Purchased Lists Are Still Lame

Check out this blog post from Wired editor Chris Anderson. Chris talks about lazy PR flacks sending him misdirected and unwanted press releases and other junk. He names names, too, posting a long list of folks he's never going to accept mail from ever again.

One of those on the list, a guy named Dan Bannister, responded in comments:

I spent $10,000 this year on lists, email software, promotional cards etc. to promote my business and my work. You're on a list of people who buy creative work that is sold to photographers every day. If you don't really buy photography, why not just hit the unsubscribe button? Why give out your email?

Congratulations, Dan, for standing up and telling the whole world that you're a spammer.

Dan clearly doesn't get it, but let's answer his question anyway: Why doesn't Chris just unsubscribe?

Because Chris gets 300 emails like this a day, that's why. What's he supposed to do, spend all day hitting delete or clicking unsubscribe? That'll become a full time job.

But enough about Chris; let's talk about Dan. He spends $10k/year on lists. Lists that apparently many other people buy, because Chris gets enough of this email to suggest that the list(s) he's on have been distributed far and wide. Was that a good list purchase for Dan? To set himself apart, as one of the 300 jerks who sends Chris spam every day?

Sadly, this is typical with purchased lists. It'll contain a bunch of spamtrap addresses, or it contains an admin address for somebody who runs a blacklist, or it contains addresses of people who are fed up with spam and are going to report your mail as spam and embarrass you publicly.

Dan, this list is apparently not quite the gateway to an exclusive club like you might have thought it would be. You might want to ask for your money back, because your list purchasing strategy just backfired. Oops.

David Ritz lawsuit

It'd take too long to get into the whole story, so here's the short version: Anti-spam activist David Ritz is being sued by a guy named Jerry Reynolds, apparently for, uh, performing DNS and WHOIS lookups. You know, asking public servers for public information that they publish, necessary to keep the internet running? If that seems crazy to you, maybe you could spare a few bucks to donate to David's legal defense fund. Of course, don't just take my word for it. Read around on your own, maybe starting here.

Definitely form your own opinion. In the mean time, here's mine:

Tools like WHOIS and DNS lookups are things that I use every day, in both my day job, and hobby projects. Vetting a potential client, looking up to see the business name of a domain owner, tracing who owns an IP address, these are all public tools, standard tools, that anybody tracking spam, investigating email, or even looking up who owns a business, would use and does use.

Ever been sued for paging through the phone book? Yikes.

Address portability? Already got it!

I'm not even sure why this is garnering press coverage. But, that's not going to stop me from jumping on the bandwagon.

The short version is: Gail Mortenson, a freelance writer from Washington DC, lost her AOL account, which she had been using for business. So, her response is to complain to the FCC that the rules need to be changed. As Declan McCullagh says, Mortenson's proposal is silly.
  • First, this highlights that it's not wise to use somebody else's domain for your important email. If you're a business person, or if you're a business, why don't you have your own domain? At their most expensive, back in the day, they were $70/year. Domain registration was cheap then, and it's even cheaper now -- it currently costs on average $8-$15/year to own a domain name.
  • Second, email address “portability,” which would essentially be free email forwarding for life, blows up spam filtering. Most spam filtering is based on the reputation of the sending IP address. Email forwarding makes email appear as though it comes from the first ISP's mail server, instead of the actual source of the message. Yeah, you can build complex technical things to try to work around this, but it's a huge hurdle and there is no easy solution. It's not like porting a phone number, folks.
  • Third, email address portability already exists! I've been doing it for years, and it only costs me $12/year. Here's how I do it. I register my domains (example: spamresource.com) with domain registrar Joker.com. That costs me $12/year. They provide me with a control panel (at no extra charge) where you can set up email addresses and set the destination for those addresses. That means that today, mail sent to my spamresource.com address can automatically land in my Hotmail account. Tomorrow, I could change it so mail lands in my Gmail or Yahoo account. If I want to get more fancy, I can have Google Apps host the domain more directly, with excellent spam filtering and a branded webmail interface that's easy to use. Still for free. (This is in fact what I do with spamresource.com currently.)
So, hopefully the FCC won't mandate changes to fix a problem that doesn't exist. I assume the top tier ISPs are busy drafting memos to various government types telling them exactly why this is a bad idea. Do you think the FCC will listen?

McAfee vs Barracuda

I ran across this interesting press release the other day. It's from McAfee, talking about how their Secure Internet Gateway appliance compares to a similarly-positioned device from Barracuda.

When comparing the two devices for spam filtering over a two week period, the Barracuda Spam Firewall failed to correctly tag six times as many spam messages as the McAfee device did.

Find the full report from McAfee here.

(One interesting thing it doesn't touch on is backscatter. See, Barracuda devices send backscatter by default, due to their "accept all mail, then process it" methodology. The big ISPs have been working for years to move away from this methodology. It's not a best practice and hasn't been, for quite a while.)

DNSBL Resource Updates

Last week, at the MAAWG (Messaging Anti-Abuse Working Group) 11th General Meeting held in Arlington, VA, I presented my updated Blacklist Statistics Center. I also gave everyone within earshot a lot of data and a healthy dose of opinion regarding various blacklists, and shared my take on what senders and receivers should consider when measuring the value and reputation of a blacklist.

And, I'm finally fleshing out the blacklist review section of the site. To that end, I've just published reviews of PSBL, FIVETEN, and Spamhaus ZEN. This is to add to the list of ones I've already written (APEWS, SORBS, Spamcop, CBL, Korea and UBL).

I also invented a new blacklist. LUCKYSEVEN isn't suitable for spam filtering, but it helped to put a graphical face on arbitrary spam blocking methodology. Did you know that if you block mail from any IP address containing a 7, you'll block about 50% of spam? Of course, you'll block about 43% of non-spam at the same time, making it just about completely useless. But....still! 50%? Isn't there some value to that? No, not really, but it makes for a neat graph.

Psst...wanna buy a list?

Back in March, Mark Brownlow posted some good info on his Email Marketing Reports site about list rentals, list purchasing, and co-registration.

Is list purchasing a good idea? "With very, very few exceptions, purchasing a bulk list like this is a shortcut to email marketing hell." "No self-respecting list owner is ever going to sell copies of their address list. Not if they want to preserve its value."

Great advice! Click here to read the entire article.

Update: I had missed this new bit of commentary from Mark Brownlow on the same topic, posted just the other day: "
Any list building method not based on gaining an explicit opt-in strikes me as like eating fugu, the Japanese pufferfish dish. It's expensive, not a particularly rewarding experience, and runs the risk of killing you."

Spot on!

Tracking Blacklists

With the latest batch of additions today, I'm now tracking over 50 different blacklist zones for the newly revamped DNSBL Resource Blacklist Statistics Center. Thinking back to when I created the RRSS blacklist (the Radparker Relay Spam Stopper) in 1999, I am not sure there were even fifty anti-spam blacklist filters across the entire globe. Mine was definitely not the first, but I suspect that RRSS was probably one of the first ten.

Right now, I've got 13-week charts showing the effectiveness of 21 different blacklist zones. Look for public stats on additional lists soon, as I slowly compile effectiveness data on the lists I've just added. (And I've got even more tricks up my sleeve, so stay tuned!)