“Changes in spam levels normally signal one of two things, either a change in tactics or more likely in this case, a drop in customers buying spam lists”
SoftScan announced today that spam levels are back up in the nineties, with 90.06% of email scanned during June classified as spam. via Pocket-lint.co.uk
Read More… (From Email Spam News)
The TQMCUBE Blacklist seems to have been abandoned, and/or the creator and admins are missing in action. Over on DNSBL.com, I’ve collected all the information I have on the topic.
Read More… (From Al Iverson’s Spam Resource)
“If you really want to work out somebody’s background … you can actually find out a lot”
Hackers appear to have stepped up their efforts to trick corporate executives into downloading malicious software programs that can steal company data over the past year, according to new data released today. via ComputerWorld
Read More… (From Email Spam News)
Down in the trenches, as it were, I see a lot of miscommunication and misdirection on the subject of confirmed opt-in/double opt-in. Here’s some quick notes, thoughts spurred by recent discussion on various forums I participate in.
Confirmed opt-in and double opt-in both mean the following and only the following: A potential recipient submits an email address at a web page. This triggers a confirmation request email. No further emails are sent to the end recipient until and unless they take positive action to confirm the subscription in response to this confirmation request email. That means the person who received the confirmation message has to click on a link (or respond to a token, but I prefer the link method) to confirm the subscription. If they didn’t do that, then you don’t consider them opt-in, and you don’t email them further.
Sometimes you have people doing the right thing but in the worst possible way don’t be like Goofus and pound on unconfirmed recipients over and over and over, unless you like poor deliverability. A second confirmation request might be reasonable, but anything more and you’re guaranteeing spam complaints against you. It defeats the whole purpose (improved deliverability) of doing the right thing.
If somebody uses the term confirmed opt-in to mean filling out a web form and receiving an email saying Your subscription is confirmed. If this is incorrect, click here, then they are mistaken. This isn’t confirmed opt-in or double opt-in. It’s a signup form with a welcome message. The welcome message lets the recipient opt-out if necessary, and that’s great but it’s not confirming anything as far as the opt-in police (ISPs, blacklists, etc.) are concerned. I see a lot of confusion surrounding this and it’s important to remember the following: It’s not confirmed opt-in or double opt-in unless the recipient has to take that active step of clicking on a YES link or taking some other YES-affirming action.
Confirmed opt-in doesn’t make it okay to buy/sell lists. If somebody offers to sell you a guaranteed double opt-in list that they’ve been compiling for years and it’s super awesome and you’ll get great response!!!, run for the hills. There’s no way that people on this list know about you or expect to get your email. It might be totally legal, but it’ll put you on the fast track to getting blocked by all the large ISPs. (And the list seller is probably lying about it being double opt-in, anyway.) (Looking for legit ways to build your list? Here’s a previous article on the topic.) And if you’re taking your confirmed opt-in list and selling it, everybody buying it is a sucker. All of those people are going to start sending to that list, diluting its value and driving high spam complaints. Regardless of how clear the opt-in was, people who send to a list like that are going to get blocked.
I spend lots of time working with clients undoing damage from co-reg lists, append list, etc., because somebody told the client (before I was involved) that this list is guaranteed opt-in and it’ll have a great match rate, everybody wants to hear from you, and it’ll drive great response. So the client signs on the dotted line, some append vendor does a poor opt-out introduction email, then passes over any addresses that don’t opt-out, and you never hear from the vendor again.
What happens next? The client’s ability to deliver email begins to suffer, shortly after beginning to mail this fabulous new list segment. That’s when they end up pulling me into the loop (because, of course, I’m awesome!) to figure out what went wrong. Fixing the problem inevitably boils down to jettisoning these not direct opt-in list segments. Save your money and avoid this in the first place.
There are best practices you can and should apply to confirmation emails just like you would for any other email you send.
HTML tends to work better (drive a higher confirmation completion rate) than text. My tests have always confirmed this. If you’re not sure, test it for yourself.
Branding is important. Make sure people know that the message is from you. The from line, subject line, and header in the email should all clearly refer to the sender. A logo is an excellent idea, but also make sure the email degrades gracefully if images are blocked by the recipient.
The opt-in process should be nothing more than a simple, easy-to-click hyperlink. Nothing fancy, no captchas, no enter a code, etc. (But make sure that link can’t be spoofed to opt-in a different recipient.)
Include clear wording that says what the person is signing up for, how often you’re going to send them emails, and how they can unsubscribe from the list if/when they change their mind.
Include information about the source of the opt-in request. The IP address from where the web form submit occurred, and the date/time (with time zone) are necessary bits of data to include. (You’re tracking this already, right? If not, uh oh.) What this does is it allows people who get forged subscription requests to hunt down the source ISP on their own and leave you alone. Anti-spam groups really like this step.
Short and sweet is the key. If it takes a three page email to explain why people want to opt-in or how to confirm, then you’re doing something wrong. Recipients’ eyes will glaze over and your confirmation rate will suffer. You should be able to fit the key messages of why to opt-in, how to opt-in, and anything else you want to convey, in just a few inches of email space.
You will find that none of this is a 100% guarantee against blacklisting. Sadly, there are some people who will attack you , even though you’re doing COI/DOI just because they don’t like you, or they don’t like that somebody forged their address, or that your email contains HTML. Ignore them and do the right thing regardless. Why? Because the smart anti-spam folks who control the keys to the inbox at the large ISPs have significantly fewer issues with folks who run confirmed opt-in/double opt-in. If you do it and stick to it, you’ll get blocked much less often and have a strong message to convey to any anti-spam group or ISP who takes issue with you.
And finally, DON’T LIE! If I had a nickel for every time somebody lied to me about a list being confirmed opt-in, I’d be a rich man. How stupid do you think ISPs are? They can instantly tell when you’re hitting spamtraps, when too much of your mail attempts bounce, and when your mail generates too many complaints. Just because some ISPs provide data on this back to you doesn’t mean it’ll help you evade their filters and processes. Trust me, I’ve met most of these ISP guys, and they’re smarter than both me and you.
Nigerian comedian and actor Nkem Owoh was one of the 111 suspected 419 scammers arrested in Amsterdam recently as part of a seven month investigation, dubbed Operation Apollo.
Read More… (From The Register - Security: Spam)
“Piggyback spam” is the lastest technique to lure users into opening a malicious file. Messages are embedded with URL links that are completely unrelated to the content of the message and open up a file rather than a website.
Read More… (From Spam News)
Security Response has received reports of a fake email purporting to have come from the US Department of Justice. The email informs the recipient of a complaint received by the IRS against the recipient”s business. The email looks reasonably well crafted and most people would tend to treat emails from the US Department of Justice with at least a bit of urgency.The details of the email are as follows:Subject:
Complaint Case Number: 895285164 (Note the case number may vary)From:
US Department of Justice [abuse@usdoj.gov]Email Body:
The email may contain the following text. Please note that the name of the plaintiff, the date and case number may vary. Despite the message that states an attachment is included with the email, there may or may not be any attachments.
Dear citizen ,A complaint has been filled against your company in regards to the business services it provides .The complaint was filled by Mr. Henry Stewart on 06/19/2007/ and has been forwarded to us and the IRS .Complaint Case Number: 895285164
Date: 06/19/2007/A copy of the original complaint and the contact information of Mr. Henry Stewart has been attached to this e-mail.
…
Attachment:
original_complaint.doc (already detected as Trojan.Trickanclick)When this document is opened, it contains a message asking the user to manually open an embedded MSWord.exe (already detected as Downloader) file due to problems encountered by Microsoft word. If the embedded .exe file is run, it attempts to download other files from a remote location. At this time the remote files are unavailable.Users of Symantec Antivirus products are already protected; however users should remain vigilant.In addition Symantec Security Response recommends the following:
DO NOT respond to this email.
DO NOT double click or open any attachments that may be found in the email.
DO NOT follow or click on any links that may be found in the email.
Delete this email.
Ensure that their antivirus definitions are up to date.
As in interesting twist to this tale, we have also reasons to believe that the people responsible for this spam run may also be responsible for the recent fake Microsoft patch emails as well. The executable file used in both attacks is in fact the same but with the file names changed to suit the nature of the social engineering trick used. Given the low tech methods employed in these attacks it would appear that they are mounted by relative amateur players. Based on current form, we would expect to see these busy bodies repackaging this Trojan in the form of a new scam email and dishing it up again and again. July the fourth is just around the corner and the reappearance of this Trojan in bogus electronic greeting card emails for July 4th celebrations is a pretty good bet.
Read More… (From Security Response Weblog)
Don’t be so quick to blame the content. Contrary to popular belief, a new report reveals that message content is not a major cause of deliverability challenges. via IMedia Connection
Read More… (From Email Spam News)
Spoof turns realNigerian comedian and actor Nkem Owoh was one of the 111 suspected 419 scammers arrested in Amsterdam recently as part of a seven month investigation, dubbed Operation Apollo.Original post by Dougal and plugin by Elliott Back
Read More… (From The War on Spam)
Security Response has received reports of a fake email purporting to have come from the US Department of Justice. The email informs the recipient of a complaint received by the IRS against the recipient”s business. The email looks reasonably well crafted and most people would tend to treat emails from the US Department of Justice with at least a bit of urgency.The details of the email are as follows:Subject:
Complaint Case Number: 895285164 (Note the case number may vary)From:
US Department of Justice [abuse@usdoj.gov]Email Body:
The email may contain the following text. Please note that the name of the plaintiff, the date and case number may vary. Despite the message that states an attachment is included with the email, there may or may not be any attachments.
Dear citizen ,A complaint has been filled against your company in regards to the business services it provides .The complaint was filled by Mr. Henry Stewart on 06/19/2007/ and has been forwarded to us and the IRS .Complaint Case Number: 895285164
Date: 06/19/2007/A copy of the original complaint and the contact information of Mr. Henry Stewart has been attached to this e-mail.
…
[IMAGE 1]Attachment:
original_complaint.doc (already detected as Trojan.Trickanclick)When this document is opened, it contains a message asking the user to manually open an embedded MSWord.exe (already detected as Downloader) file due to problems encountered by Microsoft word. If the embedded .exe file is run, it attempts to download other files from a remote location. At this time the remote files are unavailable.Users of Symantec Antivirus products are already protected; however users should remain vigilant.In addition Symantec Security Response recommends the following:
DO NOT respond to this email.
DO NOT double click or open any attachments that may be found in the email.
DO NOT follow or click on any links that may be found in the email.
Delete this email.
Ensure that their antivirus definitions are up to date.
As in interesting twist to this tale, we have also reasons to believe that the people responsible for this spam run may also be responsible for the recent fake Microsoft patch emails as well. The executable file used in both attacks is in fact the same but with the file names changed to suit the nature of the social engineering trick used. Given the low tech methods employed in these attacks it would appear that they are mounted by relative amateur players. Based on current form, we would expect to see these busy bodies repackaging this Trojan in the form of a new scam email and dishing it up again and again. July the fourth is just around the corner and the reappearance of this Trojan in bogus electronic greeting card emails for July 4th celebrations is a pretty good bet.
Read More… (From Security Response Weblog)
Is the problem withjournalism that it always focuses on the increment? Was reading Jeff Jarvis’ piece on the revolutionary impact of the iPhone — not, I hasten to add, about the iPhone asan item (the fetishismsurrounding itmay mark a lowpointin…
Read More… (From loose wire blog)
“This yet again confirms the expanding trend in web-borne malware”
Secure Computing Corporation , a leading enterprise gateway security company, today warned that email spam, indicating that the recipient has won a new iPhone, is directing users to a malware hosting website. via Customer Interaction Solutions
Read More… (From Email Spam News)
“We denied all of that and proved we did not send spam, although Mr. Mumma would like to redefine spam so that he can continue to call our clients spammers”
“Spam” has become the latest four-letter word that causes businesses to take offense when it’s directed at them. via InformationWeek
Read More… (From Email Spam News)
Phone spam feels like it’s getting worse. I and my wife have been receiving numerous calls from the local arm of ANZ Bank — a bank I am happy to identify by name because I’ve sought comment from them without…
Read More… (From loose wire blog)
