Re: Dealing with Spam and other canned meats

From: Steve Werby <steve-lists_at_befriend.com>
Date: Fri 02 Aug 2002 17:47:44 -0500

I am taking the time to reply because much of what Pesach shares as "fact"
is simply opinion or FUD and I think it's important that other views are
shared because the issues discussed are not entirely black and white. My
reply is extremely verbose so if you're one whose philosophy on spam control
is "hit the delete key" you may want to save 3 minutes of your life and do
the same with my email. <g> Otherwise, read on.

"Pesach Lattin" <info_at_adspyre.com> wrote:
> Cliff Kurtzman, although he doesn't read my newsletter anymore, is a
> very smart cookie (and I understand an amazing salsa dancer). He is
correct
> in saying that most of these unsubscribe links do nothing more than
> unsubscribe you and not anything all that nefarious!

Hi Pesach. I agree when the word "most" is used. But like I shared in my
previous post, it's my opinion that if a small percentage flag your email
address as active and share it, you're likely to experience a net increase
in spam over the long run as a result of following spammer removal
procedures. Please keep in mind that as a consultant who does a significant
amount of server administration and consulting business with clients
worldwide that relates to email, spam, viruses, hacking, security and other
issues that cause my clients to pull their hair out, I have a lot of real
world experience with spam as experienced by me and a wide range of clients.
I implement systems to block spam, filter it, detect and remove or fix holes
in software that allows client servers to be used to unknowingly relay spam,
report spam, get blacklisted clients removed from blacklists which listed
them due to a technical problem with their servers that allowed them to
relay spam, etc. What I say about spam is not conjecture and it's not
something I heard or read somewhere - it's based on what I know. I only
have dealt with several thousand servers which is a drop in the bucket, but
it's a bigger drop in the bucket than most email users have dealt with.

> That they are somehow
> verification methods is silly, because email marketers can track opens
much
> easier with a 1x1 pixel

It's actually not silly at all. Remember, I'm not saying that most spammers
use removal procedures to verify your address is active - just that some do.
And if by "email marketers" you mean permission based email marketers I'm
sure you understand that's not the same thing as someone who sends UBE.
Sure, I might end up receiving email from a legitimate permission based
marketer because I didn't read the fine print or was opted-in because I
didn't uncheck a box on the bottom of a registration page, but that's not
what this thread has been about. In any case, embedding 1x1 pixel images
will not reveal all opens b/c recipients who read email offline, use
text-only email programs or use email programs that do not open embedded
images cannot be tracked. Depending on the demographic of the recipients
this can be a significant percentage of them.

> and by removing bounces.

First of all, an email address that doesn't bounce is not necessarily a
valid active email address. It can be an email address that's still
receiving email, but is no longer being used (person no longer uses it,
person left company, etc.), it can be an address that's not bounced b/c a
catchall account is setup (more on that later) or the receiving mail server
may simply be configured not to bounce for non-existent addresses. In any
case, most spammers do not care about bounces. The majority of legitimate
permission based marketers probably do (and should), but not spammers.
Spammers often forge their From address, use free email accounts which will
likely be shutdown by the provider within hours and steal others' services
by sending through misconfigured mail servers, vulnerable web-based mail
forms, programs installed on hacked servers and ISP accounts which they
aren't associated with. In those cases bounces do not go to the spammer -
they go to a nonexistent address, an innocent third party or an address
that's been closes. I do a lot of Linux server administration for clients
and lately a lot of it has involved client machines which were being used by
a third party to send spam.

> No need for manual methods in this age of computers.

Agreed. Removal procedures that involve replying to a unique email address,
opening a unique URL, entering a unique code on a web page or aren't
completed until instructions sent to the supplied email address are
completed can (and should) be completely automated. Just like tracking
opens via 1x1 pixel images can (and should) be completely automated. Of
course, you should know this since your own ADBUMB newsletter includes
removal instructions with a unique URL, which presumably does not require
human intervention on your end to complete. More on ADBUMB later.

> I think that Steve does a really good job in bringing up an
important
> point, but is missing something. He says that "unsubscribing", or as our
> friend Cliff has newly coined, "unsubbing" doesn't do any good, because
you
> will be added to another list of the subscribers.

I did not say that. I said that it's possible the address you supplied will
be removed, but at the same time it's possible your address will be shared
with other spammers and it's possible the spammer you informed will send
spam to you from another list/domain/company under the spammer's control.
My point was that when you're dealing with people who are unethical you do
not know what they'll do with your address. And this isn't FUD. I'm well
aware of many instances where people "unsubscribed" with unique addresses
and were able to track the source of the spam that resulted b/c of this
action. I honestly have no idea what percentage of spammers with who
provide valid email or web addresses to unsubscribe use your address for
other purposes, but I do know that it happens.

> The fact is that 95% of
> the "spam" that you will get will be because you didn't bother to read the
> find print on the site that you signed up for.

Pesach, where did you arrive at that statistic that you're parading as fact?


Received on Fri Aug 02 2002 - 17:47:44 CDT