Data Breaches and Email List Data Theft

In a comment on another blog, Neil Schwartzman reminded readers that the recent theft of email list data from Aweber wasn't the first time in history that spammers stole email addresses from a service provider. As he points out, something similar happened to Lyris' Sparklist service back in 2002. He also pointed out that convicted felon Jason Smathers stole 30,000,000 addresses from AOL in 2003. The Ameritrade data leak from a few years ago comes to mind, as well. In that case, it may have been an ongoing issue from 2005 through 2007. Yuck.

In 2006, email marketer Datran settled with the New York Attorney General over allegations of misuse of email list and/or subscriber profile data. On that issue, Fox News reported that "Spitzer accused Datran of knowing of the companies' pledges [never to share data with a third party], but [that Datran, as a third party, was] spamming those consumers with unsolicited e-mails anyway, advertising discount drugs, diet pills and other products. [...] Spitzer's staff said they believe it is the largest deliberate breach of Internet privacy discovered by U.S. authorities."

It strikes me that perhaps the Aweber breach wasn't quite the "largest data breach in email marketing history" as suggested elsewhere.

On a semi-related note, this Chronology of Data Breaches, published by the Privacy Rights Clearinghouse, is very interesting. Maybe somebody needs to start something similar for email-specific data breaches? Sadly, there may have been enough of them by this point to warrant a standalone time line.

Mickey Chandler, Deliverability Consultant

My friend Mickey Chandler has finally taken the plunge and hung out his shingle as a deliverability consultant.

Mickey's a sharp guy. We go way back, all the way back to working together at the Mail Abuse Prevention System (MAPS), before it imploded under the weight of many lawsuits. (Ah, to be young and stupid again.) Since then, we've both migrated to the deliverability and email realms. Most recently, Mickey was the director of ISP relations for an email service provider. He and I work together periodically on various industry-related stuff, and I find his expertise and insight to be very strong.

Mickey also runs the blogs Spamtacular and Spamsuite, sharing commentary highlighting his wealth of knowledge and building up a very useful repository of spam-related legal documents.

If you're looking for a consultant to guide you through the complicated world of email deliverability, I'd recommend Mickey without hesitation. To learn more, head on over to Mickey's website at

Top Five Spam Resource Posts in 2009

As the last few days of the year come to pass, I thought it might be fun to revisit the top five most viewed articles this year right here on Spam Resource.

"Herbal King" Spanking Continues

"A New Zealand citizen living on the Sunshine Coast has been ordered by the Federal Court to pay a $210,000 fine for taking part in the world's largest spam operation. The fine comes after the 'spam king' has received fines from all over the world for his actions, including a massive $US16 million fine from the Federal Trade Commission in the United States.

"Lance Thomas Atkinson has been fined and banned from sending unsolicited commercial emails for the next seven years, after he took part in an operation advertising fake prescription drugs such as 'male enhancement' and weight-loss medication."

Read the rest of the story here.

Aweber Hacked; Email Addresses Stolen

As discussed here, here, and confirmed here, the email service provider Aweber was the victim of some sort of cyber-attack that resulted in bad guys getting access to email addresses stored in the Aweber system. This was tracked by way of spam starting to be received at unique addresses only given to various companies using Aweber for their email list management.

Not good news at all, for anyone involved. What can you do about it? I'm not sure, to be honest. There is no easy answer; no way to undo this. If anything comes to mind, I'll be happy to share it here. And to my readers, if you have any ideas on what an ESP's client should do if their ESP gets hacked, resulting in the loss of list data, please feel free to share in comments.

On List Growth and Buying Lists

Today, I'm following up on my last post about how one must be able to have a way to tell the world about their super product and service.

Jonathan writes, "I came across your web-site and I'd really appreciate some help regarding opt-in lists! I'm about to start a email marketing campaign and I want to use 6-7 different firms simultaneously. The issue I've run into is that each of the firms I've found has a plethora of complaints against them! I was wondering if you could kindly recommend some reputable opt-in/double opt-in firms which are cost effective. I look forward to hearing from you."

I can't. Anybody who wants to sell you a list is trying REALLY hard to do you a disservice.