrate with web analytic firms like a HitWise or ClickTracks, VisiStat, Coremetrics, Google Analytics, CoreMetrics, OpenTracker, IntelliTracker, and so forth.

Note: How do you like Google going into this busiess? I think it's a travesty. Does Google need this revenue?

These Web Metrics firms even have a professional association called The Web Analytics Association.org. They publish articles like other associates and hold seminars in various cities and so forth.

Congress passed the Controlling the Assault of Non-Solicited Pornography And Marketing Act of 2003 known as Can-Spam. They turned the regulation over to the FTC. Congress seems to have moved on to more pressing issues like funding the war.

What are the Differences between Can Spam and FBI Phone Taps?

Perhaps your privacy is invaded and no one seems to care. FBI phone taps and the Patriot Act get media attention. When a marketer for a big department store follows your actions when they send an e-mail and uses a host of strategies to move you from a casual observer to a buyer using psychological incentives that does not get media attention.

Congress and the courts speak about privacy, but how much privacy do you see when you receive a purchase confirmation from iTunes when a part of the e-mail real estate has advertisements designed to lure you back. iTunes collects your purchase behavior and offers you the opportunity to make an impulse buy. The FTC allows part of a purchase confirmation to contain advertising.

You know what I mean. When you wait at the checkout counter at the grocery store, you will see plenty of candy and magazines like the National Inquirer and Cosmo where Brad begins seeing Jen again.

Marketers using e-mail as part of a comprehensive marketing campaign have more tools and techniques with which to work. It may not seem like a criminal action, but who is going to do anything about it and make it a criminal action? Do you think your privacy has been violated? Or do you think by surfing the web you give people permission to follow you around and use psychological techniques to move you to web sites?

Is this Adware?

Unfortunately, you don't become a broadcast machine. You have given someone your personal information either by initiating an on-line sale or opting-in to one of their newsletters. When you register at a web site for a trial download, you've done the same thing. The marketer has also captured your IP address and your ISPs information.

Recently, I downloaded a 30 day trial version of some expensive software. The next day, I received more SPAM in a single day than I have in any single day in two years. The e-mail marketer can use SpamAssassin in reverse. They can analyze their e-mail to see if they can lower their key words to make it by an ISP blocking SPAM.

What can you do?

I don't know all the ways to avoid this insideous situation. I began buying Visa gift cards to protect my credit card account. I consider the extra cost insurance. I have a firewall with NAT, but that doesn't do much because my IP address still gets transmitted. I also have stopped registering at web sites. When I have to do that, I use an e-mail address other than my main one.

I still feel trapped. Maybe Jimmy Page said it best in Stairway to Heaven: Don't it make ya wonder?

Tom Adelstein currently works as a contract technical writer in the Information Technology Field. In March 2007, his latest O'Reilly Book, Linux System Administration was released. Tom's home web site Open Source Today has tips and techniques for system administrators and Open Source VARs.