ARF: Now a Proposed Standard

Posted by Al Iverson on Wednesday, September 1, 2010
Labels: , , / Comments: (0)
ARF (Abuse Reporting Format), a simple specification that enables senders of email abuse reports (like, spam complaints and feedback loop reports, for example) to easily and appropriately encapsulate those reports in a way that ensures the receiving site will have all the information it needs to properly parse the report and identify the responsible party or process.

ARF was already on track to become a standard, as multiple ISPs' feedback loops were already in ARF format. Now, that process has taken a more formal step forward, as RFC5965 was just published by the IETF: An Extensible Format for Email Feedback Reports.

Stupid Search-Trick Watch: Content Thieves Strike!

Posted by Al Iverson on Tuesday, August 31, 2010
Labels: / Comments: (0)
Here's Ken Magill's take on Co-RegData.com theft of my blog content.

(xx301yz89901112aaaah33q3q3qbw)

Newegg.com: How not to handle a spam complaint

Posted by Al Iverson on Monday, August 30, 2010
Labels: , , / Comments: (0)
My old friend Mike Horwath relates his tale of Newegg.com doing just about everything wrong in response to a spam complaint. Spamming him again after he contacted you, then holding up the phrase "you've been removed" as if it means you've really resolved the issue, implying that the mail must be OK because it "is CAN-SPAM compliant," implying that the spam reporter is lying about the mail being spam, etc.

The smarter among us already know that mail is not spam just because it is CAN-SPAM compliant. Mike doesn't care that the mail was CAN-SPAM compliant, and neither do ISPs. They care about permission and relevancy -- two areas in which Newegg.com has let Mike down with this issue.

Co-RegData.com: Content Thieves

Posted by Al Iverson on Friday, August 27, 2010
Labels: , / Comments: (2)
Co-regdata.com seem to be pirating content from my own site here at Spam Resource dot com.

Example stolen content: http://www.co-regdata.com/2010/08/27/ken-magill-returns-45th-edition/

That seems to be a duplicate copy of my post about Ken Magill's new website. Oddly, they removed Ken's website URL and replaced it with their own.

If you're looking for a reputable co-reg data provider or lead generation partner, co-regdata.com might be a poor choice. If they're taking my content and using it in an unethical manner, without my consent, that doesn't give me high confidence about their ethics when it comes to lead generation.

(Thanks for reporter Ken Magill for giving me a heads up about these guys.)

Ken Magill Returns

Posted by Al Iverson on Wednesday, August 25, 2010
Labels: , / Comments: (0)
Number one (in my personal estimation) industry reporter Ken Magill has returned, and in his first newsletter, he drops a interesting tid-bit: apparently Goodmail is for sale. Read it here.

Don't forget to visit Ken's website and sign up for his newsletter -- you can find it over at www.magillreport.com.

Spammer Claims that he is a Victim

Posted by Al Iverson on Tuesday, August 3, 2010
/ Comments: (0)
Laura Atkins reports on an article from the SJ Mercury News, where, for some odd reason, a spammer is given a platform to cry about how Spamhaus hates him. I don't quite understand, as it is Godaddy who suspended the guy's service. Maybe Spamhaus isn't the only organization out there that hates spam? Most internet service providers and email service providers would shut this guy's access off in a heartbeat, after learning that he's purchasing lists. Why? Because it's spam. But it's legal? OK, it's legal, but irrelevant. It's still spam.

Google: Bulletproof Hosting Provider

Posted by Al Iverson on Tuesday, July 20, 2010
Labels: , , , / Comments: (2)
Today's post is from Laura Atkins of Word to the Wise. She relates a frustration that I personally share: Google's seeming lack of caring about abuse emanating from their own networks and services. She writes:

Are you a spammer or a potential spammer? Do you want bullet proof hosting that allows you to send out all the spam you want? Do you not want to have to deal with upstream abuse desks asking you annoying questions about when a complainant opted-in? Do you not want to have to even comply with CAN SPAM?

If the answer to any of these questions is yes, you should do what one Spanish speaking spammer has done and set up all your services through Google. SeƱor spammer has a Gmail address and a Google group. Three or four times a day I get two emails from said Google group advertising real estate.

Google, of course, doesn’t care. Complaints to abuse@google.com and abuse@gmail.com are totally ignored. Complaints to abuse@googlegroups.com are bounced with “user unknown.”

I brought this up on a private mailing list where some former and current Google employees participate. A past employee confirmed my suspicion that Google cares nothing about abuse or spam and doesn’t have an actual working abuse desk.

A current employee told me that I should just unsubscribe, or log into Google and report the group as spam, but do NOT email him directly about it. There is no link to “report as spam” for this group and, when I tried to unsubscribe, I was directed to log into Google in order to confirm my unsubscription.

So there you have it. The way to spam in a completely protected way is to set yourself up on Google. They don’t have an abuse desk, they don’t have any policy enforcement and they don’t even let your victims unsubscribe.

What of SRV?

Posted by Al Iverson on Tuesday, July 13, 2010
/ Comments: (1)
So, SRV records help you publish data for your domain, helping for easy (or auto) configuration of an email client for using mail at that domain. Should I implement SRV records for my domain? Is it widely used by MUAs or mobile devices like iPhones and Android Phones? Is it a security risk to tell people where my IMAP/POP3 servers live? What do you think?

Does the First Amendment forbid spam filtering?

Posted by Al Iverson on Monday, July 12, 2010
Labels: , , / Comments: (1)
I asked fellow blogger (and email expert) John Levine the following: "The Supreme Court overturned the Jaynes conviction on First Amendment grounds, yes? I'm wondering what that could mean from the spam filtering perspective." Find his very detailed answer here.

Is it OK to block political speech?

Posted by Al Iverson on Friday, July 2, 2010
Labels: , , , / Comments: (6)
I've been talking to folks a lot these past couple of days about the potential legalities around blocking unwanted spam from non-profit, political or advocacy senders. From what I understand, this is pretty likely to be legal. The first amendment limits government action as it relates to restricting speech. But the first amendment doesn't apply to private parties; there is no constitutional "right" that private party number one must accept a message from private party number two. That seems cut and dry. CAN-SPAM certainly doesn't touch on it; it doesn't say a spam filterer can't block certain kinds of messages.

But, is it right? What if you run an ISP, or a blacklist, and you choose to list or reject mail from somebody sending mail with a political purpose? Is that ethical? Should it be allowed?

I think that blocking that kind of mail should be allowed. I believe that it is the right thing to do. Why? Here's my take.
  • Spam is spam is spam is spam. The reasoning behind it doesn't matter. The content doesn't matter. The amount of goodness in your heart doesn't matter. It's unwanted bulk garbage, regardless. If the recipients didn't ask for it, and you're adding them to a list and blasting to them, you're spamming, and blocking spam is the right, expected thing to do.
  • Commercial vs non-commercial doesn't matter. If you're advocating your position to me, you're still trying to sell me something - your point of view.
  • Disallowing ISPs to use their best efforts to block this kind of thing is kind of like forcing me to open my front door and allow you to bring your trumpet in and blow it in my face. Or forcing me to turn my TV on and have to keep it on the channel you specify.
  • It's not like driving a sound truck down the public way with the speakers blasting ads for a political candidate. It's like forcing the truck into my private garage. My email inbox, and the ISP server where they reside are not the public way. They're private space, reserved for exclusive use of those who live there.
  • It's not like "equal time for all candidates" in the broadcast media, ala the Fairness Doctrine. ISPs and spam filterers are not government-licensees of a public resources. The mail servers you and I are using at the ISPs you and I are using a wholly connected via private interconnected networks.
  • It's not neighborly to send me garbage I didn't ask for. People have wildly varying political views. Forcing those views into the inboxes of people, many of whom are going to disagree with that opinion, isn't going to make you many friends. I'm already decided on whether or not I am pro-choice or pro-life; do you REALLY think your spam is going to suddenly get me to reconsider?
And whatever you do, don't tell me it's a political conspiracy when somebody starts blocking your political or advocacy mail. Spam filters block spam. The vast majority of spam filters are data driven and have much less to do with the content of what you're sending. Complaints and spamtrap hits driving a blacklisting or blocking issue have nothing to do with your political point of view and everything to do with poor list practices.

MoveOn cried "it's a conspiracy!" back in 2006 when they got blocked by AOL, but their claims and whines were thoroughly and completely rejected by just about the entire world. It was a wasted effort, time they could have better spent on building their list SMARTER instead of just growing it BIGGER without thinking.

First Amendment Restrictions on DNSBLs

Posted by Al Iverson on Thursday, July 1, 2010
Labels: , , / Comments: (0)
Yesterday on Twitter, somebody asked about how DNSBLs are restricted by the First Amendment to the United States Constitution. Apparently there's some advocacy group somewhere who is upset that they're listed on a blacklist, and they seem to be investigating potential opportunities for legal recourse.

For reference, allow me to include the entire text of the amendment here:

Congress shall make no law respecting an establishment of religion, or prohibiting the free exercise thereof; or abridging the freedom of speech, or of the press; or the right of the people peaceably to assemble, and to petition the Government for a redress of grievances.

Okay, now that you've read that, let me ask you this: Which anti-spam blacklists are run by Congress? The first amendment restricts GOVERNMENT action, not PRIVATE action.

(Sure: Other laws certainly restrict various private actions, but that's not the point, is it?)

How to avoid getting swindled on your email lists

Posted by Al Iverson on Tuesday, June 29, 2010
Labels: / Comments: (5)
Yeah, you could do everything Sallie Severns recommends, or you could do this instead: Don't buy lists. There's a simple reason why: Buying lists and getting solid inbox delivery are entirely incompatible. Period. End of story.

(And a tip of the hat to John Caldwell, Chad White, and Scott Cohen. I wouldn't have seen this article if they hadn't taken a moment to point and laugh at it.)

Update: Check out the comments-- the author holds up Datran Media and Hydra Media as examples of whom to work with.

Update #2: History has been revised: The post has been taken down. Apparently, we were never at war with Eurasia. My bad.

The view from a blacklist operator

Posted by Al Iverson on Thursday, June 17, 2010
Labels: , , / Comments: (0)
Steve Atkins from Word to the Wise explains why it's so important to make sure you're querying a blacklist correctly. Get it wrong, you end up blocking no spam at all, or worse, you end up blocking all of your inbound mail accidentally.

Spam filter authors -- it's time for your software to start rejecting DNSBLs that don't have a properly formatted test record, confirming that they're alive and that the filter in question is properly configured.