What do Sprint-Nextel and Burt’s Bees Have in Common?
Just tonight two legitimate mainstream companies — cellular telephone carrier Sprint-Nextel and cosmetics maker Burt’s Bees — both spammed a number of spamtraps. I doubt that either company is aware of it. Both companies apparently hired a third company, Freshaddress.com, that calls itself “The Email Address Experts”, to reconfirm certain email addresses for them. FreshAddress.com used the ESP Listrak to send opt-out “reconfirmation” requests to several spamtraps.
What is the problem with this? Legitimate, non-spamming reconfirmation requests are opt-in. They request that a user respond to the email to indicate that they want to remain subscribed to the list. If the user does not respond, their email address is automatically removed from the list. The emails that were sent by FreshAddress.com yesterday were opt-out; they requested that the user respond to be removed. They stated explicitly that users that did not respond would be kept on the list.
There was an additional problem with these mailings. Not one of the email addresses that received these mailings had previously received email from either Sprint-Nextel or Burt’s Bees (either directly or via an ESP) in the period since they exited their timeout and were turned into spamtraps. None of these email addresses has been a legitimate email address with a real user since before 2008. One has not been a legitimate email address for almost a decade. It appears that both Sprint-Nextel and Burt’s Bees were attempting to reconnect with email addresses that had bounced and been suppressed, with fallow lists, or possibly with purchased lists that had never opted in to receive their email at all.
Unless FreshAddress.com was falsely claiming to represent Sprint-Nextel and Burt’s Bees in the emails that they sent, which I believe is unlikely, in my (strongly held) opinion the marketing departments at both companies dropped the ball. They should never have attempted to recontact suppression lists or fallow lists, and certainly not have attempted to “clean” a purchased list if that is what they were doing. I also believe that, had Listrak checked FreshAddress.com’s background and reputation more thoroughly, they would not have agreed to accept them as a customer.
Just a simple check of the FreshAddress.com web site causes red flags to pop up everywhere. The site advertises “list cleaning”, “data appending”, and a number of other similar services. Most ESPs and ISPs outright ban the use of e-pended lists and purchased lists of any sort in their Authorized Use Policies (AUPs) or Terms of Service (TOS) because such lists are third-party lists, meaning that they are by definition not opt-in. Most anti-spam blacklists and reputation services (and most antispammers, including me) consider many of the services that FreshAddress.com advertises to be outright spam support. The FreshAddress.com web site also has an extremely poor rating from the Web-O-Trust web reputation service.
Sprint Nextel and Burt’s Bees, please don’t do this again! Listrak, PLEASE be more careful whom you let use your service!
Sending IP: 66.109.242.84
Spam Sample:
Actual Headers:
Received: from lmta13.4fa.net (lmta13.4fa.net [66.109.242.84])
by <xxx> (Postfix) with ESMTP id <xxx>
for <xxx>; Fri, 2 Dec 2011 09:xx:xx -0600 (CST)
DKIM-Signature: <xxx>
DomainKey-Signature: <xxx>
Received: by lmta13.4fa.net id <xxx>
for <xxx>; Fri, 2 Dec 2011 10:xx:xx -0500
(envelope-from <<xxx>@bounce.4fa.net>)
From: "Sprint" <Sprint@4fa.net>
To: <xxx>
Subject: Sprint Email Confirmation
Date: 02 Dec 2011 <xxx> -0500
Message-ID: <<xxx>@4fa.net>
MIME-Version: 1.0
<xxx>-sentto: <xxx>
Errors-to: <xxx>@bounce.4fa.net
<xxx>-errorsto: <xxx>@bounce.4fa.net
List-Unsubscribe: <http://www.4fa.net/?<xxx>>
X-Origin-Reference: <xxx>
Content-Type: multipart/alternative;
boundary="----=_NextPart_<xxx>"
Readable Email:
From: Sprint <Sprint@4fa.net>
To: <spamtrap>
Subject: Sprint Email Confirmation
Dear Sprint Insider,
Upon reviewing our customer records, we noticed you may not be receiving exclusive Sprint news and offers at your preferred email address. To better serve you, we would like to ensure that we are mailing you at your preferred email address. We have partnered with the email change of address company FreshAddress.com to assist us in validating and updating this information.
If you would like to receive exclusive online offers and the latest Sprint news at <xxx>, no action is required by you and we will simply update your email address in our system.
Thank you for assisting us with this process and we look forward to keeping you in the know!
Sincerely,
Sprint
This email was sent to <xxx>. If you wish to unsubscribe from Sprint promotional emails, please visit:
http://www.4fa.net/?<xxx>
To contact Sprint Nextel, write to: Office of Privacy – Legal Department, Sprint Nextel, P.O. Box 4600, Reston, VA 20195.
To view the Sprint Privacy Policy, please visit:
http://www.sprint.com/legal/privacy.html
©2011 Sprint. Sprint and the logo are trademarks of Sprint. Other marks are the property of their respective owners.
All rights reserved.
If you would like more information regarding FreshAddress.com, please visit:
http://www.freshaddress.com/general/gfaq.cfm?<xxx>
Sending IP: 66.109.242.118
Spam Sample:
Actual Headers:
Received: from lmta26.4fa.net (lmta26.4fa.net [66.109.242.118])
by <xxx> (Postfix) with ESMTP id <xxx>
for <xxx>; Fri, 2 Dec 2011 12:xx:xx -0600 (CST)
DKIM-Signature: <xxx>
DomainKey-Signature: <xxx>
Received: by lmta26.4fa.net id <xxx>
for <xxx>; Fri, 2 Dec 2011 13:xx:xx -0500
(envelope-from <<xxx>@bounce.4fa.net>)
From: "Burt's Bees, Inc." <BurtsBeesInc@4fa.net>
To: <xxx>
Subject: Burt's Bees, Inc. Email Confirmation
Date: 02 Dec 2011 13:xx:xx -0500
Message-ID: <<xxx>@4fa.net>
MIME-Version: 1.0
<xxx>-sentto: <xxx>
Errors-to: <xxx>@bounce.4fa.net
<xxx>-errorsto: <xxx>@bounce.4fa.net
List-Unsubscribe: <http://www.4fa.net/?<xxx>
X-Origin-Reference: <xxx>
Content-Type: multipart/alternative;
boundary="----=_NextPart_<xxx>
Readable Email:
From: Burt’s Bees, Inc. <BurtsBeesInc@4fa.net>
To: <spamtrap>
Subject: Burt’s Bees, Inc. Email Confirmation
Dear Valued Burt’s Bees, Inc. Customer,
In order to better serve you, we would like to ensure that our records have
your preferred email address. We are utilizing the email change of address
company FreshAddress.com to validate and update this information.
– Is <xxx> your preferred email address? If so, there’s no need to do anything! We will automatically update our system.
– Do you want to be contacted at a different email address? To let us know your preference, please visit:
http://www.freshaddress.com/change/index.cfm?<xxx>
Thank you.
Sincerely,
Burt’s Bees, Inc.
210 W Pettigrew St.
Durham, NC 27701
This email was sent to <xxx>
If you would like to unsubscribe from Burt’s Bees, Inc. please visit:
http://www.4fa.net/?<xxx>
If you would like more information about FreshAddress.com, please visit:
http://www.freshaddress.com/general/gfaq.cfm?<xxx>
Pingback: Burt’s Bees: Now Spamming a Spamtrap Near Me…. » MainSleaze
Pingback: Sprint: MASSIVE Spam Run (Shame on you!) » MainSleaze