MainSleaze

Several months after I first posted about spam from Broderbund, the company is still regularly sending bulk email advertisements to the same email address as before. Careful examination of the spamtrap indicates that it was probably never a valid email address. It receives no other email except botnet and other criminal types of spam, and the logon portion of the email address shows up regularly in dictionary attacks. The ESP is ExactTarget.

As with many of the mainsleaze spams that I see, this is a “one-off” spamtrap hit; this spam was sent to a single spamtrap. As best I can tell, Broderbund has never spammed another spamtrap of mine, and I have a lot of them. Single spamtrap hits don’t always, or usually, indicate that the sender purchased a list or engaged in genuinely spammy behavior. Customers do provide deliberately false email addresses from time to time when they want a service that requires an email address (such as to register a software product) but don’t want the marketing email that often results. Customers also typo email addresses, or write sloppily on registration cards and confuse the poor data entry person who must transfer the information to the database. If Broderbund were hitting more spamtraps, I would find these scenarios implausible, but not in this case.

So why am I posting this blog? Because it’s been several months, and Broderbund is regularly sending marketing email to an unconfirmed email address which has never, once, shown any signs of life. If this were a real email address, the email would likely end up in that person’s inbox, not in the bulk email folder, because ExactTarget has a (generally deserved) good reputation and doesn’t send much spam. Most users don’t unsubscribe from email that they never asked to receive. Some complain about it to their ISPs, but many ISPs don’t offer an easy method to complain about spam. So the user is stuck with the spam, because Broderbund didn’t bother to confirm subscriptions.

I see a *lot* of one-off spamtrap hits like this, from many companies, via many ESPs. Normal users are not in a position to distinguish between senders who just made a mistake and senders who are spamming; most assume the latter. The erroneous one-off, occasional typoed or maliciously subscribed email address is also entirely preventable — if companies would simply confirm subscriptions to their lists.

Sending IP: 66.231.92.248

Spam Sample:

Actual Headers:

Received: from mta.replies.encore.com (mta.replies.encore.com [66.231.92.248])
        by <xxx> (Postfix) with ESMTP id <xxx>
        for <xxx>; Sun, 29 Apr 2012 07:xx:xx <xxx>
DKIM-Signature: <xxx>
DomainKey-Signature: <xxx>
Received: by mta.replies.encore.com (PowerMTA(TM) v3.5r15) id <xxx> 
        for <xxx>; Sun, 29 Apr 2012 11:xx:xx <xxx> 
        (envelope-from <bounce-<xxx>@bounce.replies.encore.com>)
From: "Broderbund" <Broderbund@replies.broderbund.com>
To: <xxx>
Subject: Anime Studio $29.99 for 24 Hours (Reg. $49.99) - Create Your Own Animation!
Date: Sun, 29 Apr 2012 06:xx:xx <xxx>
List-Unsubscribe: <mailto:leave-<xxx>@leave.replies.encore.com>
MIME-Version: 1.0
x-job: <xxx>
Message-ID: <xxx>
Content-Type: multipart/alternative;
        boundary="<xxx>"

Readable Email:

From: Broderbund <Broderbund@replies.broderbund.com>
To: <spamtrap>
Subject: Anime Studio $29.99 for 24 Hours (Reg. $49.99) – Create Your Own Animation!

Save 40% on a Complete Animation Studio

——————————————–
Anime Studio 8 – $29.99 (Reg. $49.99) Use Code <xxx>
Offer Expires 4/29/12 at 11:59 PM PST

Buy Now
http://click.replies.encore.com/?<xxx>
——————————————–

<removed>

If you no longer wish to receive these emails, click here [http://click.replies.encore.com/?<xxx>] to unsubscribe.

Please add broderbund@replies.broderbund.com to your address book to ensure delivery to your inbox.
Please Do Not Reply to this email. For Customer Service or Technical Support click here

[http://support.encore.com]

Would you rather receive emails from us at a different address?
http://click.replies.encore.com/?<xxx>

<removed>

(c) 2011 Encore Software, Inc., and its licensors. All rights reserved.
Encore, Inc 7400 49th Avenue North New Hope, MN 55428