Spammer explains how I got spammed (but I'm not buying it)

Spammer explains how I got spammed (but I'm not buying it)

Summary: Have you ever received that one spam that just pushed you over the edge, making you want to track the spammer down and give him or her a piece of your mind?   Earlier this month, I got spammed by Loyalty Solutions, which is apparently a subsidiary of Optimus Companies.

SHARE:
TOPICS: Tech Industry
26

Have you ever received that one spam that just pushed you over the edge, making you want to track the spammer down and give him or her a piece of your mind?   Earlier this month, I got spammed by Loyalty Solutions, which is apparently a subsidiary of Optimus Companies.  It was the wrong spam at the wrong time and I decided, for my own peace of mind, to do something about it. 

It was the sort of spam that really gets under my skin.  It's not the type that's easy to trap for (right now, you anti-spam solution providers are disagreeing --- whatever you do, please don't write to me or call me to make your case. My inbox and vmail are already too full).  It's a newsletter that is probably sent out on a periodic basis and it looks legit because it has a bunch of links to advice of a certain type (I'm purposely avoiding saying anything that gives the company more free exposure for its services than it deserves).  It's a total spam trap.  If you try to click through to the advice, it requires you to enter in all sorts of personal information about yourself before it lets you continue.  

The other thing about this newsletter that really got me worked up was the apparent lack of an unsubscribe link.  As it turns out, there was one.  But here's the catch.  It's an image.  It's not text.  And if you have Outlook or your e-mail client set up to reject images that occur in inbound HTML-based e-mail as I do (which is a good idea for security reasons), the unsubscribe link doesn't show up.  When you activate the images (as you can do on a message by message basis in Outlook), the unsubscribe link shows up and it looks like text, but it isn't.  I'm not sure why faux text like this has to be included, but it seems disingenuous to me.

This is also exactly the sort of loop hole that proves the futility in anti-spam legislation.  Such legislation may require unsubscribe links in marketing e-mails, but too much discretion is left up to the spammer.  If I was a spammer and I knew about how a lot of people are set up for image rejection, I'd do the same thing so that I was technically compliant with the law, but also so my unsubscribe link was hidden from many of the recipients.

There are hundreds of thousands of newsletters like these circulating the Web and, somehow, even though I never subscribed to them, I seem to get most of them and I often wonder how it is that I keep ending up as a subscriber to something I never subscribed to.  I mean, what right do they have to just add me to their list?

So, I decided to ask.

To Loyalty's credit (gosh, I hate saying that), it was easy to find a phone number on their Web site.  Eventually, I was able to make phone contact with the company's officials.  I asked if I could record the phone call. The answer was no. Why I wondered? What do they have to be afraid of? After all, if they have the gall to invade my inbox as well as those of others, the least they could do is "be men about it" (apologies to you gals out there for the cliche).  But they refused to be recorded.  So I asked how was it that I ended up with the newsletter.  Eventually, Daniel Seaman Esq. (he included the "Esq." part, not me), president of Loyalty Solutions, wrote me an email that, amongst other things, said:

....David [Swanson] mentioned that you were interested in understanding how your name got included on our list. I can tell you several things about the list on which your name appeared:

  1. It was a list of insurance company contacts that was recently developed.
  2. This was not a purchased list.....
.....The lists we use are developed from a variety of sources: conferences and trade shows, partner relationships for co-branding and cross marketing, registrations and subscriptions from our website, and some targeted development work undertaken by our operations team. I'm afraid I'm not able to tell you specifically how your name was in that database, as clearly it did not belong. 

In the letter, Seaman also apologized, but I'm still miffed. The insurance angle sounds entirely fishy to me.  For starters, just supposing this is true, what on earth could be the connection between insurance and loyalty? Why would people on an insurance list have any interest in anything that's remotely connected to loyalty? Second, what insurance list am I on that ended up in Loyalty's hands. I only deal with a couple of insurance companies but I don't think any of them have my work e-mail address.  So, what insurance company is out there harvesting addresses from some other source and even worse, what insurance company is giving that information away to outfits like Loyalty?

I responded to Seaman wanting more information.  Presumably, if my name is in Loyalty's database (which it was), Seaman should know exactly where it came from and I as a target of their spam should have a right to know who is supplying them with my personal information. I asked but never got an answer.  This if you ask me, is the problem with anti-spam legislation. There's no accountability. I, as the spammee, cannot hold someone accountable for the pollution in my inbox.  The burden is on me to solve the problem, not the spammers like Loyalty.

So, for those of you seeking the sorts of services provided by Optimus and its subsidiaries, or to those of you who are already customers (the newsletter lists American Express, Pitney Bowes, Nokia, Baush & Lomb, Qwest Communications, CIQ, MBNA, IDT, MasterCard, General Mills, and Bank One), you should be aware of the fact that the company can't seem to answer some important questions about its business practices and where it has addressed those questions, the answers don't seem to add up. Is that the sort of company you want to associate your brands with?

Topic: Tech Industry

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

26 comments
Log in or register to join the discussion
  • Requiring diclosing source of email as effective enforcement?

    I am interested in the fact that companies cannot tell you where they get your email from. May be, just may be this is the key to enforcing antispam law: If you cannot disclose (to a regulatory body) and trace consent, you are spamming and thus can be fined. No need for $1000 per spam, 10 cents per spam will kill them off completely.
    sinleeh@...
    • The fact is that legit companies can and should tell you exactly the source

      Good reputable suppliers require a source for all email addresses.
      If they don't know the exact permission event that got that name in
      the database, they have two choices:

      1) Trash the name
      2) Re-opt message with a positive confirmation

      Picking up your card at a conference is not permission.
      chrisbaggott
    • disclosure requirement

      Great idea just one problem, having the manpower to go after them find them, verify the trace and then fine them. Also how to handle the ones coming from off-shore.
      The only recourse I can think of for that would be to put the onus one the on-shore company to use a reputable mailing service that can comply with a tracing requirement, and fine them if that company fails to provide proof of consent.
      ajmeyercan
  • I would say

    have a do not email list like the do not call list, but of course the do not call list is not enforced bt the FTC---they just (really?) pass the telemarketer's number on to "authorities" who apparently can't be bothered. GREAT F%$#^&^ system. OUR GOVERNMENT NOT at WORK!!

    Do I hear a second for an overthrow??
    dguith@...
  • Gawd! What a pain.

    I'm also on every list in the world.
    But I've got even more fun. A Bizillion spam emails are being out that use my family domain name.
    As in <somefalsename>@myfamilydomainname.org. The email addresses are spoofed.

    Now I get a bunch of emails from people that are upset because they think I spammed them. Talk about really wanting to choke someone.

    My hosting provider says there is nothing that can be done. I even did third party secuirty checks on the server and it passes. Now I say a prayer everynight that my domain wont be blacklisted.

    TaintMeSpammin
    ralphwillett@...
    • Spam and e-mail in general

      Ahh yes the highjacking of domain names. The E-mail protocol is one of the most lax protocols on the internet as is HTTP. There is no specific reqirement that any of it be legitimate or verifiable, although most spam engines use the lack of verifiability as an indication of spam.
      All you need is an open e-mail server to process the mail (and there are lots of those) and it will accept any from address even invalid ones.

      The Internet was born out of an idea of colaboration and information sharing between research institutes that was to be platform independent. There was no expectation of malice or untrustworthyness between sites so the protocols developed had no security embeded in them. This is now the root of the problem and the efforts to layer security on top are hindered by the base on which it must be placed.
      ajmeyercan
  • Spammer Open Season

    The only real way to stop spam is to enlist public vigilantism. It should be legal to hunt down and exterminate vermin, especially spammers.
    ;-)
    jlgalloway
    • A man, brother...

      If the goverment doesn't have enough guts to put an end to this once and for all, then I belive it's a time for cyber vigilants.

      Every hacker out there should target these spammers.
      Qix77
      • How to Win Friends and Influence Spammer

        The fun way to make use of all that leftover spam:

        http://hackthespam.blogspot.com/
        SteveTheWirePuller
  • Follow Rule #1

    I'm surprised you fell for this spam. You say that "[the spam e-mail] is probably sent out on a periodic basis"; since you didn't recognize it as something you subscribe to, why did you then open it and click the links?

    And please: don't send your readers to the site of the spamming company. I certainly don't need any more spam, either.

    Basic common sense. I guess it's been proven once again: sense is not at all common.
    ccranfill
    • You can't follow it at any scenario...

      Maybe because sometimes you cannot be 100% sure if an email is spam, until you open it. If you receive hundreds of emails a day from friends and strangers (you know, like a journalist surely do) early or late you will find yourself opening spam messages to check if they are really spam.


      Maybe you don't receive that much email, or you prefer to miss a good email just because it looked suspicius. If it works for you...


      MV
      MV_z
  • How to annoy spammers

    Simply create a dynamically loading html page and embed several hundred of these in a page:

    "<a href="mailto:[some_random_text_here]@[insert IP address of requester here]">#</a>

    The key is to dynamically read the HTTP request IP address from the incoming HTTP Request object and populate the page with a few hundred of these tags. They will not render anything visually to the legitimate readers of website using browsers however spam harvesters will unwittingly harvest several hundred "email addresses" that point back at their own domain. When they sell the list, they will end up getting spammed. For a variant, you could also use the email and IP addresses of known spammers.
    nickull
    • Oh this is very interesting....

      Could you provide more detail information regarding this? It would be a boon but I would wonder about the spiders that are legit, search engine spiders. Would this interfer with the site's ranking? Or is there a difference in the spidering process of the legit search engine spider vs a spammer's harvest spider.
      FranC.
    • pay back to spammers

      after finding the origination send them what we
      used to call the "email from HELL" it is only a few
      characters long but it will continually scroll the screen with randon characters. Ps the message can not be printed either...
      edcav@...
      • How Exactly do you do that ?

        Id like some more information regarding this .
        Do you script it , if so how do you get past their anti-spam defences ? To which OS does this apply ?

        I want to get back at a couple of %^@# .
        Izak Visser
  • need cheese to go with that whine?

    what a crybaby! i think it was great that a big spam company responded to your inquiry, and they answered all your questions in your first communication, they gave you more attention than most spammers would!!
    salmonfire@...
    • need some brains to go with that mouth

      Talk about crybaby's look in the mirror.
      IceTheNet@...
    • Have some yourself, rat!!

      (Sorry for any missed typos - I need a new keyboard - the victim of my grandson's cocoa)

      Spammers should be thrown in the same box as telemarketers, and they should all be subjected to having their own email boxes overloaded or their vapid sales pitches blasted at them 24/7.

      Whoever gave them the right to invade our personal communications with their advertisements? It totally mystiifies me that there is not yet any legislation outlawing this crap (if there is,it sure isn't being enforced!)(I thought)the Internet was supposed to be a free highway of information, not a way for low-lifes to get free advertising and invade your private time.

      I hate getting spam, the fact that this spammer apologized doesn't make his original intention any less bothersome. Any criminal caught in the act would apologize too, that doesn't make his original intentions any more benign.

      Enough is enough. It used to be fun using a PC to look around the Internet,now you hit so much advertising and Russian porn, I just Google what I am looking for, try) to check my email quickly, and get off line. I pay a premium (only about $2/month) to my ISP for SPAM filtering, but some still gets through. I can't imagine how much money is being spent by peole for anti-spamming software just to get these idiots out of their mailboxes.

      And don't even start me on viruses and other more malicious malware - where are the prosecutions? I sometimes believe the software vendors must be paying off somebody to allow this to continue - how else could it be so prolific at such a cost to the public to prevent? People with little knowledge of how to protect themselves must have their online experiences basically rendered useless, if not their whole PCs brought down.
      GaijinIT
  • Regulations

    Instead of permiting to spam being sent when an unsubscribe link is included, spammers should be by laws be forced to include a general keyword in the subject of the messages sent, as such as "Publicity : blablabla". Then whoever who dislike spam could point his filters accordingly. Of course not everyone would comply, but lots of companies in America scared to get sued over it would, and it would scale it down.
    jason.mailley
  • I use to have the most effective tool EVER!

    It was called blue frog. from bluefrogsecurity.com they had some problems and shut down but what a magnificent job it did. I had spammers dropping my name off there list like fly's to the point I was only getting email I wanted. The project has since been moved and this company is trying to build another bluefrog like site. I would encorage everyone who has the ability to help these guys do so. This is probably the most important piece of spam software ever developed. neerly 100% effective. the new company is called okpipi. at:

    http://www.okopipi.org/

    Any programmers out there that can help this company out I encorage you join.
    IceTheNet@...