Dollar Rent-A-Car: Hitting a Spamtrap Instead of a Real User?

U.S automobile rental business Dollar Rent-A-Car is suddenly sending bulk email to an email address that a) did not request it and b) has never existed. In this case, the likely cause is that a certain user at a large U.S. ISP *did* request this email or at least rent a car from Dollar without unchecking the “send me offers” check box on their web site, but provided a typoed email address that Dollar did not confirm before placing it on their list. In other words, these offers are going to a spamtrap *instead of* to a customer who almost certainly requested them and is likely to want them. The ESP is Responsys.

Over the past year I have acquired a couple of spamtrap domains that are similar to large ISP domains with hundreds of thousands of users. Previously I had avoided including domains of that sort in my collection of spamtraps because it seemed unfair to senders to include “gotcha” spamtraps. Much of the email to these sorts of domains is, after all, likely to be misdirected: typoed versions of the email addresses of real subscribers. The companies that have these spamtraps on their lists did not obtain them illegitimately: these are not purchased lists, email appended lists, or the like. They’re real subscriptions that failed at the data collection level.

Several fellow anti-spammers who receive misdirected bulk email to their own email addresses have pointed out to me what I was missing: a non-trivial quantity of unsolicited bulk email is sent to real users who did not request it because of errors in data collection. Companies that collect email addresses under conditions that result in a lot of typos and bad data are at least as likely to spam a real innocent bystander as they are a spamtrap. When they spam a lot of innocent bystanders, their data collection practices become a legitimate concern.

After a few months of observing the spam sent to these new spamtraps, I have to agree with my colleagues. A *lot* of it is misdirected real email: transactional email (some with sensitive private information) and marketing email connected to specific customer accounts. Most compelling, the quantities of this sort of spam are as great as that from companies who purchase lists or hire email appending firms. :/ Companies who send email to customers need to do a better job with their data quality, both to avoid spamming and to ensure that those who asked for their offers and marketing email receive them.

Sending IP:

Spam Sample:

Actual Headers:

Received: from ( [])
        by <xxx> (Postfix) with ESMTP id <xxx>
        for <xxx>; Sun, 16 Dec 2012 08:##:## +0000 (UTC)
DKIM-Signature: <xxx>
DomainKey-Signature: <xxx>
Received: by id <xxx> 
        for <xxx>; Sun, 16 Dec 2012 00:xx:xx -0800 
        (envelope-from <xxx>)
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="<xxx>"
Date: Sun, 16 Dec 2012 00:xx:xx -0800
To: <xxx>
From: "Dollar Rent A Car" <>
Reply-To: "Dollar Rent A Car" <>
Subject: New Year. New SPECIALS!
List-Unsubscribe: <<xxx>>, 
X-sgxh1: <xxx>
X-rext: <xxx>
X-cid: <xxx>
Message-ID: <<xxx>>

Readable Email:

From: Dollar Rent A Car <>
To: <spamtrap>
Subject: New Year. New SPECIALS!
Reply-To: Dollar Rent A Car <>

Lock Low & Go

View this offer and other great Dollar offers by clicking here:<xxx>

Call Us: 855-637-5699



Privacy Policy<xxx>
Questions or Comments<xxx>

Update your preferences<xxx>

Terms and Conditions: You have received this email because you elected to have it sent to you. Please add to your address book to ensure our emails reach your inbox. Please do not reply to this email as we are not able to respond to messages sent to this address. General terms and conditions apply. To receive advertised promotional rates, your reservation must include the corresponding promotion code. (c)2012 DOLLAR RENT A CAR, INC. ALL RIGHTS RESERVED. Dollar features a wide selection of quality vehicles. 5310 E. 31st Street Tulsa, OK 74135-0250 * 1-800-800-4000

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Go back to top