A Note on Dutch "Tell-A-Friend" Regulation

Remember how I mentioned SPAM-L the other day? Sometimes you learn useful stuff there. After reading a recent discussion there about "forward to a friend" functionality and whether or not it might be legal in different jurisdictions, I saw Vincent Schönau offer up some useful advice. Vincent is a former postmaster who helps ISPs build anti-abuse platforms for an anti-spam vendor. I've asked him to clarify his thoughts for a post here on Spam Resource, and he as graciously agreed to do so. Keep in mind that neither he nor I are lawyers, and this is not legal advice -- just a smart person's interpretation. And now, Vincent Schönau: 

Interview Day at Spam Resource

Scott Cohen interviewed me for the "Email Snob" series on his cool "Scott Writes Everything" blog, and here it is.

Also, Annalivia Ford, ex-AOL postmaster, now at Unica, was interviewed by Len Schneyder for Unica's blog. You can find part one of that interview here: 8 Years in the Spam Trenches | Part 1

Spam from Image Factory

Today I got a spam from a company called "Image Factory" or "Web Image Factory" -- www.webimagefactory.com -- (773) 315-9014, sending from IP address This Chicago enterprise aims to want to help me grow my business. I'm not interested, but good for them for trying. Except -- I didn't sign up for this email. It's spam.

Why did they send me this spam? I've never heard of them before and I have never done business with them or had a conversation with them.

I emailed them, and we'll see if I get a response. In the mean time, I did a little poking around. A-ha! I did business with a client of theirs. A property rental company that rents out apartments for very short amounts of time, like a hotel room. I've used it to book a place to stay for friends when they have come to visit.

Apparently, when I give my email address to this company to reserve an apartment, it somehow also ends up in the hands of Image Factory. Does that strike you as a best practice? What other information is shared or otherwise ends up in the hands of third parties?

I dug through my saved email and found that I have received mail from this company before, and I reported it as spam every time. This time around, somebody from their ISP responded. Sadly, James from NetFronts Technical Support thinks the mail "does not look like spam" because it is an "opt-in mailing list that allows you to unsubscribe."

Are you on SPAM-L?

A few different folks have heard me mention the SPAM-L mailing list in conversation these past few months, and expressed surprise; thinking it had been retired. The old SPAM-L mailing list was indeed shut down back in May, 2009, but the list was almost immediately resurrected by J.A. Terranson and a few other kind folks. It now lives over at spam-l.com, click here to learn more about the list or to subscribe.

ISPs: Preventing Outbound Spam?

Kris writes, "Hi Al, I am contacting you because I would like to receive some feedback (advice, tips) on how an ISP can help to prevent outbound spam.

Virgin Mobile Settles Spam Allegations for 22,000 AUD

The Sydney Morning Herald reports that Virgin Mobile was found to have been sending email messages to recipients who had previously opted-out of email advertisements from the mobile carrier. "'To make sure you're still certain about this choice, we just wanted to quickly show you some examples of recent offers that we've sent to customers,' the text of the message read."

Yikes. C'mon, what kind of master marketer thought up this? "Let's take the opt-outs and send them a reminder about all the fabulous offers they're missing out on." Do you think that guy got a promotion? People who unsubscribe don't want any more email from you. Duh.

(Hat tip: The Delicious Box of Meat)

Classmates.com Settles Lawsuit over Deceptive Emails

TechFlash reports: "Seattle-based Classmates.com has agreed to pay up to $9.5 million to its users to settle a lawsuit that accused the social network of sending emails that made people believe their old friends from high school were reaching out to connect -- only to discover, after paying for a membership, that their long-lost buddies were nowhere to be found."

On Defending Jigsaw & Similar...

This morning, an anonymous commenter attempted to drop a truth bomb on my post about how Jigsaw was blacklisted by Spamhaus. (They still are, by the way.)

In his comment, he points out that postal junk mail sucks (which I agree with), but he doesn't make it clear why it was important to share that tidbit with us. That spam is a suitable substitute for junk mail? I'm not buying it.

Twitter Has Spammers, Too

I'm a pretty heavy user of Twitter. I've got a few followers, I pay attention to what a lot of people say, and I know a number of people that follow what I say. I enjoy this new method of interacting with people-- it's been a lot of fun. But, like every other way of electronic communication, spammers were bound to discover it and attempt to exploit it eventually. In the Twitter-sphere, the way spam works might be a bit different than in email, but I'll be darned if it doesn't just jump right out at me, with my background in spam fighting and email best practices.

Spamhaus: Waledac Botnet Culling Had Little Effect

Tom Espiner of ZDNet UK Reports. "The throttling of Waledac, which Microsoft claimed to have achieved by means of legal action last week, has led to no appreciable reduction of junk mail coming from the botnet, anti-spam organisation Spamhaus told ZDNet UK on Tuesday.

"'The amount of spam coming from Waledac [before the takedown] was less than one percent [of all spam], and that hasn't changed much,' said Spamhaus chief information officer Richard Cox. 'There's been a slight change, nothing major, and we would expect it to be a lot different.'"

Alan Ralsky Goes to Jail, Does Not Pass Go

Spamhaus reports: "Leaving a wake of over 12-years of criminal spamming and trillions of sent junk emails behind him, long time ROKSO listed spammer Alan Ralsky is finally behind the walls of a US Federal Prison. After pleading guilty to multiple federal criminal charges, and after time extensions to "get his affairs in order", Ralsky reported to FCI Morgantown in north-central West Virginia on March 1st to start serving his 4-year, 3-month sentence."

Ralsky was the guy who complained when angry spam recipients figured out his home address and signed him up for tons of junk mail, magazines, and catalogs. I wonder if he's wishing for that reading material now, to help pass the time for the next four years or so.

Is Online Anonymity a Bad Thing?

My previous post talking about the Anonwhois.org project (of which I have no connection with whatsoever-- I just think it's neat) generated a lot of comments and feedback both in comments and in email. I thought I would take a few minutes here and answer a few of the more popular the comments and questions that were posed.

Arrests made in "Mariposa" botnet that infected 13 million PCs

Boing Boing says: "AP reports that authorities in Spain have cracked one of the biggest botnet rings in history, with three arrests made and more coming. The so-called Mariposa botnet appeared in December, 2008." Read more...

Quick Hits

Annalivia Ford, the AOL employee most senders interacted with if they had deliverability issues at that particular provider of mailboxes, has indicated that she's moving on; leaving AOL. A sad day, of sorts, but maybe not -- with AOL's recent layoffs and the world being a different place than it was ten years ago, it's been clear for a while now that mailboxes may no longer be one of AOL's primary points of focus. Her last day at AOL is March 5th. You'll be able to continue to keep up with whatever she's working on over at her blog, www.annaliviaford.com.

On March 1st, Spamhaus launched a new domain blocking list called the DBL. It sounds great, and I trust that the folks at Spamhaus know what they're doing. It's too new for me to have done any testing, so I haven't yet personally observed it being great at catching spam or not. They recommend using it both for from address (sender) and content (URI/URL) filtering. They also recommend continuing the previous practice of changing URI/URL FQDNs into IP addresses and checking those against the SBL as well, in a two-stage filtering process.

Identify anonymous domains with anonwhois.org

Check out this neat new project at anonwhois.org: It's domain data, published in a format similar to a URI DNSBL or RHSBL (right-hand side BL). Meaning, in short, it's a DNS-based list that you can check domains against. What does it tell you? Whether or not a domain is registered anonymously; that is to say, whether or not a domain is registered behind a "privacy protect"-like service. Like many other spam fighters, I've long considered it a bad idea to hide ownership of your domain in this manner. And now, if you, like me, think it's a bad idea, you could use the ANONWHOIS data to help score or otherwise identify messages that come from such domains or use such domains in images or links.