How to avoid getting swindled on your email lists

Yeah, you could do everything Sallie Severns recommends, or you could do this instead: Don't buy lists. There's a simple reason why: Buying lists and getting solid inbox delivery are entirely incompatible. Period. End of story.

(And a tip of the hat to John Caldwell, Chad White, and Scott Cohen. I wouldn't have seen this article if they hadn't taken a moment to point and laugh at it.)

Update: Check out the comments-- the author holds up Datran Media and Hydra Media as examples of whom to work with.

Update #2: History has been revised: The post has been taken down. Apparently, we were never at war with Eurasia. My bad.

The view from a blacklist operator

Steve Atkins from Word to the Wise explains why it's so important to make sure you're querying a blacklist correctly. Get it wrong, you end up blocking no spam at all, or worse, you end up blocking all of your inbound mail accidentally.

Spam filter authors -- it's time for your software to start rejecting DNSBLs that don't have a properly formatted test record, confirming that they're alive and that the filter in question is properly configured.

Spamhaus Case: e360 Award Slashed to $27k

Venkat Balasubramani has the story over on Circle ID. Once upon a time, e360 was able to convince a judge that $11 million was accurately reflective of their actual losses. Spamhaus challenged, and David Lindhardt apparently wasn't up to that challenge, being slow to respond to discovery requests, providing wildly varying figured, etc. At the end of the day, the judge gave up and called e360's figures "unreliable." They claimed  many millions in damages, yet the company only seemed to take in $332,000. The pie was apparently a bit smaller than claimed, and when the judge sliced that pie, it sounds like he decided that e360 only deserved a twenty seven thousand dollar slice.

As Venkat puts it, $27,002 final judgment "doesn't sound like a particularly good outcome for the plaintiff." D'oh.

NY AG Taking Legal Action Against, famously called "The World's Most Annoying Website" by Time Magazine, seems to be in trouble again. Tagged previously settled with the San Francisco District Attorney's office for $650,000 over allegations of email-related "deceptive practices." And's CEO Greg Tseng was a co-founder and CEO of Jumpstart Technologies, the company with the dubious distinction of having paid the largest CAN-SPAM settlement ever, from what I can tell.

This time around, the trouble relates to child pornography. The office of the Attorney General of the State of New York alleges that " repeatedly looks the other way when sexually explicit material is sent to its underage users." Ouch. But wait, there's more. "After receiving a consumer complaint that Tagged was non-responsive to user alerts about graphic images of children being sexually abused, sexual solicitation of minors by adults, and pedophilia, Cuomo’s investigators created undercover accounts and made over 100 reports about 80 users regarding inappropriate sexual content and contact. The undercover accounts were then used to report this content and contact to Tagged using the mechanisms described on the company’s Web site. Despite these alerts, the vast majority of the reported users still have active Tagged accounts and most of the reported content remains on the Web site. In sum, of 80 users that were reported to Tagged by undercover investigators for various misdeeds, 51 users still have active accounts." Click here to read the full press release.

Does CAN-SPAM Cover Affiliate Spam?

Over on his blog, John Levine expertly dissects what went wrong in ASIS vs. Azoogle, an anti-spam lawsuit where, yet again, a judge doesn't find for the plaintiff. At the heart of the matter? Three issues; a sloppy plaintiff, a judge who believes (or was led to believe) things about email that might be at a right angle to reality, and that damn Gordon vs. Virtumundo ruling, which just won't die. Read all about it here.

Who's Sharing Your Personal Info?

I recently got a new electronic gadget, which had a cool program on it, a program that requires registering with the company behind the program. I did that, and then later on I got mail from partners of this company. Even though, when I log in to my account with that company, the opt-in/opt-out privacy checkboxes all say "opt-out," meaning my personal information shouldn't have been shared with that other company.

So I email the company, and the partner's ESP. I ask them, exactly why/how am I receiving this valuable email communication that I don't seem to have opted-in for?

That was just about a month ago, and nobody's telling me anything. It feels like everybody is more interested in passing the buck and telling me that they are taking it seriously and they're looking into it. I don't know why it takes a month to just admit that somebody made a mistake, or that I am wrong and I did consent to this. I'm not going to be all that mad if it was done in error; stuff happens. Maybe this helps them find a programming error, maybe a SQL select statement that doesn't properly respect the opt-in flag. I've been there, trust me.

But the lack of answers is uncool. I guess all I can do is warn all my friends to be sure not to give their personal information to this program or this company.

What would you do if you were in my shoes?

Twitter Blacklisted by Spamhaus

SBL84807 tells the story: Spamhaus has observed Twitter invitations more-or-less being used by spammers. According to Spamhaus, Twitter does not appear to have controls in place that prevent spammers from issuing invitations to imported lists of email addresses, and also, Twitter invitations have a broken unsubscribe link.

Let's hope Twitter works quickly to address this issue to Spamhaus's satisfaction.

I personally am not a big fan of "import your address book and we'll send everybody you've ever talked to an invitation to our fabulous new social network," as address books are invariably filled with crap. Even if the intent isn't nefarious, if I did this, I'd end up sending invites to the Apple store, all the mailing lists I'm on, the various abuse desks I talk to, including Twitter's own Del Harvey.

Also, people seem way to willing to hand their email passwords over to third parties. I'm sure Twitter isn't planning on stealing your address book, but what of the next site? And the site after that? Eventually a bad guy will figure out that this is a great way to harvest your contacts.

Let's Talk About the Rules

Over on Word to the Wise, Laura Atkins blogs about THE RULES. As I keep complaining about, a lot of "not so great" senders keep saying JUST TELL US WHAT THE RULES ARE. Okay, she'll lay out the rules for you. Thank you, Laura!

I've been thinking about this, and I've got a few rules of my own. Here are my top five: