CRTC Fines Canadian Business CDN $1.1-Million for CASL Violations

And the other shoe has dropped.

In the first publicized application of penalties under Canada’s new anti-spam law, the CRTC announced earlier today that it has imposed penalties of $1.1-million Canadian (about $880K USD) against a firm for four separate violations. The violations include sending email without the consent of its recipients, and for sending mail without a functioning unsubscribe mechanism.

In the announcement, the CRTC identifies the target of the enforcement action as a Canadian company named Compu-Finder, whose mail promotes training courses to other businesses.

There are a couple of other interesting aspects to the action, aside from its novelty, and I wonder whether the CRTC will be able or willing to share additional details later on: Continue reading

Avoiding Spamtrap Disasters

Nothing can derail an e-mail marketing program so quickly and completely as sending mail to spamtraps. Businesses that are new to e-mail marketing are often unschooled in the hazards of spamtraps, so today we’ll take a crack at explaining what they are and how they work, and what senders can do to avoid spamtrap disasters.

Spamtraps are e-mail addresses that, by design, look and behave in most ways like ordinary, deliverable addresses. Once they’ve been added to a list of recipients, there’s really no way for senders to tell them apart.

The difference between spamtrap addresses and ordinary recipient addresses is that spamtrap addresses are never used to opt in to mail, or to send any mail at all. Owners of spamtraps use them to collect mail from, and generate data on senders who are harvesting, e-pending, or guessing addresses (or who are purchasing lists comprised of same) and who are sending to them without any kind of permission.

Continue reading

The Long and Short of URL Shorteners in E-mail

If you’ve spent any time at all with Twitter, you can’t have failed to notice the popularity of URL shortening services. Shorteners take long URLs and shorten them to just a few characters to help users keep URL length under the 30-character limit imposed on them by the microblogging service (not to mention the overall 140-character limit on tweets).

Senders who use social marketing alongside their e-mail campaigns are often tempted to use URL shorteners in their e-mail creative, often for a variety of reasons. Many of the most popular free services (bit.ly, owl.ly, and others) offer very slick-looking link tracking metrics dashboards. Senders like the idea (with good reason) of using a single interface to track link activity across all of their electronic marketing channels.

In addition, long URLs look ugly in the text version of their creative, which is displayed on old-school feature phones and some of the older (but still widely-deployed) versions of Blackberry smart phones. Links in the creative can wrap three or four times on a small phone screen, but a five-character link means that much more of the actual marketing message can be displayed without scrolling.

But there are a couple of compelling reasons why senders should think twice about using free link shortening services in their marketing e-mail.

Continue reading

Assessing ESP Liability Under The Canadian Spam Law

Much analysis and guidance has been written about the new requirements (and significant penalties) imposed on senders of unsolicited e-mail by the Canadian Anti-Spam Law set to go into effect in the fall. What seems less thoroughly addressed to my non-lawyerly eyes is what specific liability is created by violations of CASL upon the ESP used by their clients to transmit the infringing commercial electronic message (CEM).

I put the question to Neil Schwartzman, a long-time colleague and Executive Director of CAUCE North America, one of the very earliest anti-spam advocacy groups and the primary driver of CASL through its storied journey across the Canadian legislative landscape. Neil recently left ReturnPath to start CASLconsulting.com, a firm offering expertise on CASL compliance. He and consulting legal counsel Shaun Brown of nNovation LLP respond:

Continue reading

More Spammer Performance Art

Freshly plucked from the +1 Bag O’ Fail comes another spammer web screed, whose author apparently hopes to become the locus of an organized movement to save Capitalism from the looming apocalypse that is Spamhaus, MAAWG, ReturnPath, and the ESPC.

When I first saw stopthehaus.org, I assumed it was another web site authored by longtime spammer Bill Waggoner. He created the ridiculous yourinternetbodyguard.com site, a rant about Spamhaus and SpamCop – but some cursory poking around in whois and ROKSO show that it’s actually a different spammer.

Stop the Haus appears to be the brainchild of Andrew Stephens/bulkemaildirectory.com, who are listed on Spamhaus ROKSO for harvesting e-mail addresses and reselling them to bulk mailers (and possibly for sending to the harvested lists themselves).

It contains the same flavor of frothing, aluminum foil-capped lunacy on offer at Waggoner’s site, albeit with somewhat fewer migraine-inducing grammatical errors. The new twist here, though, is the development of a set of their own “blocklists” (his incorrect usage, not mine), including a list of “spam complainers who’s [sic] complaints are invalid due to can-spam compliance”.

Because, as we all know, if it complies with CAN SPAM, it can’t possibly be spam.

When Blacklists Die

Update: It appears that the Fiveten DNSBL was resurrected from the dead on or about November 22nd (thanks, Al Iverson).

Blacklists have been popular targets for complaints and criticism for years. Senders complain they are too stringent and lack transparency. The anti-spam community howls with outrage when they’re not as aggressive as they think they should be.

One blacklist in particular, called the five-ten-sg.com block list, has been a thorn in the side of ESPs since 2001 – but not because lots of ISPs use the list to block mail. In fact, they don’t; the list generates too many false positives, and as my colleague Al Iverson so memorably demonstrated a few years ago, you’d get significantly better results by randomly blocking any mail from an IP address in which the number 7 appears.

The list operator is a guy named Carl Byington, and I’ve been reading what he has to say about spam and e-mail for years. He’s a smart, reasonable guy who’s always been honest about the nature of his list. He lists sources of bulk e-mail for a broad range of reasons, and he’s quick to agree with anyone who points out that his listing criteria are not useful for filtering decisions in a high inbound e-mail volume production environment. But it’s his list, and he can do with it what he pleases – and ISPs and other network operators are similarly free to ignore it.

ESPs, on the other hand, have been getting an earful from their customers about Fiveten for a long time.

When a sender runs into deliverability problems, they’ll often turn to web sites that offer to look up an IP address on a bazillion block lists all at once. In altogether too many instances, they discover they’re listed by Carl. They’ll fire off a few angry e-mail messages or phone calls to their poor, harried deliverability guy. It always seems to take a few days to explain why the listing is almost certainly not the root cause of their deliverability issue, and to redirect time and energy back to the real issues.

This weekend, Fiveten went dark. On Friday, any lookup at the site yielded a response reading “blackholes.five-ten-sg.com has been retired.” As of this writing, the domain doesn’t answer at all. Carl hasn’t provided any public explanation for his decision to decommission his list, and he really doesn’t have to. No one has to pay money to use his list, and maintaining a list takes more time, energy and resources than most folks realize. I suspect Carl simply ran out of one or more.

Senders have a love-hate relationship with blacklists; they do a good job of keeping the deluge of pill spam, virus and malware messages at bay, and are an important reason why e-mail remains a viable channel for marketing and commerce. But when senders find themselves at the pointy end of a listing, it’s easy to understand why they may find themselves unable to muster much sympathy. They often feel as though the listing must be capricious, or even malicious.

The demise of Fiveten demonstrates that, contrary to all the complaints over the years, block lists as a category generally are not capricious. It turns out that market forces are as immutable for block lists as for any business, and block lists operators are just as answerable. Over-aggressive listings are not useful to ISPs, because they tend to generate false positives by blocking wanted mail. When a list isn’t useful anymore, ISPs stop using it, and it goes away.

Blacklists will continue to exist and operate much as they always have, and I predict that both senders and anti-spammers will continue to complain about them just as loudly. If either side were to stop – well, that’s when I’d start to worry whether blacklists are still doing a good job.

Reply-All: Lumber Cartel (TINLC) Edition

Back in the day, a spammer who found himself on the wrong side of an e-mail block list publicly asserted in all seriousness that anti-spam activities are funded in secret by a shadowy cartel of lumber producers who were seeing their margins from paper production erode as marketers made the shift from postal junk mail to e-mail. It became a sort of running joke in the usenet newsgroup news.admin.net-abuse.email. One of the straw arguments frequently mounted by spammers to justify their business model was the environmental friendliness of e-mail. We now have a credible estimate of the carbon foot print of e-mail: about 135kg per user, annually – or the equivalent of a 200-mile drive in a car. Turns out e-mail isn’t all that green.

Facebook this week announced three more spam-related lawsuits, and among the defendants they’ve named is a guy named Steven Richter. A bunch of blogs and media outlets assumed this is the same Steve Richter, who is the father of spammer Scott Richter and president of his son’s company Media Breakaway, LLC. The company was quick to respond with a press release, pointing out that the named defendant is actually a different Steve Richter.

ISPs who use SORBS blocklist data for e-mail filtering woke up one morning two weeks ago to discover that they were unintentionally blocking mail from great swathes of the Intarwebs, including Yahoo!, Apple, and Google Groups. SORBS operator Michelle Sullivan at first claimed they were the target of a massive DDOS attack, but later disclosed that they had inadvertently placed a bunch of historical block list entries in their current listings database during a server migration. Oy.

Just in time for Halloween, notorious spammer (and unintentional comedian) Bill Waggoner has risen from the grave with the launch of yourinternetbodyguard.com (you may want to mute audio before you click through). His new site solicits contributions to be used (somehow) against Steve Linford of Spamhaus and SpamCop founder Julian Haight (never mind that Haight hasn’t had a thing to do with SpamCop for years).