“The Tea Party”: Spamming a Shiny Brand New Spamtrap *after* the Election

An organization that I did not see or hear from during the recent U.S. Presidential election campaign, The Tea Party, began sending email a couple of days after the election to a brand new shiny spamtrap at a domain that I have owned for some time. This spamtrap has not previously received email from anybody: I enabled it last week after I reviewed my mail logs and noticed that somebody was trying to send email to it. The IP that sent this email belongs to ESP Sendgrid. The domain that sent this email, pd25.com, belongs to what I thought was a rival ESP, ExactTarget. The authorized use policies (AUP) of both ESPs decidedly require that bulk email sent through them be sent only to email addresses that opted in.

So how’d this happen? My guess is a typo. Either somebody typoed their email address when signing onto the list at the web site, or (alternatively) somebody typoed when entering an email address from a card collected at a meeting, or a handwritten list. Since TheTeaParty.net does not confirm subscriptions, they are now spamming one of my spamtraps, and how many others? TheTeaParty.net needs to protect itself better against mistakes and (unfortunately) possible dirty tricks that could damage its reputation and distract it from its mission.

Sending IP: 208.117.55.160

Spam Sample:

Actual Headers:

Received: from o284.email.pd25.com (o284.email.pd25.com [208.117.55.160])
        by <xxx> (Postfix) with SMTP id <xxx>
        for <xxx>; Wed, 14 Nov 2012 02:xx:xx +0000 (UTC)
DKIM-Signature: <xxx>
DomainKey-Signature: <xxx>
Received: by 10.36.xx.xx with SMTP id <xxx>
        Tue, 13 Nov 2012 20:xx:xx -0600 (CST)
Received: from [127.0.0.1] (unknown [10.8.xx.xx])
        by None (SG) with ESMTP id <xxx>
        for <xxx>; Tue, 13 Nov 2012 20:xx:xx -0600 (CST)
Message-ID: <<xxx>@swift.generated>
Date: Tue, 13 Nov 2012 21:xx:xx -0500
Subject: Will you take this poll?
From: The Tea Party <info@theteaparty.net>
To: <xxx>
MIME-Version: 1.0
Content-Type: multipart/alternative;
 boundary="<xxx>"
X-Sendgrid-EID: <xxx>
X-Sendgrid-ID: <xxx>

Readable Email:

From: The Tea Party <info@theteaparty.net>
To: <spamtrap>
Subject: Will you take this poll?
Reply-To: enews@verizonbusinessmadeeasy.com

New from TheTeaParty.net:

Is this email not displaying correctly? View it in your browser
http://ttpmail.theteaparty.net/webmail/<xxx>

Dear Patriot,

We must work together to continue to send a message to our elected
officials in Washington, D.C. I would call them leaders, but the fact
that they seem to want to dictate to us instead precludes me from using
that word. Now is the time for those freedom loving Americans who stand
for liberty, will fight for the Constitution, believe in personal
responsibility, and want a constitutionally limited government to stand
together and let everyone know that we are still here and we will make
our voices be heard louder than ever!

http://ttpmail.theteaparty.net/<xxx>

<removed>

Our mailing address is:

The Tea Party
1701 Pennsylvania Ave. NW
Suite 300, PMB-433
Washington, DC, 20006
United States

10 Responses to “The Tea Party”: Spamming a Shiny Brand New Spamtrap *after* the Election

  1. Hello,

    Thank you for posting this. SendGrid will be reaching out to this sender and investigating their practices.

    I will update when I have more information to provide.

    Ryan Harris
    Lead Abuse Engineer

    • That sounds good. A single hit on an easily-typoed spamtrap is *not* the most serious spam issue out there. πŸ™‚ It does however show that this sender isn’t being as careful as they could be. Since partisan political groups are likely targets for dirty tricks, they need to be careful.

      I also got a ping from ExactTarget — they’re investigating why their domain is being used on IPs that they don’t own. It’s probably no big deal, but you might want to ask your customer some questions about that if they brought the domain with them.

  2. Ah, this was a bit confusing at first. Turns out the email platform here is actually Pardot – which was recently purchased by us here at ExactTarget. So that pd25.com is truly ours, and this is indeed a mail sent by a client of ours. I’ve engaged the right people at Pardot to investigate. I’m sure we’ll be talking with the Sendgrid folks as well.

  3. Hi — I am from TheTeaParty.net. Luckily this showed up in a Google alert..

    We want to make sure that we are fully compliant. We have never had an issue with our sends (been sending emails for 3 years).

    Our process has always been a double opt-in. But I think I may know how this error may have occurred by one of our staff involving a survey (and like you said, likely an error in spelling). We are discussing now (and will speak with Pardot as well).

    Please contact me at jacob@theteaparty.net for further questions. Like I said, we have always been fully compliant for 3 years and appreciate your recognition of an error somewhere within our process.

    Please do not hesitate to contact me.

    • If you’ve been mailing for three years and never had a problem before, that isn’t a bad record. πŸ™‚ I’m glad that you found the problem. You probably should reconfirm the email addresses that were involved in that one operation.

      BTW, Pardot appears to be a recently-acquired subsidiary of ExactTarget, but is still using its original ESP Sendmail to send its emails. I believe that ExactTarget will be along in a bit to explain the whole thing.

      • Thanks again, SpamBouncer.

        Do you suggest sending an opt-in email to the emails we believe are involved? That’s what you mean by “reconfirming”, correct? Just want to make sure we take the correct steps.

        Pardot has contacted us and we are working with them as well to answer their questions on our process.

        P.S. – Wish I had known about your blog about 11 months ago. I could tell you a story about how a SpamHaus issue seriously may have caused a certain Presidential candidate the election.

        • Definitely send an opt-in email to the email addresses that you believe were involved, and don’t add them back to your list until they respond. You can usually send two opt-in emails — the initial one and a reminder — as long as they are separated by at least one day and no more than a week. Also, you want to include a brief description of your site and list, but also make sure that the emails are specifically opt-in emails and don’t look or sound like you’re trying to market.

          I’m already well aware of the “Romney snowshoe” problem, if that’s what you mean. I blogged about it a month ago, although snowshoe spam is not strictly on topic for the Mainsleaze blog.

          I’ve rarely been as frustrated with any type of spam as I was with the Romney campaign hiring a snowshoe spammer. Their actions had the potential to legitimize snowshoe spam — a type of spam that I believe constitutes outright theft and fraud. If the election had been closer, it might also have influenced the outcome, although I don’t believe that it did given the margin of victory.

          As an American who is very concerned with the future of my country, I would hate to see an election won *or* lost because of a side issue like spam. There are too many more important things to decide!

          So do me a favor: get this issue dealt with and DO NOT let the lessons from the Romney snowshoe be lost on you. πŸ™‚ If you use bulk email the right way, then attention is focused — not on your mailing practices — but your message.

  4. Hi, I’m Raz, Pardot’s email engineer. When I first saw this report, I was a little surprised as Tea Party has sent a very high volume of email through our application with very good delivery stats, low bounce rate, low spam complaint rate, etc. I immediately reached out to our contacts at Tea Party to discuss the spam issue, which I haven’t had to do since they joined us. They’ve been very cooperative with us and we’ll be going over their opt-in process to see what we can do to prevent this type of thing from happening again. We certainly apologize for the unsolicited email sent out through our system and appreciate you bringing it to our attention!

    • As the blog indicates, I hadn’t heard from them during the election. I didn’t think that was because they weren’t sending plenty of email. πŸ™‚

      I recently tested their web site subscription process, however, by signing up a tagged email address of my own to see how they processed it. They accepted the email address and did not confirm it. That tells me that any typoed email addresses could easily end up on their list. I suspect that’s what happened; somebody typoed their email address when subscribing.

      That isn’t intentional spamming, of course — it’s a simple mistake. However, it’s important to avoid certain kinds of mistakes when you’re a target for political dirty tricks.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Go back to top