homepage Welcome to WebmasterWorld Guest from 54.211.80.155
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Pubcon Platinum Sponsor 2014
Home / Forums Index / WebmasterWorld / Webmaster General
Forum Library, Charter, Moderators: phranque & physics

Webmaster General Forum

This 39 message thread spans 2 pages: 39 ( [1] 2 > >     
Unsubscribe = sell my addy
Nice scam, good earner - can't we sue?
peewhy




msg:369770
 10:19 am on Jul 7, 2003 (gmt 0)

I'm convinced that the moment you click on the fatal 'unsubscribe' link, they simply sell your email address on to others.

I set up an email address for a specific site. It has never been used for any online forms or subscriptions, this morning I received nearly 400 spam messages, the bulk are from nice people who are concerned about making me more appealing to women ... and others simply want me to collect a small fortune they have waiting for me. Nice folk I'm sure.

If I unsubscribe, they breed.

It is driving me mad, I don't believe there is any form of body with teeth that can stop this vermin from breeding.

Any ideas?

 

cyril kearney




msg:369771
 1:47 pm on Jul 7, 2003 (gmt 0)

I doubt that unsubscibing gets your name marked as a live one and ups your percentages for having your address sold.

I think it is a mistake not to unsubscribe. Here is my thinking. The people with fraud and porn emails are not leaving a unsubscribe trail back to their machines. So at worst you are wasting your time.

Like it or not unsolicited commercial email is perfectly legal just as junk mail through the postal system is legal as long as it isn't fraudulent or pornographic. Marketers do have some concerns for image and have an eye on pending legisation. If the product is legitimate a fairly high percentage of 'unsubscribes' will be honored.

A million names can be bought and mailed to for $200 to $300. Twenty million can be had for $1500. The bad guys are just buying addresses in bulk. No one would have a million unsubscribes to sell and who would want a 'stiffs' list. A mailing of a million emails can yield as few as 100 buys and still be return five to ten times the original investment.

The real money is from the 'goofballs' or 'j/o's', the people that buy things. List of these can cost $70 to $300 dollars per thousand.

Remember that perhaps 90% of all illegal emails are coming from about 150 to 200 operations that have decentralized into thousands and thousands of mailing operations. It is the work of organized crime which have controlled the porn industry for decades. List are used and swapped so your getting 400 emails indicated that one of the big syndicates got your address.

peewhy




msg:369772
 1:58 pm on Jul 7, 2003 (gmt 0)

That's quite some response there:)

Sadly I don't share a lot of your points;
I doubt that unsubscibing gets your name marked as a live one and ups your percentages for having your address sold.

We are talking about an industry that will drain every penny out of anything and if someone will buy a mailing list, they will sell it. So we unsubscribe, we are not worth any money to the original sender, he will sell it on.

If the product is legitimate a fairly high percentage of 'unsubscribes' will be honored
The bulk of my junk mail is for enlarging and enhancing body parts! I feel it may be a tad different to the above.

A million names can be bought and mailed to for $200 to $300. Twenty million can be had for $1500. The bad guys are just buying addresses in bulk. No one would have a million unsubscribes to sell and who would want a 'stiffs' list. A mailing of a million emails can yield as few as 100 buys and still be return five to ten times the original investment.

The real money is from the 'goofballs' or 'j/o's', the people that buy things. List of these can cost $70 to $300 dollars per thousand.

Remember that perhaps 90% of all illegal emails are coming from about 150 to 200 operations that have decentralized into thousands and thousands of mailing operations. It is the work of organized crime which have controlled the porn industry for decades. List are used and swapped so your getting 400 emails indicated that one of the big syndicates got your address.

They still bought my email from someone.

I am firmly convinced that when you unsubscribe, two things happen, the first is that you confirm the the address is live and they then sell it as 'fresh'.

victor




msg:369773
 2:07 pm on Jul 7, 2003 (gmt 0)

Best not to encourage them, whoever they are or how ever they got your email.

As Bob Dylan almost sang:

Well, they’ll spam ya when you’re trying to be so good,
They’ll spam ya just a-like they said they would.
They’ll spam ya when you’re tryin’ to go home.
Then they’ll spam ya when you’re there all alone.
But I would not feel so all alone,
Everybody must get spammed.

peewhy




msg:369774
 2:19 pm on Jul 7, 2003 (gmt 0)

Victor, I think you should get that out on CD pretty quick! :)

dmorison




msg:369775
 2:29 pm on Jul 7, 2003 (gmt 0)

'goofballs' or 'j/o's', the people that buy things

They used to say that a sucker is born every minute. I now declare the rate to be every 30 seconds.

John_Caius




msg:369776
 2:36 pm on Jul 7, 2003 (gmt 0)

The ones to be really careful of re: unsubscribing are the randomly generated e-mails, from a randomly generated from address. They send out to a list of random e-mail addresses, hoping to hit some real ones. If you click unsubscribe then they know they've got a hit and send you more stuff.

SethCall




msg:369777
 2:39 pm on Jul 7, 2003 (gmt 0)

Not all emails are bought becuase you interacting with something:

I believe hotmail has simply been hacked into, because as anyone with hotmail knows, you WILL get this same sort of email.

Also crawlers search all over, picking up emails.

For instance, this isn't the same, but illuminates my point.

I once went into a "shady" aol chat room (about hacking or somethnig like that... hehe I dont hack but I think its interesting topic)

And for 6 months, about 3 time a day, I got msg's from random bots wanting me to go to their porn site. Realize that I never got these the day before I went to this chatroom (in fact, the msg's started while I was in the chatroom)

So just by being on the net, your email or identity can be found.

peewhy




msg:369778
 2:43 pm on Jul 7, 2003 (gmt 0)

John_Caius
>>precisely ... or sell your email address!

I think the best action to take is no action. Delete it and move on.

The funny thing about junk email is that we really do create a fuss, whereas with postal mail we just bin it.

If you met someone who told you he was a 'Direct Mail Marketer' you'd probably have a polite conversation but if he said "I send out junk email" the conversation would go a different way!

dragonlady7




msg:369779
 2:45 pm on Jul 7, 2003 (gmt 0)

I tried that as an experiment once. I had an email address that I knew I was going to stop using in a number of months, that got a lot of spam. I decided that I was going to click on every "unsubscribe" link and mail every "unsubscribe" email that I found. A lot of them had no "unsubscribe" information at all, and those I simply forwarded on to abuse@whatever domain they were from. (That got me almost no response as well.) Doing the unsubscribe procedures listed in the emails got me absolutely no difference in the amount of spam. Often the unsubscribe link was already visited when I got the email, and in fact it proved to be the same unsubscribe page as for the duplicate email I'd received the day before.
So... it doesn't matter. It just doesn't.
I stopped using that email address. At the moment, I get no spam. The secret?
Don't post to usenet with your real email address unaltered. Don't put your real email address on a web page. Don't sign up for a newsletter unless you've read their privacy policy. And most important of all-- do not have an intuitive email address.
If your email address is an initial and a last name @ any domain name, you'll get spam. If your email address is your initials @ any kind of domain at all, you'll get spam. If your email address is a common name of any kind, you'll get spam. I've resorted to just using something cutesy and made up for my email address, or my initials and a string of numbers, or something. It's obnoxious but many spammers use random name generators. I got emails intended for akelly, bkelly, ckelly, dkelly, ekelly, fkelly... akeane, bkeane, ckeane... etc. They were just guessing common names and sending out millions of emails at once.
It's annoying, it's disgusting, and there's really nothing you can do. The only time I was ever successful was when I had a more-proficient friend of mine do a lookup on a particularly obnoxiously persistent domain name and find out who their ISP was. So I sent an email to the ISP's abuse notification, and THAT got me a REAL Unsubscribe email from them. I replied to that and they never bothered me again--- from that domain name. Didn't affect my overall traffic, though.
So if you want to keep the email address and lose the spam, that's all I can recommend-- do a DNS lookup for every single domain name that sends you spam, find out their ISP, and complain to them. Good luck.

peewhy




msg:369780
 2:51 pm on Jul 7, 2003 (gmt 0)

Good Luck? it's miracles we need :) You are right dragonlady7, in fact if you have an email address, you're gonna get spam.

That I can accept and it comes with the job - but the 'unsubscribe' farce gets me.

For 'please feel free to sell my email address' see 'unsubscribe'.

ShawnR




msg:369781
 3:08 pm on Jul 7, 2003 (gmt 0)

peewhy: "...Any ideas?...

Some of this has been said already, but here is my list:

  • thwart spam-bots by encrypting your email address on websites with javascript or use forms (but it won't be long before the javascript techniques don't fool the spam-bots)
  • Ensure your web address, not you email address, is submitted to trade directories that you deal with (e.g. if your company is listed as a stall-holder in a trade show, or if your suppliers list you as a distributor)
  • remove scumware with good anti-scum software
  • disable automatically sending read receipts; don't open spam emails to view (some have html content which goes to fetch images etc, so they can track that they have a live one); don't reply or try to unsubscribe unless you know the company is reputable. (This point is debatable as previous posts show, but that is my view)
  • Only send a message to the abuse email address if you know how to read the email headers properly, as these headers are often spoofed
  • Set up a new email address for each on-line store you use (e.g. walmart@my-domain.com for use when you buy from walmart. That way when you get spam on that email address you know who sold your details, and who you should complain to)
  • Use anti-spam software (e.g. only allows people you authorise to send you mail. Others get directed to an application form where they apply for permission to email you. The form asks the user to enter a numbe which is displayed as an image with OCR-prevention features, so a bot can't thwart it.)

Shawn

peewhy




msg:369782
 3:12 pm on Jul 7, 2003 (gmt 0)

That's quite an impressive list Shawn, many thanks.

Peter

ShawnR




msg:369783
 3:22 pm on Jul 7, 2003 (gmt 0)

Thanks :)

I must admit that just after posting I started to wander if you were genuinely after advice on what to do to reduce spam, or were just blowing off some steam about the 'unsubscribe' button sometimes being just a farce ... I'd have felt a bit dumb having posted a helpful reply when all you were doing was letting off some steam, so thanks for your 'thanks' post ;)

dragonlady7




msg:369784
 3:34 pm on Jul 7, 2003 (gmt 0)

Well, I figured it couldn't hurt to list possible spam-reduction techniques... Yours were quite good. Everyone blowing off steam about spam wants to hear if there are any spam reduction techniques they'd missed. Even if I've heard it before I always read it just to see if someone else has found something I haven't yet. Everyone hates spam.

universalis




msg:369785
 3:54 pm on Jul 7, 2003 (gmt 0)

I'm surprised at those who suggest that it's a good idea to click on an unsubscribe link in a spam email. You think they aren't interested in verifying your address? If this is the case, why do so many spams include a "web bug" - usually a 1x1 pixel transparent gif loaded from a remote website, with a unique identifier which will show up in the sender's logs when a message is viewed (thus confirming an address's validity AND the fact that the message is not being blocked by anti-spam measures)?

Other points I would add to ShawnR's list:

  • Block ALL remote images from you emails - ie. images which need to be loaded from a remote server and were not included as attachements in the message.
  • Disable all javascript in emails
  • Disable all ActiveX in emails
  • DON'T use Outlook Express or Outlook - both are targeted by spammers and are vulnerable to all the problems listed above.

cyril kearney




msg:369786
 5:07 pm on Jul 7, 2003 (gmt 0)

universalis writes:
"I'm surprised at those who suggest that it's a good idea to click on an unsubscribe link in a spam email. You think they aren't interested in verifying your address? If this is the case, why do so many spams include a "web bug" - usually a 1x1 pixel transparent gif loaded from a remote website, with a unique identifier which will show up in the sender's logs when a message is viewed (thus confirming an address's validity AND the fact that the message is not being blocked by anti-spam measures)?"

You are making my point exactly. There are far more efficient means to track live addresses than through the unsubscribe link.

Warnings about not clicking unsubscribe links are disinformation often put out by the spammers. When laws finally get in place that mandate honoring 'unsubscribe' request; people will be so brainwashed that they will not do it. Thus the spammers will stay within the law and keep spamming.

Conventional Wisdom is wrong about not unsubscribing. Names are so cheap per million that no one trying to exploit them. Unsubscribes run about 500 a million emails. It just takes too much time and effort to make this a practical way to collect addresses. Only legitimate emails are paying to process unsubscribes. Tracking that 1x1 pixel only cost about $400 a million and is rarely done by spammers except to test a list. Why pay $400 to track a list that cost $200?

If a list makes the spammer money why should he care if half the list is undeliverable or that he has sent the same email to you a dozen time?

peewhy




msg:369787
 5:20 pm on Jul 7, 2003 (gmt 0)

Can there be such a thing as an honest spammer?

To even think that these people would honour an unsubscribe request is a little questionable to say the least.

Also, ino Microsoft we trust!

Our options of email without Outlook Express are few.

Serio




msg:369788
 5:26 pm on Jul 7, 2003 (gmt 0)

Yes - options of email without Outlook Express are few - but its worth making the effort, many are superior - and certainly from a virus point of view it makes sense. IMHO

peewhy




msg:369789
 5:50 pm on Jul 7, 2003 (gmt 0)

Are these top secret:) or would you share your knowledge?

Serio




msg:369790
 5:56 pm on Jul 7, 2003 (gmt 0)

There are many threads here about this - so "make the effort".

I am on a Mac so I cannot advise - but I have read about this here at WW.

peewhy




msg:369791
 6:07 pm on Jul 7, 2003 (gmt 0)

There are many threads here about this - so "make the effort".

That's the spirit!

I was openly asking for everyone interested.

cyril kearney




msg:369792
 6:21 pm on Jul 7, 2003 (gmt 0)

peewhy write:
"Can there be such a thing as an honest spammer?

To even think that these people would honour an unsubscribe request is a little questionable to say the least."

Well the first thing you need to do is define what you mean by a spammer?

In the United States, there are large catalog operations that like Lands End, L.L. Bean and Eddie Bauer that are using email. I've worked for some pretty big websites and they all take unsubscribe request seriously. The include one of the Big-3 automakers, a huge entertainment and media company and two US sites owned by two of the UKs biggest publishers. I've done work for two of the major TV networks in the US but that's several years ago but they were honoring unsubscribes then. I truly believe that they are all honoring unsubscribe requests.

There are guys selling herbal viagra and pumps to enhance a body part over the internet. I doubt that they are.

My point is that the good guys are and the bad guys are just ignoring the unsubscribe requests, so unsubscribing does not raise your chances of future spam.

At the recent FTC conference in Washington, the FTC talked about tracking 200 fraudulent email offers and concluded that the bulk of the unsubscribe addresses were fraululent too. No mention was made of anyone recycling these requests on to a new list. I've been following this stuff a long time and I've never seen it done.

Spammers see unsubscribers as complainers. Why would they gather all the complainers on a list and email them? It would attract unfavorable attention and no one could possibly see this list as a good performer. Ha,ha maybe they sell the list to the guys marketing anti-spam filters!

dragonlady7




msg:369793
 6:34 pm on Jul 7, 2003 (gmt 0)

cyril's point is pretty good-- just because you're a warm body doesn't mean a spammer is more interested in sending you email. if you're the type who's enraged by spam rather than just annoyed, you're far more likely to do aggressive things like decode their forged headers and find out what address they're really sending from, and use that information to get their isp to drop them.
i don't know that the average spammer is that smart, but i also don't know that they're that dumb. i get the feeling that those who create the spamming systems are pretty canny, though many who end up doing the actual work may be short in the brains department.

And I have to say, in my experience, unsubscribing doesn't get you more mail. Having an address that's on several spam lists gets you exponentially more spam, and whether you unsubscribe or not has little bearing on that torrent. I'd say it's the least of your worries.

peewhy




msg:369794
 6:36 pm on Jul 7, 2003 (gmt 0)

cyril_kearney - It looks like you are saying the spammers would not jump on the opportunity to sell on 'unsubscribe requests'.

Is there really honour amongst bandits?

In the United States, there are large catalog operations that like Lands End, L.L. Bean and Eddie Bauer that are using email. I've worked for some pretty big websites and they all take unsubscribe request seriously. The include one of the Big-3 automakers, a huge entertainment and media company and two US sites owned by two of the UKs biggest publishers. I've done work for two of the major TV networks in the US but that's several years ago but they were honoring unsubscribes then. I truly believe that they are all honoring unsubscribe requests.

I don't think the above are in any way connected with the spam we are addressing here.

cyril kearney




msg:369795
 7:19 pm on Jul 7, 2003 (gmt 0)

peewhy,
I am saying that the cost of harvesting unsubscribes is far above their market value so it does not make economic sense. An unsubscribe is not a new address. Any processing the spammer does only adds cost not value.

Will an inexperienced spammer ever make this mistake? I don't know. If you went from a pristine email address to 400 spams a day, I am sure the address is being milked by a large knowledgeable syndicate.

A million names can easily be mailed in an hour. The spammers expects to have 500 unsubscribes and about 400,000 email opens and 100 buys.

Once a list yields below a 10 or 20 buys it is dead. Worn out lists stop getting mailed to eventually. The are salvaged and sold to CD compilers. 60 million names cost about $99, except if you buy before sundown in which case you can have them for 29.99 and you will get the next 3 CDs absolutely free (except for the $14.99 shiping and handling charges for each CD).

Now 60 million names can be mailed to in three days, if you hi-jack a couple of smtp servers and they will probably return enough sales to make you glad that you ordered the next three CDs.

Email addresses are so cheap that no one is setting up sham unsubscribe processing to get them.

The determination is made on buys not on the validity of the email addresses. Knowing that 500 addresses are real does not outweigh knowing that they indicated that they will never buy (indicate this by unsubscribing).

peewhy




msg:369796
 7:33 pm on Jul 7, 2003 (gmt 0)

Cyril>>
I'm pretty sure that you refer to legit mail address brokers who do take care and attention in ensuring that only good quality addresses are sold. Many will even guarantee the quality with double replacements. These are
not the type of lists I refer to.

'Harvesting' as you call it, is a matter of sending that unsubscribe address to a folder. The contents is sold. If these spammers are sending out one million plus per session and receiving 10% 'unsubscribers' it doesn't take long to build a list for sale.

My 400 spam messages didn't grow fom one to four hundred overnight. In a short time, without issuing that email address, they grew and grew.

They sell the returned address, the address is live and current and in a quantity it is worth money.

Just because I unsubscribed a willy enlarger cream it doesn't mean that I would unsubscribe to a mini digital camera.

My address is a commodity, like it or not.

TheWhippinpost




msg:369797
 8:59 pm on Jul 7, 2003 (gmt 0)

Cyril wrote
Warnings about not clicking unsubscribe links are disinformation often put out by the spammers. When laws finally get in place that mandate honoring 'unsubscribe' request; people will be so brainwashed that they will not do it. Thus the spammers will stay within the law and keep spamming.

I'm sorry but I consider that information to be at least partially disinformation in itself, and I only say partially because spam started long ago before laws were proposed to stem the tide, hence why there may be a grain of truth in your statement today, but I very doubt it's always been the case.

I know that unsubscribing, from even the seemingly most reputable sources of newletters/services etc... can sometimes lead to the address being sold on, period... the evidence is in the unique addy I signed up with.

I recently received UCE stating that if I didn't unsubscribe from the list, I was effectively consenting to opting-in to their list...give me a break! I know full well by attempting to unsubscribe I was verifying my existence.

Needless to say, they continued to spam me and included a paragraph saying that I hadn't unsubscribed so they were keeping their end of the bargain... but only for about a month, then it stopped!

Unsubscribing from personally opted-in for services/newsletters is at best risky, even from, as I said earlier, reputable providers - once they've tried to milk you for whatever backend products they can, they may try to monetize the list of unsubscribers. To them it's a commercial reality and they rationalise it on the basis that you may be interested in X product/service instead. - The best thing you can do, if you're able, is to sign up for EVERYTHING with a unique addy for your own tracking purposes.

Romeo




msg:369798
 9:30 pm on Jul 7, 2003 (gmt 0)

hmm ... re the "unsubscribe" button:
It depends. There may be spammers who may indeed take you off their list, and there are those who take it to validate your address so send more spam and to sell your address as validated to other spam databases.
Since the risk is high to run into the second alternative, I generally don't use any unsubscribes.

As for SPAM prevention:
Don't put your mail addresses on your web sites in the clear. Don't post in newsgroups with your premium mail addresses. Switch off any catch-all mail accounts on your mail server.

The VERY BEST countermeasure against spamming at present is to run your own mail server set up to reject any incoming mails from known open mail relays, knwon spam sources, dynamic ISP end user subscriber line IP addresses (this last one is a very effective conutermeasure, as there are lot of SMTP-relay-worm/virus infected user PCs out there these days, which are used to distribute most of the spam load since the spammers' own servers and their providers' networks are already mostly blacklisted), and feed the few remaining mails thru spamassassin to flag SPAMs as ****SPAM**** before delivering (or simply deleting if reaching a specified treshold) to the local POP3 or IMAP mail boxes.
Since my mail server checks incoming connections against the block lists relays.ordb.org, relays.osirusoft.com, dnsbl.sorbs.net, dnsbl.njabl.net, relays.mail-abuse.org, I notice a dramatic drop of incoming spam of > 96%, which is great. This may annoy some few private users with private hobby linux mail servers behind their DSL dialups, but they will have to learn to post their mails thru the smarthosts of their ISP instead of delivering directly.
The drop in incoming spam is tremendous and outweighs the single one complaint of a private DSL server admin so far.

This ongoing and annoying SPAM desaster was the main argument and decision factor for me to rent an own root server to also put my web pages on but primarily to be free to configure a mail server on my own to get rid of that spam crap. I am glad I did it ...

Regards,
R.

peewhy




msg:369799
 9:52 pm on Jul 7, 2003 (gmt 0)

As much as I may shoot off about spam. I'll take the 400 junk daily if I've got a couple of serious enquiries among them.

If you want to see a rainbow, you gotta put up with the rain!

This 39 message thread spans 2 pages: 39 ( [1] 2 > >
Global Options:
 top home search open messages active posts  
 

Home / Forums Index / WebmasterWorld / Webmaster General
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved