Secure America Now: Joe Job? Or Spamming A Purchased/Scraped List?

Secure America Now, a political web site whose splash page promotes the impeachment of U.S. President Barack Obama, just emailed a spamtrap email address at a former European ISP. The email address has not been live for several years, and formerly belonged to a citizen of that country who had no ties to the United States. The email was sent through NationBuilder, a “community organizer” that uses ESP Sendgrid.

This particular spamtrap email address could have appeared on the Secure America Now list for one of two reasons. First, one of a very small number of people who know that the email address is a spamtrap and who do not like Secure America Now might have entered it into their web form. This type of forged subscription is called a “Joe Job” after an early attempt to destroy a business’s reputation by forging subscriptions to their email list and then accusing them of spam. Second, Secure America Now might be emailing a purchased, email appended, or other third-party opt-out list.

In this case, I strongly suspect that the second option is the truth. I personally selected every individual who has access to the spamtraps on my spamtrap server. If I have *any* doubts about an individual’s commitment to preventing false accusations of spam against innocent parties, that person is not allowed access to the server or to know the identities of spamtraps on it. (Accusations of that sort provide cover for actual spammers, many of whom do not hesitate to accuse antispammers of falsely accusing them.)

Unfortunately non-commercial spam such as this is not covered by the weak U.S. CAN-SPAM anti-spam law, which most antispammers refer to derisively as the YOU-CAN-SPAM law. Worse, the political and activist communities often believe that their message is so important that the rules of normal courtesy and good citizenship on the Internet do not apply to them. :/ Spamming a third-party, purchased or shared list *STINKS*. It demonstrates that the sender believes that their opinions are so important that they get to use resources that they have not paid for without permission to express their opinions.

I don’t suggest that you change your political opinions because of this sort of behavior. Supporters of Ron Paul for President in 2008 ran a botnet spam operation. The Mitt Romney for President online campaign organization hired a professional snowshoe spammer in 2012. Spamhaus listed that spammer, Activate Direct, in its ROKSO list largely due to the spam for the Romney Campaign. While the election/re-election campaigns of Barack Obama have not sent large quantities of spam, Florida representative Alan Grayson and many other U.S. Democrats have sent election-oriented spam. No political party or orientation has clean hands where spam is concerned.

I do suggest preventing the opinions of political and other activist spammers from affecting you by blocking their domains and IPs in your router or spam filters. They do not deserve to have a voice in what you think or how you vote.

Sending IP: 198.37.148.253

Spam Sample:

Actual Headers:

Received: from o14.email.nationbuilder.com (o14.email.nationbuilder.com [198.37.148.253])
        by <xxx> (Postfix) with ESMTPS id <xxx>
        for <xxx>; Fri,  4 Jul 2014 15:##:## +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=SecureAmericaNow.org;
        h=from:to:subject:mime-version:content-type:content-transfer-encoding;
        s=smtpapi; bh=<xxx>=; b=<xxx>=
Received: by <xxx>.sendgrid.net with SMTP id <xxx>
        2014-07-04 12:##:##.<xxx> +0000 UTC
Received: from nationbuilder.com (<xxx>.rdns.3dna.io [162.219.220.##])
        by <xxx>.iad1.sendgrid.net (SG) with ESMTP id <xxx>
        for <sendingthrough@nationbuilder.com>; Fri, 04 Jul 2014 12:##:## +0000 (GMT)
Date: Fri, 04 Jul 2014 12:##:## +0000
From: Secure America Now <info@SecureAmericaNow.org>
To: <xxx>
Message-ID: <<xxx>@worker2.mail>
Subject: Happy Fourth of July
Mime-Version: 1.0
Content-Type: multipart/alternative;
 boundary="--==_mimepart_<xxx>";
 charset=UTF-8
Content-Transfer-Encoding: 7bit
X-SG-EID: <xxx>=
X-SG-ID: <xxx>==

Readable Email:

From: Secure America Now <info@SecureAmericaNow.org>
To: <spamtrap>
Subject: Happy Fourth of July

Happy Fourth of July!

<Above link opens a web site that solicits donations for the organization.>

Facebook Facebook Facebook

Secure America Now is a non-partisan group of Americans concerned with protecting America’s security. We bring critical security issues to the forefront of the American debate.

Our mailing address is: 1025 Connecticut Ave, NW, Suite 400, Washington, DC 20036

This message was sent to <xxx> | To Update or Change your Email Address | Unsubscribe from alerts

4 Responses to Secure America Now: Joe Job? Or Spamming A Purchased/Scraped List?

  1. Hello,

    Thank you for the posting on Nation Builder. I’m reaching out to them and my team to figure out what changed in their program and that purchasing lists is not acceptable. Happy to follow up on this blog post if that is appropriate.

    Ryan

  2. Hello,

    NationBuilder spoke with their client Secure America Now (SAN). Their customer confirms they have not purchased or borrowed lists. Nation Builder has a very strong stance against the use of purchased lists: http://nationbuilder.com/email_acceptable_use.

    We did see that SAN was using Facebook for sign ups. I’ve seen in the past email addresses associated with Facebook accounts being spam traps. We have suggested they review their opt in process specifically around Facebook. SAN thought that the email could have been maliciously added to an opt in. We voiced that this was very unlikely and emphasized the need for a confirmed opt in process.

    Should you continue to see SAN, or a client of Nation Builder continue to hit your spam traps please post on MainSleaze, or feel free to reach out directly.

    Ryan

  3. Hey, Ryan,

    I apologize for not responding sooner. There were a few more spamtrap hits through about 1 week ago, and then nothing. I also checked for other spam with HELO containing nationbuilder.com and found nothing, so the problem appears to be with your customer’s customer only.

    I’ll keep you posted if I see anything else.

    Catherine

  4. Hello Catherine,

    Thank you for the update and don’t hesitate to post on mainsleaze or reach out directly if you see any problems.

    Thank you for your time!

    Ryan

Leave a Reply

Go back to top