March 2015 in spamtraps: ESPs

Just a quick table this time, no beautiful graphs.

Read more…

RIP: Ellen @ Spamcop, Spamfighter Extraordinaire

A friend died last night after a brief illness, Ellen R., best known to many as “Ellen @ Spamcop”. I’ve known Ellen for a couple of decades now; she was an early stalwart in the antispam world. For many years she handled the abuse desk at Spamcop, one of the early antispam blocklists. Ellen handled everything: complaints from spammers, email from bewildered end users who did not understand why their email was blocked, misdirected spam reports from angry end users who just wanted the spam flooding their inbox to stop. She handled it all with professional courtesy and something better: genuine concern for people and a desire to help them keep their mailbox free of spam so they could find the messages that they wanted to receive.

Spammers didn’t like her much. Most other people did. I did, and I’ll miss her.

Does “Engagement” Matter for Email Marketing?

Today in a private forum some friends, all of them involved in one way or another with the email marketing world, were discussing a new post on the Only Influencers email blog. In that post Bob Frady (an email marketer) expresses his approval of comments by Dela Quist (another email marketer) that dismiss the importance of “engagement” in email marketing. For those who are not familiar with email marketing terms, “engagement” means the degree to which recipients of marketing email open, read, and respond to the offers presented to them.

Read more…

When Users Really DO NOT Want Your Email….

As I was looking through today’s crop of ESP-sent, mostly mainsleaze spam, I kept stumbling across spam sent to some of my most amusing spamtraps. These spamtraps are not typotraps so much as obvious forgeries, the sort of thing that users type when they are asked for an email address, do not want to refuse, and yet do not want to receive email from you either. Any company might have one of these on their list, but I found several companies and a number of ESPs sending to several of these obvious forgeries. Today. In the past 24 hours.

Read more…

Estonian professional spam operations (targeting Finland)

Finnish businesses, kindly stay away from the following Estonian businesses for your marketing needs.

  • MK Ärilahendused OÜ (recent SBL listing) / Dmitri Mihhailov Update: Listed on ROKSO
  • Scandinavian Marketing OÜ / Urmo Valle / Urmo Mark
  • Mihail Fortis (recent SBL listing; unknown if he operates as a business or not)

Read more…

Regarding responsibilities in affiliate marketing

Quite some time back, the Data Protection Ombudsman in Finland has issued a position paper on affiliate marketing and the division of responsibilities therein. The document is naturally in Finnish only. The core message is following the money; holding the owners of the advertised products and services responsible for the processing of personal data in such situations. This is nice when (as so often happens) the affiliate marketers violate all laws on the books, remaining anonymous, not including anything on the file of personal data they use, spamming, etc.

Shellshock Restrictions Lifted: Comments Allowed

It looks like WordPress and our security software have done whatever testing and updates are necessary to prevent shellshock compromises to WordPress, so comments are again enabled on this site.

Temporary Shellshock Restrictions

I have turned off comments on this blog for the present till the new Shellshock vulnerability is completely assessed and thoroughly patched. WordPress is based on PHP, and uses shell calls. I don’t know that WordPress comments are vulnerable to exploitation of this bug, but until I’m sure we won’t take that chance. Thank you for your patience!

How to hijack social media accounts without any hacking required

Facebook, LinkedIn, Twitter and any number of smaller social networks we don’t even know all seem to suffer from the same problem: ignoring the fact that domains cease to exist.

Only just today, I’ve spotted mail from LinkedIn to many accounts in over a dozen spamtrap domains. Twitter likewise, and Facebook, even more. I imagine that having control of these email addresses, I could “reset password” in all of those accounts if I wanted to, and therefore gain control over most of them (if they aren’t using two-factor authentication, such as that LinkedIn offers). How is this in the interest of the social networks or the account owners?

Go back to top