The Continuing Rise of E-Mail Marketing

Mark Cantrell writes: "Yahoo is running a story from Reuters Internet Report that says that companies like Doubleclick are becoming more popular with online businesses because of the low price they charge. $25 for 1000 people spammed is the example given. They do mention that there is a threat that spam may get out of hand, however. May get? Obviously they haven't seen my mailbox or Usenet lately. My favorite quote from the article: 'I think spam is becoming a problem,' Bluefly's Seiff said. 'Any time you get clutter in your mailboxes, it is not beneficial to e-mail marketers like us.'" The article touches on true spam, but mostly talks about the much more benign stuff lumped under "direct marketing," like reminder updates from stores you cleared to send it to you.

My no spam recipe

[LinuxGeek]

I got my own domain and run my own email server. I only use those email addresses for business communication and exchanges with trusted friends and family. In a year and a half, no spam. My roadrunner account? Yup, spam flows in and I used it the exact same way. Three other ISPs, same thing. Makes me think that bulk emailers have help gathering valid email lists.

Re:My no spam recipe

[vofka]

I also have my own domain, and run my own SMTP Server. As well as stopping Spam, I'm interested in tracking who gives my E-Mail addresses to whom, so each service I sign up for that is likely to send me Automatic E-Mails (which is most 'net services these days) get's an individual address, such as mdi0000000001@myverysecretdomain.co.uk.

At my Incoming Mail Server, I run procmail rules to check the incoming message address against 'permitted' senders. Any that don't match are Put into a Holding Account for checking, any that do are allowed through (I want my DNS Host to be able to mail me for example!).

The benefit of this is that I can tell Who has passed on my address (well, their address, but they don't know that!!). When I find that an address has been comprimised, I simply block it, and bounce all messages destined for it, as well as contacting the original 'owner' of the address to tell them what I think.

Now, it does take some work, and common sense, to run, it's not a 'set-it and forget-it' system by any means, but it lets me easily allow what I want in, in; and lets me block what I don't.

As for Doubleclick, they made their way onto my "reject all incoming mail from this sender" list (which I also maintain) a looooong time ago, along with several other 'direct marketing' companies (postmasterdirect springs instantly to mind!!)..

Re:My no spam recipe

[Quixote]

Well, you better hope that none of your friends and family who run a certain OS from Redmond will get infected by the KLEZ pain-in-the-ass. For, it might start sending out mail to all of his/her contacts with YOUR email address as the source. And then your email address will be out in the open, for everyone to grab.

Makes me wonder if the SPAMmers have anything to do with this KLEZ bastard. I hope they catch the guy who wrote it, and feed him just spam for 32 years in his jail cell.

Re:My no spam recipe

[flonker]

ISPs get hit with dictionary attacks to find usernames. They find an ISP, and mail every possible username they can come up with. These emails have some kind of web bug or somesuch in them, so that they can tell the good email addresses. They then have a fairly complete list of all email addresses at a given ISP. (Or at least those email accounts that use Outlook & OE) Another method they use is to send their messages to every domain, using a few of the more common usernames, (ie. sales, info, support) (Also, for the sake of completeness, harvesting whois info, crawling web pages, scraping usenet posts, web forms, and "contests" of various sorts.)

I recently set our mail server to block all messages that contain
<img src="http://\d{2,3}\.
This has cut down the amount of spam we get by a good 90%. There are still some messages that have height tags or otherwise don't fit the regexp.

What?

'I think spam is becoming a problem,' Bluefly's Seiff said. 'Any time you get clutter in your mailboxes, it is not beneficial to e-mail marketers like us.'"

Is this guy trying to say he doesn't want to have a bigger penis without painful surgical procedures?

Make Spammers Pay ...

[vandan]

Go to http://www.overture.com and search for 'bulk email'. Then click on each of the links. Do this once every day. The amount this will cost each spammer is displayed on the search results page.

One way to do it

[DoctorFrog]

Eventually we're likely to get some kind of legislation relating to spam. I believe in minimalist law, and this is one way it could be done while interfering as little as possible with free speech, nonabusive email marketing and other not so bad ideas that spammers tend to hide behind.

First, have a couple of universally available databases, one of email addresses which have expressed a wish not to receive any automated email, and another of sources which have been shown to violate this list.

If your email address is in the first database (and only you can put it there), your ISPs email system could be set to exclude any mail from the second list without affecting common carrier status.

The object is equivalent to blocking telemarketing numbers, but to be effective the consumer should be able to avoid having to block those spam sources one by one.

That's the basic idea. I'm sure the /. crowd can come up with a couple of dozen refinements in as many minutes.

Re:One way to do it

[Unfallen]

Conceptually, this doesn't really appear to be too different to the current system of mailing blacklists - except the first "opt-out" database is instead the client choice of using the second database. On the whole.

The main problems I can see with either system are that firstly, it's still an opt-out mechanism. Unfortunately, opt-in systems are (at least currently) more politically-induced rather than technologically, i.e. laws rather than code, which personally I find less ideal. The other point is the perennial problem of inappropriate censorship. For instance, recently the Politech mailing list has found itself on a number of blacklists, when it clearly shouldn't be. The question is how do you know for certain that those on the blacklist are validly there? Or, more abstractly, how do you know what is spam to some people isn't useful to others? And who gets to decide?

Clearly spam is increasing as the Internet grows, and not only do more unsuspecters get caught in the click-through marketing traps, but also more people find their way into the Temple of the Spam Merchant, and try to make a fast buck. I suspect simple blocking procedures, that only the more tech-savvy would use anyway, will do nothing to decrease the amount of spam. Rather, the wave of bulk mail will only lessen once the effort to send it is unbearingly more than the benefits gained.

Perhaps one method is to not ignore it at all, and instead waste as much of their time as possible. If everyone replied to one spam a day (by visiting the website, phoning them up, et al.) then how long would it take the spammer to realise they spent more than half their time following up false business leads? This is an idea that a fe have adopted, and there are various websites that reveal their adventures, but unless it becomes more commonplace, there's still no reason for spammers to stop.

One spam story

[jht]

I got a 3rd party spam a few weeks ago on behalf of a company that sells retail women's clothing. Needless to say, since I am not a woman there was no way I had signed up for mail from them. Just another spam, right? Well, it's a company that my mother is a huge fan of, and is actually on a friendly basis with the owners (though they're public now - she bought a healthy-sized chunk when they went public and has done nicely) going way back. So I mentioned it to her, and how I was disappointed that they had resorted to using a spamhaus.

A couple of days later, I got a very apologetic call at work from their head of marketing. It seems they really didn't understand the difference between opt-in mailing, self-managed lists, and spamhauses. We talked about how to manage a mail list for nearly an hour - I wound up answering a _lot_ of questions (I made some suggestions as well), and got a promise on her behalf that they would try to be good netizens going forward. We also talked about things like banner advertising, the best sites to do reciprocal banners as well as purchased ads, and a lot more.

The reason I'm bringing this up is that I really think there are companies out there that are clueless about electronic marketing in general. So they listen to a spammer who can sound like a legitimate businessman, look at the numbers that get handed to them, and say, "why not", without realizing the damage that can get done to their reputations.

Then again, a lot of folks who get this crap in their inboxes don't even realize that it's wrong. Unfortunately, folks are starting to get accustomed to tons of junk mail, and only a relative few of us are vocal about it.

One interesting point in the article - one mailer supposedly had statistics showing that 70% of their e-mails were opened. Well, that means they were using webbugs - proof that everyone should use mailer agents that either can disable network access or refuse to display HTML.

Re:One spam story

[Jodrell]

This sort of confirms something I've been thinking about for a while now - that spam is *NOT* growing because of clueless fools reading spam they've been sent, but clueless fools being conned into buying services from the spammers.

It's a very similar situation to recruitment - recruitment consultants spend a lot more time grooming existing clients and potential new business than they do looking after their candidates. They theory being that they can always get more candidates, but the clients are the ones who pay them money.

Spammers are salesmen ultimately - but they don't sell their client's product to their "customers" - they sell their "customers" to their clients.

Re:One spam story

[jht]

You raise an interesting point. The obvious answer is that there should be a market for people who know how to do net marketing responsibly and effectively to earn a living teaching this to companies. One would hope that most companies want to be responsible netizens.

I fear the reality is that most companies fall into one of two categories: either they're so big that they have all their own people doing whatever they see fit (or worse, they've just dumped it into either the marketing or IT areas with no guidelines), or they're so small as to not be able to tell the difference between a legitimate marketing advisor and a spamhaus.

If you were running a smaller company, and two people came to see you with net marketing proposals, which would you be inclined to listen to?

The one who says "We need to collect only opt-in e-mail addresses from existing customers, and offer some sort of a incentive to get those addresses. We can't share them with anyone, so it's not a saleable list. Pop-up ads may log good numbers, but people hate them. It may take a while to build your business on-line, and it may cost some money, but you'll be doing business the Right Way".

Or would you listen to the person who tells you "for only $1000 I can get your message to over a million interested customers?"

The problem is, that without a well-developed clue people are inclined to listen to the second salesman, and not the first. Hence the drumbeat of spam keeps pounding on.

Re:One spam story

[funky+womble]

Well, that means they were using webbugs - proof that everyone should use mailer agents that either can disable network access or refuse to display HTML.

Some MUAs that are useful for this include:

Mulberry displays HTML without images (Win/Mac/Linux x86+PPC/Solaris)
The Bat makes it easy to disable HTML. (Win)
Pegasus normally disables downloading images by http (Win)

Re:One spam story

[Dimensio]

It's not just that they're being conned into willingly spamming -- some of them are lied to by the spammers who claim to be using a valid opt-in method. I've heard from companies who were duped as such, and I've always recommended purusing fraud charges against the marketing company involved. Either that or hand out the home address of the CEO of that company so that the slimeballs can be hunted down and killed as they deserve.

Gold Rush anyone?

[pixelpusher220]

The basic point I never seem to see mentioned is that SPAM does work.

How you ask? Quite simple, it's not supposed to make money for the people actually sending the email. It's supposed to make money for the people selling the mass email lists/services.

It's the same as the California Gold Rush days; the vast majority of people who made money were the ones selling shovels, not using them.

Re:How to make spamming more expensive

[jukal]

As some people have started reloading the spammer-nailer page a lot, it seems, maybe I should clarify that the e-mail address is not unique as unique per pageload. Instead, it's an md5 sum created based on the details got from the client host, browser, time, and maybe something else. So, it's somewhat unique per spammer.

blantant lies from spammers

[multicsfan]

I used to run an ISP that went poof a couple years ago. I'm still running the mail server for myself and a few people who wanted to keep the address. The following is in the mail queue of bounced email on an account that hasn't existed for at least a couple years:

===
You are receiving this e-mail because you have opted-in to receive special offers from
Hi-Speed Media or one of it's marketing partners. If you feel you have received this e-mail in error or do not wish to receive additional special offers, please scroll down to unsubscribe.
===

I'd really like to know how an account that has not existed for at least 2 years could opt in to a marketing list. Isn't this false advertising? I should problaby complain to the NYS attorney general or maybe the FBI.

Re:Doubleclick Again?

[BlueUnderwear]

What scares me most is that once it's widely employed, they'll make automatic tools (a one-line perl program :) )that simply reply to your e-mail, so the spammer gets autenticated.

Not a problem. This would still improve current situation because:

• It would force spammers to use a workable reply address, makeing them so much easyer to nail down.
• It would force them to write a script that is able to deal with user input. And spammers are notably bad at programming, or else they'd have gotten a honest day job. Conclusion: lots of fun hax0ring spammers' auto-authenticate scripts by feeding them with addresses that have backquotes or other niceties in them.

The real problem with sender authentication however is different. Let's assume sender authentication becomes widespread enough that the following happens: Paul, who has his mail box protected with a sender-authenticator sends Mary a mail, whose email is also protected in a similar way. Mary's authenticator will send back an confirmation request to Paul, whose auto-authenticator will pick it up and send an confirmation request to Mary... Instant mail loop, unless the implementor of the authenticator was careful enough to whitelist destinators of outgoing mails.

Like high school boys in a car

[AppyPappy]

Spammers remind me of the guys in the disco age who would ask every girl in the club to have sex with them. "If you ask enough girls, eventually one will say yes". The problem is that you trash your reputation in the process. Not only that, if enough guys do it, the girls will quit coming to the club. I don't read ANY emails unless I know the person or trust the mailbox. My Hotmail and Yahoo accounts are 90% spam so I dog all the messages except a few. I laugh thinking that those idiots paid all that money to get dogged. They paid $1000 for two $50 sales and trashed their reputation in the process.

Imagine 4 spammers in a car looking for chicks "Hey guys, there's 4 girls in that car and there is 4 of us. We are gonna get LAID". Somehow, they never ask themselves why they never get laid. If they did, we wouldn't have mailboxes full of garbage.

Re:Like high school boys in a car

[Tackhead]

> Imagine 4 spammers in a car looking for chicks "Hey guys, there's 4 girls in that car and there is 4 of us. We are gonna get LAID". Somehow, they never ask themselves why they never get laid. If they did, we wouldn't have mailboxes full of garbage.

You're overestimating the spammer's sense of ethics. In the situation you describe, the spammers will get laid. Spammers would just ram the chicks' car off the road and rape them.

I mean, they asked for it, right? If they didn't wanna get banged, they shouldn't be on the informayshun s00perhighway with all the responsible murketers, right?

Spammer #1: "I looked out the window and held down my horn for 10 seconds, and she glanced at me for a second before flipping me the bird and driving off! But I got a good look at her! That's opt-in!"

Spammer #2: "My chick could have unsubscribed by just giving me a blowjob. But she didn't want to! It's her fault for not unsubscribing!"

Spammer #3: "I was just expressing my views on sexuality to her! Frea Speach is Garonteed by thuh First Amundmint!"

Spammer #4: "Just because she said '550 - fuck off, spammer' with every shafting didn't mean she might not change her mind a few seconds later!"

Re:Key distinction

[Dimensio]

Uh, no.

If you didn't ask for it, it is spam. Asking for it means submitting your e-mail address and specifically requesting the information. If you don't ask for it, even if it is "of interest" to you and you don't mind it, it's spam. Spam is about consent, not content.

I don't care at all about the nature or origin of the junk e-mail I receive. If I don't ask for it, I raise hell with the companies that sent it. My e-mail box is NOT meant to be a dumping ground for unsolicited advertising. All spammers should be killed, regardless of what crap they are peddling.

you can find some scripts here

[4444444]

scripts and other ideas are HERE

Doubleclick is in the tank

[Animats]

• Stock high: around $125. Today, around $6.
• "DoubleClick's ad serving and data collection practices are also the subject of inquiries by the attorneys general of several states. ... DoubleClick believes that, notwithstanding the quality of defenses available, it is possible that our financial condition and results of operations could be materially adversely affected by the ultimate outcome of the pending litigation." Source: 10-Q filing.
• "Throughout 2001, our management took certain actions to increase operational efficiencies and bring costs in line with revenues. These measures included the involuntary terminations of approximately 605 employees..."
• "Revenue for DoubleClick Media decreased 66.1% to $27.1 million for the six months ended June 30, 2002 from $79.9 million for the six months ended June 30, 2001."
• "OUR BUSINESS MAY BE MATERIALLY ADVERSELY AFFECTED BY LAWSUITS RELATED TO PRIVACY AND OUR BUSINESS PRACTICES.
  We are a defendant in several lawsuits alleging, among other things, that we unlawfully obtain and use Internet users' personal information and that our use of cookies violates various laws. We are the subject of an inquiry involving the attorneys general of several states relating to our practices in the collection, maintenance and use of information about, and our disclosure of these information practices to, Internet users. We may in the future receive additional regulatory inquiries and we intend to cooperate fully. Class action litigation and regulatory inquiries of these types are often expensive and time consuming and their outcome is uncertain. We cannot quantify the amount of monetary or human resources that we will be required to use to defend ourselves in these proceedings. We may need to spend significant amounts on our legal defense, senior management may be required to divert their attention from other portions of our business, new product launches may be deferred or canceled as a result of these proceedings, and we may be required to make changes to our present and planned products or services, any of which could materially and adversely affect our business, financial condition and results of operations. If, as a result of any of these proceedings, a judgment is rendered or a decree is entered against us, it may materially and adversely affect our business, financial condition and results of operations."

That's the reality behind the happy talk. As a company, DoubleClick is shrinking, losing money on operations, and their stockholders lost most of their investment.

Spamcrime does not pay.

This is not spam?

[Arandir]

but mostly talks about the much more benign stuff lumped under "direct marketing," like reminder updates from stores you cleared to send it to you.

"Hello, you are receiving this message because you selected to receive such messages on our website, one of our competitor's websites, or a completely unrelated website. If you do not wish to receive further messages of this type, please verify the validity of your email address by visiting the following address with a cookie-enabled browser. By removing your address from our list, you indicate your wish to receive similar messages of this type.

Spam trends: flat or declining

[KMSelf]

From a source I can share, spam receipts (daily, flagged by SpamAssassin) are flat since May 1. At work, with a larger sample, I'm actually seeing about an 8% decline over the same interval -- ~55 intercepts daily to 40. Compare this to 2001, where receipts more than doubled over the course of the year. In both cases, I'm using well-known, or catch-all, addresses.

Related news indicates spammers are feeling the pinch of filtering, reporting, and retaliatory efforts. Spam's an economic activity, with low margins. If it can be made unprofitable, prevalence will drop markedly.

...and virus mail's quite another story -- daily intercepts have climbed from ~12/day (Jan - Apr, 2002) to 220+. Thank Klez, though SirCam's putting up a good showing.