Internet Defense Technology

When I tell people that I work for an email spam company, one of the first and most surprising questions I get asked (after how do I stop the spam) is why do spammers spam.

Well, results from a new survey by Marshal show that 29% of respondents to a recent survey admitted they made purchases from spam messages. This is up from 2004 where only 20% admitted to doing so.

That pretty much says it all, unfortunately, spammers do it for the money and enough people buy stuff or get caught by the scams to make it worth their while to keep going.

My objective, educate everyone I met on email spam, how not to get caught, not to respond and definitely not to buy. Really in the end, if we hit the spammers where it counts (in the back pocket) they will eventually give up.

I was doing a search on Yahoo today and found the below:





In case you can’t read it, it says at the top:
“1 potentially harmful website is marked on this page”

Then under the link to the actual listing (and before the description text) it says:
“Warning: Unsolicited Emails”

Habeas just finished a study on Email in Direct Marketing, Mobile and Web 2.0 Applications.

Some interesting points related to spam:

* 67% of respondents prefer email as a communications channel.

* 69% of those surveyed expressed concern about being victimized by email fraud scams (rise from the 62% in 2007).

* 43% of respondents voiced concern over the spam and virus threat to mobile devices (rise from 2007’s 36%).

* 88% said they would like organizations to give them more choices over the content and frequency of the emails they receive.

* Daily email messages ranked with pop-up advertisements as the most damaging online tactics to a company’s online reputation.

* 80% of respondents are not comfortable with businesses sharing their email address.

* Internet users believe that about 2/3 of companies are likely to share their email addresses with third parties.

* More than 80% feel that a business’ reputation is negatively affected if it shares customer email addresses with third parties.

Link to their press release

Seems there are some changes to the CAN-SPAM act recently, all approved by the Federal Trade Commission (FTC).

Below is the quote straight from the FTC website, but the most interesting part to me is #1. Effectively saying that all emails must allow you to unsubscribe in one of two ways:

a) Send a reply with remove request
b) One click to a single page to opt-out

This means you can’t send me on a wild goose chase through you site for the opt-out link. This means you can’t ask me for anymore information than my email address to “confirm” my opt-out.

Just wish the illegal guys could somehow be forced to do this. Unfortunately what I have seen as true for most laws, only law abiding people pay any attention.

Quote from FTC:

“The new rule provisions address four topics:
(1) an e-mail recipient cannot be required to pay a fee, provide information other than his or her e-mail address and opt-out preferences, or take any steps other than sending a reply e-mail message or visiting a single Internet Web page to opt out of receiving future e-mail from a sender;
(2) the definition of “sender” was modified to make it easier to determine which of multiple parties advertising in a single e-mail message is responsible for complying with the Act’s opt-out requirements;
(3) a “sender” of commercial e-mail can include an accurately-registered post office box or private mailbox established under United States Postal Service regulations to satisfy the Act’s requirement that a commercial e-mail display a “valid physical postal address”; and
(4) a definition of the term “person” was added to clarify that CAN-SPAM’s obligations are not limited to natural persons.”

FTC article on new CAN-SPAM rules

Be careful about any emails you might get asking for your information. To be safe, always go to the site directly to check.

For example, a new one going around from PayPal:

Dear PayPal® customer,

We recently reviewed your account, and we suspect an unauthorized transaction on your account.

Protecting your account is our primary concern. As a preventive measure we have temporary limited your access to sensitive information.

Paypal features.

To ensure that your account is not compromised, simply hit ”Resolution Center” to confirm your identity as member of Paypal. Login to your Paypal with your Paypal username and password.

Confirm your identity as a card member of Paypal.

Please confirm account information by clicking here Resolution Center and complete the “Steps to Remove Limitations.”

*Please do not reply to this message. Mail sent to this address cannot be answered.

Copyright (c) 1999-2008 PayPal. All rights reserved.

In case you missed it, Zango is sueing anti-spyware company Kaspersky Lab alleging that the company interfered with Zango’s business relationships with consumers by removing Zango adware from people’s computers.

Now people get Kaspersky product specifically for the purpose of removing adware and spyware, which serves consumers pop-up ads based on their Web-surfing activity.

If Zango were to win this suit (I don’t think they have a change, but I am not a lawyer) what does this mean for companies who specifically serve people by blocking content that is most likely harmful to them.

Being in the email spam business, I will tell you, there is no way to be 100% perfect at it, we can get pretty darn close, but not 100% perfect 100% of the time.

I am scared of the ramifications of this and hope the courts realize that it is the job of Zango to make a product that doesn’t alert the programs to possible bad behaviour.

While companies that detect and block spam, spyware, adware and more work hard to get it right (we will lose customers otherwise) both sides need to work together, not sue each other.

Original Article on Mediapost

So Microsoft has filed a patent to expand on the “external” data they use to rank pages and include information gotten from emails that are considered spam.

Most spam emails have a link back to a website and the search engine spiders can follow those links and use it as a factor in ranking pages.

I am sure the other search engines (like Google and Yahoo with their own email platforms) can do this same which will hopefully have a good effect on spam. Make website owners less interested in spamming people, hopefully a good thing.

Search engine spam detection using external data
Invented by Bama Ramarathnam, Eric B. Watson, Janine Ruth Crumb
Assigned to Microsoft
US Patent 7,349,901
Granted: March 25, 2008
Filed: May 21, 2004

Original article on IDT Blog about email spam