Secure America Now: Joe Job? Or Spamming A Purchased/Scraped List?

Secure America Now, a political web site whose splash page promotes the impeachment of U.S. President Barack Obama, just emailed a spamtrap email address at a former European ISP. The email address has not been live for several years, and formerly belonged to a citizen of that country who had no ties to the United States. The email was sent through NationBuilder, a “community organizer” that uses ESP Sendgrid.

This particular spamtrap email address could have appeared on the Secure America Now list for one of two reasons. First, one of a very small number of people who know that the email address is a spamtrap and who do not like Secure America Now might have entered it into their web form. This type of forged subscription is called a “Joe Job” after an early attempt to destroy a business’s reputation by forging subscriptions to their email list and then accusing them of spam. Second, Secure America Now might be emailing a purchased, email appended, or other third-party opt-out list.

In this case, I strongly suspect that the second option is the truth. I personally selected every individual who has access to the spamtraps on my spamtrap server. If I have *any* doubts about an individual’s commitment to preventing false accusations of spam against innocent parties, that person is not allowed access to the server or to know the identities of spamtraps on it. (Accusations of that sort provide cover for actual spammers, many of whom do not hesitate to accuse antispammers of falsely accusing them.)

Unfortunately non-commercial spam such as this is not covered by the weak U.S. CAN-SPAM anti-spam law, which most antispammers refer to derisively as the YOU-CAN-SPAM law. Worse, the political and activist communities often believe that their message is so important that the rules of normal courtesy and good citizenship on the Internet do not apply to them. :/ Spamming a third-party, purchased or shared list *STINKS*. It demonstrates that the sender believes that their opinions are so important that they get to use resources that they have not paid for without permission to express their opinions.

I don’t suggest that you change your political opinions because of this sort of behavior. Supporters of Ron Paul for President in 2008 ran a botnet spam operation. The Mitt Romney for President online campaign organization hired a professional snowshoe spammer in 2012. Spamhaus listed that spammer, Activate Direct, in its ROKSO list largely due to the spam for the Romney Campaign. While the election/re-election campaigns of Barack Obama have not sent large quantities of spam, Florida representative Alan Grayson and many other U.S. Democrats have sent election-oriented spam. No political party or orientation has clean hands where spam is concerned.

I do suggest preventing the opinions of political and other activist spammers from affecting you by blocking their domains and IPs in your router or spam filters. They do not deserve to have a voice in what you think or how you vote.

Sending IP:

Spam Sample:

Actual Headers:

Received: from ( [])
        by <xxx> (Postfix) with ESMTPS id <xxx>
        for <xxx>; Fri,  4 Jul 2014 15:##:## +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed;;
        s=smtpapi; bh=<xxx>=; b=<xxx>=
Received: by <xxx> with SMTP id <xxx>
        2014-07-04 12:##:##.<xxx> +0000 UTC
Received: from (<xxx> [162.219.220.##])
        by <xxx> (SG) with ESMTP id <xxx>
        for <>; Fri, 04 Jul 2014 12:##:## +0000 (GMT)
Date: Fri, 04 Jul 2014 12:##:## +0000
From: Secure America Now <>
To: <xxx>
Message-ID: <<xxx>@worker2.mail>
Subject: Happy Fourth of July
Mime-Version: 1.0
Content-Type: multipart/alternative;
Content-Transfer-Encoding: 7bit
X-SG-EID: <xxx>=
X-SG-ID: <xxx>==

Readable Email:

From: Secure America Now <>
To: <spamtrap>
Subject: Happy Fourth of July

Happy Fourth of July!

<Above link opens a web site that solicits donations for the organization.>

Facebook Facebook Facebook

Secure America Now is a non-partisan group of Americans concerned with protecting America’s security. We bring critical security issues to the forefront of the American debate.

Our mailing address is: 1025 Connecticut Ave, NW, Suite 400, Washington, DC 20036

This message was sent to <xxx> | To Update or Change your Email Address | Unsubscribe from alerts

4 Responses to Secure America Now: Joe Job? Or Spamming A Purchased/Scraped List?

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Go back to top