Backscatter Goes Mainstream

Quick Link: Looks like Backscatter, the annoyance of bounces you receive in response to something somebody else sent (usually spam), has finally made its way into the public eye. USA Today Reports: 'Backscatter spam' gums up many e-mail inboxes.

Tell me about this new opt-out list!

Over here, email marketer Dylan Boyd talks about the the DMA's "launch" of an email opt-out site.

What, you mean, eMPS? That thing that has been around since at least 2005? Actually, since 2000. This is just the same old thing in a shiny new wrapper.

Not only is this thing not brand new, it's not worth the pixels it's printed on.

Think about it. If you only send email to people who explicitly ask for it, then why do you need to work with an opt-out registry? Track who have opted-in to your own list, track (and remove) those who choose to unsubscribe, and that's pretty much all you need to do.

Also, you need to ask yourself, what does compliance with this opt-out registry get you? It's not mandated by law, nor could it have any observable impact on your ability to send email.

What does Spamhaus say about eMPS? "[We know] of no U.S. firm using the DMA's eMPS service that isn't automaticallly by definition a firm sending spam, since the sole reason for users to need to opt-out of bulk email advertising they did not opt-in to is because the sender is sending without consent, i.e: any DMA member that is using eMPS is using it because he is sending Unsolicited Bulk Email, i.e: Spam."

If you send spam, you're going to get blocked, filtered, and blacklisted, even if you use this kind of list. If you don't send spam, you don't need it, as opt-in permission overrides opt-out suppression.

Explain to me once again, what the merit of this thing is? I'm not getting it.

Tracking Spam From "Nett Solutions"

Do you get a lot of spam like this? I do:

Your current website is very strong although we believe your visibility could be greatly improved. We would love to give you a free site review and guide you in how to get more targeted web traffic to your site. Email us today at (gmail account) and we will give you a free analysis. Be sure to include your URL(s) and where you would like us to reach you with results.

The mail is invariably routed through open proxies or bots, and it's pretty darn near anonymous. The only point of contact is some random Gmail account.

It dawned on me after receiving many of these messages, that they are all written very similarly. That suggests to me that it's one person or group sending most of them (to me, anyway). I wasn't quite sure how to track these guys down, so I decided the direct approach was best.

I emailed one of these Gmail accounts, and told them I was interetested. I wanted to learn more. I asked them to contact me. I left no phone number; the only way to get back to me was my email address.

Shortly after, my work number started receiving calls from an unrecognized number. That particular work phone number just routes straight to my voice mail. It's set up to catch people who try to get ahold of me by working the automated phone directory at work. (Meaning, if you're calling me at this number, you probably don't know me.) The calls are logged, the voice mails come to me in email, and I have a record of who called me from where. In this case, the calls were coming from (949) 330-7464.

I didn't return the calls. I waited and figured that eventually, they'd email me. And, they did.

From: Travis Mailhiot [mailto:tmailhiot@nettsolutions.com]
Sent: Friday, September 12, 2008 10:43 AM
To: me
Subject: Getting back to you - Google & Yahoo!

Hello Al,

You requested a free website analysis to determine how we can improve your positioning on Google & Yahoo!.

We have been trying to get in contact with you to make sure we fulfill your request.

Give me a call here in the office ASAP so we can help you. We are in CA on PST and I can be reached until 7pm EST M-F.

I will continue to call, however you have my info and feel free to give me a call.

I look forward to it. Have a great day.

Respectfully,

Travis Mailhiot
Account Executive
Direct - 949-330-7464
Fax - 949-330-7091
Email - tmailhiot@nettsolutions.com
Website - www.nettsolutions.com

The mail came from smtp1.enfrastructure.com [216.174.117.85]. And now, I know who is behind the spam, and I have full headers from them, a complete email message, tying it back to the pseudononymous spam that I've been receiving.

I don't know if Travis Mailhiot is just one of many people at this company trying to build leads through spam, or if this is the modus operandi of the entire company.

However, I do know who to submit to various blacklists, now.

If you're receiving spam like this, start responding. Ask them for more info. Wait and see who responds. There's a good chance the responsible party will be revealed.

(Also, if you're really looking for help with search engine placement and optimization? Look elsewhere. If these guys use spam and proxy abuse as their lead generation process, I can only guess what kind of worst practices their actual search optimization process likely include. I used to help clients with search engine optimization, and I've talked to multiple companies who have learned the hardway that hiring somebody who utilizes bad tactics can result in your website getting banned from Google or Yahoo's index. Not good.)

10/19/2008 Edit: Here's a bit more on Nett Solutions, information found and shared by a fellow spam fighter. Nett Solutions: SEO company pretends special deal with Google. Ripoff Report: Nett Solutions. SEP/SEO Spam: Nett Solutions discussion on Yahoo Answers.

Authorities Shut Down Spam Ring

From the NY Times:

The Federal Trade Commission won a preliminary legal victory against what it called one of the largest spam gangs on the Internet, getting an Illinois district court on Tuesday to freeze the group's assets and order the spam network to shut down.

The group, which used several names but was known among spam-fighting organizations as HerbalKings, sent billions of unsolicited messages to Internet users over the last 20 months, touting replica watches and a variety of pharmaceuticals, including weight-loss drugs and herbal pills that supposedly enhanced the male anatomy, according to the FTC.

This is wild. This a big deal; these guys were responsible for tons of spam.

Of course, nature abhors a vacuum, so I wonder if this will have any long term impact on the volume of spam out there. Maybe not. We shall see.

Message Timing FAIL

____ sent me an email today. ____ "would like feedback on my recent order."

My recent order. The one I placed....in February.

At first I thought it was spam. I didn't recall ordering anything from this company. I almost reported it as spam, until I decided to look through my archives, and I found information that reminded me of my order back then.

I suspect that I'm probably one of the few people who decided to bother to look closer before reporting this message as spam. That's why relevance and timeliness are so important if you want to get your email delivered. Send an email eight months late, and people are not going to remember who you are. They'll report it as spam, you'll get lots of complaints, and your ability to send mail will suffer.

Spam from Randolph Wine Cellars

A few weeks ago, I got spam from some wine store I had never heard of: Randolph Wine Cellars. Located in Chicago, it looks like a neat place, from their website. Except for one problem: They seem to be spammers.

There's a twist to this story, and in fact, it's what helped me catch them as spammers. See, Randolph Wine Cellars spammed me at an email address I gave only to Uncommon Ground, a local restaurant and bar. I know the date and time I gave it to Uncommon Ground, and I know exactly how it was an address I gave only to Uncommon Ground.

At first I thought Uncommon Ground was to blame. After all, a lot of people don't know that it's bad to sell email addresses. It turns out, from what I can tell, that this wasn't Uncommon Ground's fault. I've talked to a bunch of different people, including Michael Cameron, who owns Uncommon Ground, along with his wife. Michael's a nice guy, and the discussions we've had on this topic have gone well. He's not happy about email addresses on his list ending up on somebody else's list. My understanding is that this is not something that he engineered, advocated, or allowed. And I believe him.

I'm glad of that, because I don't do business with spammers. I am actively anti-spam, and I shun and shame spammers. I also report them to blacklists. My day job is educating list managers and companies on how not to be spammers, and throwing spammers off of my employer's network. Spamming me is not a smart idea.

When this first happened, when I thought it was Uncommon Ground's fault, I was really upset. Because the Uncommon Ground on Devon, near my home, is a really good restaurant and bar. My girlfriend and I love their food, love their commitment to local and organic foods, and we love the vibe. The location is great. We usually walk there when we go. But, I don't do business with spammers, so I thought we weren't able to be able to go back. Now that I know this wasn't Uncommon Ground's fault, we have been back there, and I heartily recommend that any of my Chicago readers visit Uncommon Ground as well. I've never had a bad meal there.

Of course, I didn't just take Michael's word for it - my own investigation, my own discussion with other parties involved, has led me to believe that Uncommon Ground wasn't behind this.

I'm going to have more on the Randolph Wine Cellars side of this story as my investigation progresses. Stay tuned for that.

In the mean time, let me ask you this: Who in their right mind thinks it's OK to buy or sell email addresses?

I signed up for emails from Uncommon Ground because I wanted to get emails from them. I did not sign up for emails from Randolph Wine Cellars, and I have no interest in receiving information about them. I don't know who they are, and in fact, the main thing I now know about them is that they sent me spam. That doesn't make me trust them, nor does it make me want to do business with them. Quite the opposite. It makes me distrust and dislike them. Spam is a sneaky, unethical, and underhanded way to advertise. Why would an ethical company send me spam?

Blacklist BCP and Dead DNSBLs

Over on DNSBL Resource, I posted a quick rant and link to the DNSBL best practice draft document. This BCP ought to be required reading for any current or future blacklist operator.

Spammers: SambaMail and The Data Supplier

Are you looking to buy a list? There’s no faster path to being identified as a spammer. If you’re looking to damage your ability to send mail, or if you’re looking to damage your online reputation, then this might be for you.
Check out The Data Supplier. One billion email addresses – only $795. Comes with:
  • 15 Million Companies Emails
  • 3 Million Fresh Bulk Emails
  • 8 Million Worldwide Emails
  • 9.4 Million Misc Emails
  • 250K Germany Emails
  • 1 Million Yahoo Emails
Gosh, what a value! If you want to send email to people who didn’t sign up to get emails from you, and if you want to get reported as a spammer.
So, where are you going to send your spam through? Legitimate email service providers would cancel your account within seconds of trying to send to lists like this.
Never fear! SambaMail to the rescue. Their FAQ helpfully explains: Can I rent or buy an email list to use with the SambaMail.com service? SambaMail.com service can be used with third party email lists, as long as they are opt-in. All lists purchased from our partner www.TheDataSupplier.com are considered opt-in lists.
Here’s a hint: Somebody calling something an opt-in list doesn’t make it an opt-in list. I could call a Honda Civic a Range Rover, but truth is, the Honda is still a four door sedan. These are spam lists, and if you use these lists, you’re spamming. It’s clear that SambaMail is okay with spamming. Yuck. If somehow you're a legitimate company, sending only to your customers, using SambaMail, my recommendation is to run away, and fast. Since they allow spam, ISPs and blacklists will go after them, and your legitimate non-spam mail will get caught in the crossfire.
So, who are these guys, anyway? Who knows. Looking up who owns their domains, I see that they’ve masked their contact info. Would you really do business with somebody who tries to hide who they are? Yet another sign that these people aren’t exactly ethical or trustworthy.
The Data Supplier tries to reassure visitors that it's OK to send spam: Is it legal to send email to the lists and what about the CAN-SPAM Act? Sending bulk email is legal as long as you comply with the CAN-SPAM Act. The CAN-SPAM Act basically states: 1) Your email's "From," "To," and routing information must be accurate and identify the person who initiated the email. 2) Your Subject line cannot mislead the recipient. 3) You must have an Opt-Out method. 4) You must identify your valid postal address.
That's bad advice, and completely wrong. They're misrepresenting what the law actually says, and they're leaving out important details, things like how every ISP will block you, no ISP wants this mail, and you'll probably end up getting threatened or sued if you buy and use these lists. The Data Supplier doesn't care. They'll be long gone by then, probably having changed names ten times and using new, different PO boxes in some other state.
This is yucky on every possible level.

Ask Al: Help! Am I blacklisted?

Celso writes, "Can you please help me verify that my IP addresses are not on any blacklist?"

No, I cannot, Celso. And here's why: You're going to be on somebody's blacklist somewhere. The IP address you use, the domain you use, they could be on anybody's blacklist anywhere. Even if you're not a spammer. Some blacklist maintainer could be mad at your ISP or their upstream provider, or they could be trying to list anybody who is associated with some company because they don't like that company.

Forget that. Whether or not you're blacklisted, that is the wrong question to ask.

What you need to ask yourself is: Where is your mail being blocked?

When you look at bounces, what are you seeing?

Are you seeing bounces that refer to a specific blacklist issue?

Are you seeing LOTS of bounces referring to some well-known blacklist?

If you're not answering "yes" to one of the questions above, then I wouldn't worry about it.

If the IP address you use to send mail is on Spamcop, Spamhaus, or UCEPROTECT, then you might have a problem. Being on any of those blacklists tends to indicate a real spam problem, and suggests you need to figure out what's going wrong, and you need to fix it.

But, there are a lot of blacklist lookup tools online that include tons of other blacklists-- including a number of blacklists that aren't widely used to filter mail. In short, they don't matter. Or the lookup site include blacklists that are long since dead. Or they do other things that don't exactly fill people with confidence. What really matters is what impact a blacklisting has on your ability to send mail. Being on "the blacklists" themselves is not the real problem.

As always, if you have a spam problem, you need to address it. Spam is bad. Stay away from spam, and you'll stay away from the blacklisting issues that can cause real trouble. And keep in mind, being listed on some tiny little blacklist you've never heard of does not mean you're ever going to see an email get bounced as a result. Look at APEWS -- well known ISP administrators openly refer to it as a joke, and nobody uses it to filter spam. Is an APEWS listing a problem? In short, no.

It all boils down to this: Not all blacklistings matter. Keep your nose clean (don't allow or send spam), watch your bounces for blacklist references (meaning you're on a blacklist that actually has an impact), watch for and deal with spam complaints properly, and you'll be just fine.