and what's really annoying is that many of them won't accept a + in your email address. (For those who don't know, adding a "+company" to the first part of a gmail address is a good way to identify and block when your address gets passed on to third parties.)
Ever had to register to buy online - and been PELTED with SPAM?
Spam has been a fact of life, on a par with death and taxes, for many years now. To be blunt, spammers don’t particularly care about us. They don’t have any sense of reason or shame that we can appeal to, and they have no incentive to be accommodating. We’re not their customers. In fact they make their money from selling us, not …
-
-
-
-
Wednesday 2nd January 2013 18:32 GMT BillG
I also have my own domains, some I've had since 1998. I use a webhost that has greylisting. With greylisting any email from an invalid SMTP server gets deleted.
I also run MailWasher Pro 6.5.4 (the later versions are crap) which allows whitelists, blacklists, and custom filters. Best choice I ever made.
All in all, my spam has dropped from 500 a day to 30.
In other news, charities can be the worst. Ten years ago I donated to a disabled veterans charity, using a different middle initial and mispelled my last name (I refused to hand over my email). Soon I was getting flooded with phone calls, letters in the mail from cancer, children's, animal, indian, etc charities. Got worse with each year and didn't stop until I moved to another state.
-
-
Wednesday 2nd January 2013 09:15 GMT Peter Hoare
+1
Completely agree - especially when the validation message appears says "This is not a valid email address"! Go and read the RFC on valid email addresses before making up your own rules as to what is and what isn't a valid address. It's not exactly hard to create a regexp or similar to validate an address.
-
Wednesday 2nd January 2013 11:59 GMT Anonymous Coward
Re: +1
I had to update an email validation regex recently to avoid being unfair to a Mr O'Reilly and his apostrophe. Well at least he volunteered to use the test version to help test it before the main one went live, and told me about the bug so I could fix it. And that system has been in use every year for the last 8.
-
Wednesday 2nd January 2013 14:40 GMT Loyal Commenter
@Peter Hoare
As it turns out, you are quite, quite wrong in your assertion that it is trivial to validate an email address with a regular expression. The regex to validate a RFC2822 compliant email address is as follows:
(?:[a-z0-9!#$%&'*+/=?^_`{|}~-]+(?:\.[a-z0-9!#$%&'*+/=?^_`{|}~-]+)*|"(?:[\x01-\x08\x0b\x0c\x0e-\x1f\x21\x23-\x5b\x5d-\x7f]|\\[\x01-\x09\x0b\x0c\x0e-\x7f])*")@(?:(?:[a-z0-9](?:[a-z0-9-]*[a-z0-9])?\.)+[a-z0-9](?:[a-z0-9-]*[a-z0-9])?|\[(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?|[a-z0-9-]*[a-z0-9]:(?:[\x01-\x08\x0b\x0c\x0e-\x1f\x21-\x5a\x53-\x7f]|\\[\x01-\x09\x0b\x0c\x0e-\x7f])+)\])
-
Wednesday 2nd January 2013 16:35 GMT Yet Another Anonymous coward
Re: +1
It's extra-ordinarily difficult to create a valid email regex see http://www.ex-parrot.com/pdw/Mail-RFC822-Address.html
And when you do it's totally useless because to allow all the bizarre edge cases you end up having to allow so many genuine mistakes that there is no point.. "Abc\@def"@abc.com is valid
-
-
-
Wednesday 2nd January 2013 10:56 GMT Graham Marsden
Fortunately I own my own domain, so any time I register with a company like Fred Bloggs and co. I put my e-mail address down as fred.bloggs.co.uk@mydomain which means that I can always tell where someone got my e-mail address from and then create a custom filter to file their stuff straight into the junk mail folder :-)
-
-
Wednesday 2nd January 2013 12:20 GMT AndrueC
> these customised to each company email addresses give you a nice big fat stick to hit them with
Sadly they don't always believe you. The publishers of Avast! refused to accept responsibility when I started getting spam using the address I'd given for registration. They claimed it was probably a trojan on my system or else the email had been intercepted.
Clearly a security company that knows what it's doing. Not :-/
-
-
Wednesday 2nd January 2013 11:32 GMT Chris007
@Graham Marsden
very similar to what I do plus my ISP allows me to add filters so that I can reject email from those idiots who sell my email address on to somebody else so that I never see them arrive.
I ALWAYS click the "no email" contact on all websites and it's interesting to see which ones flagrantly disregard this.
A few years ago I woke up one morning to an avalanche of spam to the email address I'd used on compare the market.com and not for their services either. They've been added to my filter list ever since and have never had my business again.
(gocompare don't get my business either, but that's because of that f**king annoying opera singer - the first time I heard the advert I said I wouldn't use them until they dropped it)
-
Wednesday 2nd January 2013 13:02 GMT illiad
Re: @Graham Marsden
you haven't been watching the ads lately... gocompare not only 'dropped' the singer, but made a whole new range a few months ago, of various 'stars' getting various types of 'revenge' on him... keeps it amusing at least..
BTW, you do *know* that they DO NOT SELL insurance??? the hint is in their name.... :/
-
Wednesday 2nd January 2013 13:24 GMT Kubla Cant
Re: @Graham Marsden
I'm glad you explained. For the past few weeks I've been perplexed by an ad that starts with some bloke* failing to switch on Christmas lights, then cuts to the opera singer being tortured. I couldn't work out how that was supposed to generate electricity.
* The context suggests that I should know who some bloke is, but I've no idea. This adds to my perplexity.
-
-
Thursday 3rd January 2013 09:49 GMT MJI
Re:Go and die
Had an old recording on TV yesterday, someone forgot to skip the adverts, I had to run across the room, (next room to TV) and I nearly kicked in my TV to shut it up.
Power switch was first thing to hand, I know I shouldn't do but it does have a 5 year warantee.
BTW they are on my permanent shit list along with 4 or 5 other companies.
-
-
-
-
Wednesday 2nd January 2013 17:23 GMT DF118
@Graham Marsden
Yep, I do the theirname@mydomain thing too. It's always fun to catch a genuine evil spammer or unscrupulous etailer who has sold on your details without asking, as opposed to the (relatively) innocent marketing spam from which you can unsubscribe. Funnily enough, whenever the former has happened and I've received some real lowlife spam to a unique address, the companies concerned have always claimed it was a malware-infected email server.
Another problem is people harvesting your paypal address. There's not much you can do about that since it pretty much needs to be static unless you're prepared to change it periodically. I get around that by having all emails which come in to my paypal address (apart from the ones coming from paypal itself) dumped in a folder of their own, from which messages over a month old are automagically purged. Each sender gets a one-time auto-response containing a generic "transaction acknowledged" message and warning that I am unlikely ever to read their email.
-
-
Thursday 3rd January 2013 02:51 GMT Eddy Ito
Re: @Graham Marsden
One of my favorite tricks to use in conjunction with some.company@mydomain is to scan the incoming address to check if it is actually coming from 'some company' and if it doesn't I automatically redirect it to something like customersupport@some.company. I've gotten some very cross emails but I almost never get spam on some.company.3@mydomain unless they run to their admin who sets up a filter on that end.
-
-
Wednesday 2nd January 2013 23:54 GMT ScottK
I have my own domain and always use a customised address for each company. I also always click the do not share my email address tickbox in the vain hope that companies might actually honour it. The worst offender I have ever dealt with is Thomson Fly. I once flew with them about 9 years ago and have since received a huge amount of unrelated crap addressed to tfly@ my domain. If I still lived in the UK I might consider a complaint to the data protection registrar, but a kill filter is a simpler option.
-
Thursday 3rd January 2013 07:14 GMT DF118
@ ScottK
...that's if they even provide "do not contact" and/or "do not sell my details" tickboxes. SMBs are terrible for just harvesting (especially when you pay with PayPal) and expecting you to be ok with it. I've had some real idiots who refuse to acknowledge that people might get pissed off at that kind of behaviour. Even had one try to tell me her email wasn't spam ("because my shop actually exists").
-
-
Sunday 6th January 2013 23:33 GMT Anonymous Coward
stop advertising your defenses
Dude, could you please stop advertising this defense method? The only reason it works is because it's not popular. Two lines of code and the spamers can bypass this safety. The longer we can ride this train empty the farther we go. Yes I'm being selfish, but this is a war and I'm OK with not making my bunker a bigger target. Please...
-
-
-
-
Friday 4th January 2013 12:33 GMT Vic
> I achieve the same thing using a wildcard alias system ;)
I really wouldn't recommend that. Wildcards mean you accept email for addresses that you've never allocated. That makes dictionary attacks painful to you and valuable to the spammer.
Far more effective IMO is to use an aliases file - allocate a fresh email address every time you give one out. If one gets abused, stub it out with a comment that it was abused. that way, the spam stops, and you've got a record of the abuse should you ever be tempted to deal with that company again.
Vic.
-
Monday 7th January 2013 10:46 GMT AndrueC
> I really wouldn't recommend that. Wildcards mean you accept email for addresses that you've never allocated
No it's not quite like that. The wildcard has a specific format so it won't match just anything - there has to be a certain substring present. If you send an email to 'anyoldcrap@mydomain' it'll go straight in the bit bucket. Indeed I get several dozen attempts from spammers along those lines every day. It's basically the same set up as using '+' - you need to know the basic rule :)
I don't think the risk from exposing my strategy is very high. The spammers would still need to work out the substring I use and I can easily use a different one. Because it's a multi-part name it makes a dictionary attack far harder. I think one of them might actually have guessed the substring a few years ago. At least I started getting spam to it and I only ever used it for reminders. However they haven't twigged that it is substring so it doesn't matter much. I just blacklisted it.
If they twig how the wildcard works I'll just add a second substring. Or maybe a third. I bet it'd take a while for (example only) abc.321.zmd.<whatever> to be compromised :)
-
-
-
Saturday 5th January 2013 00:15 GMT JCitizen
At least give them a bad rating...
on Web Of Trust so the rest of us will know we don't want to do business with them. I will go out of my way to avoid a business with even a yellow rating, as spam is usually the problem with registering at that site. WOT is the most effective way we have to get even with these shoddy bunch!
-
Monday 7th January 2013 21:37 GMT miknik
I send it back to them
I've got my own domain, so when I have to sign up in this way the email address I use is company-name@mydomain.com
If I start getting a load of spam then I just create a mail forwarding rule on my domain and point that address back at the contact email address for the relevant company.
-
-
-
-
-
Thursday 3rd January 2013 07:15 GMT Anonymous Coward
Re: They don't even spam well
"the sender can track when you have read the email"
And they seem to get quite distressed when you turn off image download and they can't. BT, British Gas and a whole load more dont seem to get that it is actually possible to open and read their mail without them knowing about it, and in some cases actually send more crap asking why you aren't reading their "newsletters". No wonder people think they're creepy.
-
-
Thursday 3rd January 2013 04:39 GMT RW
Re: They don't even spam well
Canada Post online tracking "works" that way but with the wrinkle that the headers for a plain text version are present but no plain text.
Thus if your email client is set up not to render HTML, you are s.o.l.
OTOH, given the extraordinary slowness of Canada Post and their unreliability (small parcels go missing with no trace), you couldn't really expect anything else.
-
-
-
Saturday 5th January 2013 00:47 GMT Mike007
Re: Disposable
posted from my account registered with the email address elreg@mydomain.net, which has received no spam - unlike lastfm@mydomain.net for example which has had 139 spam messages (yes pharmacy ad type spam, not notifications for some account) in the last 30 days, i have several such addresses auto-filtered and know exactly who to blame for the spam, almost all of it is easily identified (can't do much about addresses in whois databases and public websites, then i just use per-site addresses so i can filter it if it gets too spammy)
-
Saturday 5th January 2013 00:51 GMT Anonymous Coward
Re: Disposable
i own asdfasdf.co.uk which has a catchall to a dedicated inbox - you'd be surprised how many websites i don't need to register an account on because someone else has already set up asdfasdf@asdfasdf.co.uk so i can just do a password reset, i expect .com would be even better :) also gives me someone elses history to operate under to further confuse their monitoring
-
-
-
-
Wednesday 2nd January 2013 11:04 GMT JohnG
Re: Spam filter rules.
"...choosing Gmail for email is swapping spam for advertising. IMHO, the only reason Google removes spam is because spammers don't pay them anything."
All true but as long as Google keep the advertising within reason, I view it as a reasonable price for their services and their spam filters are quite good. If their advertising does get out of hand, there are plenty of tools to deal with that.
-
-
-
Wednesday 2nd January 2013 19:15 GMT Anonymous Coward
Re: Spam filter rules.
> "If the message contains the word unsubscribe, mark it as SPAM."
+1. This was one of the first filters that went in on our company exchange server.
The next day I received a phone call from somebody asking if the email system was down, because he usually received a hundred spam emails overnight and he hadn't had any. :/
-
Wednesday 2nd January 2013 09:07 GMT John Deeb
unsubscribe
While the article raises some valid concerns, most decent webshops let you unsubscribe right away without any hassle after seeing the first mail appearing (link often at the bottom). Deals with 95% of the problem right there so lets not blow this out of proportion. Webshops need some kind of online marketing to exist, they don't have a shopping window or paper leaflets to spam your real letterbox. Amazon is rather big and might be less interested in spamming you otherwise you would complain about them too.
-
Wednesday 2nd January 2013 09:45 GMT Anonymous Coward
Re: unsubscribe
Amazon is rather big and might be less interested in spamming you otherwise you would complain about them too."
Amazon themselves do not spam me - their "recommendations" page when you visit their web site achieves that function unobtrusively for them.
However - email addresses do leak from Amazon to generate unidentifiable spam. It is presumed that at some point an Amazon Partner is given the address as part of your transaction - and it is the latter's security breach which allows the address to be farmed.
-
-
Wednesday 2nd January 2013 11:45 GMT Steve Davies 3
Re: Amazon recommendations
It can be a tad embarrasing when the Other people went on to buy...
List of items contain stuff the you wouldn't want 'her indoors' to see. viz
I was browsing books about 'Git' when there was a reccomendation for some erotic novels because someone else had bought the Git book and the other stuff in the same session/order.
-
-
Wednesday 2nd January 2013 12:28 GMT AndrueC
Re: unsubscribe
> However - email addresses do leak from Amazon to generate unidentifiable spam. It is presumed that at some point an Amazon Partner is given the address as part of your transaction - and it is the latter's security breach which allows the address to be farmed.
Er, no. For several years now Amazon has anonymised email so their partners won't get your address unless you give it them. It's all done through the Amazon Communication Manager.
http://www.amazon.co.uk/gp/help/customer/display.html?nodeId=3149541
"All Seller communications should be routed through the Amazon Communications Manager which will deliver the Seller's message to you. The Communications Manager will deliver the message stating the Seller's name as the sender but from a unique e-mail address generated by us that will have the ending "@marketplace.amazon.co.uk". By replying to this e-mail your response will also be directed through the Communications Manager and will be delivered to the Seller, but again, from a unique e-mail address generated by us.
This enables Sellers to communicate with buyers without either party disclosing their private e-mail addresses and ensures Amazon has a record of all correspondence between buyers and Sellers. Please see the information on this page for full details."
If a third party got your address it must be because you included it in the body of a message or contacted them directly. It's one of Amazon's best features. To be honest it has a lot of advantages for them as well - call it mutual self-interest :)
-
-
Wednesday 2nd January 2013 10:03 GMT NightFox
Re: unsubscribe
I agree - I recently went through my spam folder unsubscribing to all the 'legitimate' spam using the links, and have now cut my spam by about 95% (I'm lucky that I don't get too much real spam).
My main annoyance on the unsubscribe links are the ones that require you to log in to the retailers web site to 'change your mailing preferences' as often I can't remember my credentials for a site I bought something from 10 years ago. You know my email address - you sent me the bloody link I just clicked. Now unsubscribe me!
-
Wednesday 2nd January 2013 10:57 GMT Kevin
Re: unsubscribe
I totally agree with this approach - I find it works for pretty much 100% of the 'soft' spam. As soon as I get an email like this, I hit the unsubscribe link and most of the time it works.
It's annoying that you probably didn't subscribe to this list in the first place, but hopefully most companies you buy from are reputable enough to comply with current spamming regulations (otherwise why are you trusting them with your money?).
I definitely get more spam through my letterbox than I do in my inbox...
-
Wednesday 2nd January 2013 11:43 GMT Jan 0
Re: unsubscribe
> "Webshops need some kind of online marketing to exist"
If they would just list their products and prices on a static web page, then we could just use a search engine to find and compare offers just like we used to in the 20th century. When I want something, then I go looking for it. If "webshops" don't want me to use search engines, then I don't care if they go bust.
-
Wednesday 2nd January 2013 12:39 GMT Don Jefe
Re: unsubscribe @Jan 0
A static webpage? If you've got a very small number of products you sell and/or a tiny inventory that's sort of OK but if you're dealing with thousands of SKU's and in stock inventories of tens of thousands of items a static webpage is useless.
Also static webpages tend not to track as well as dynamic sites on search engines.
-
Wednesday 2nd January 2013 15:24 GMT Atonnis
Re: unsubscribe
But then you're at the mercy of the search engines and their specific rules...
....which then puts you at the mercy of those people who can 'maximise your search presence by using techniques that take advantage of the latest methods used by search engine crawlers'...
...which also starts including search engine's search results from the search page on the sites, which then steadily gives you more and more shitty results (seriously, if I ever see another f-cking Amazon US page again it'll be too f-cking soon).
-
-
-
-
Wednesday 2nd January 2013 09:28 GMT Benny
Re: Unique emails.
I noticed that since I have started doing this with one of my spare domains (I went back and changed emails on quite a few existing accounts as well), the amount of spam I get has dropped. Could just be a coincidence, but I have this image of a marketing bod running a "select email from customers where email not like '%mycompany%'" or some such thing
-
-
Wednesday 2nd January 2013 09:07 GMT Anonymous Coward
Own your own domain name
I own my own domain name so every company I register with gets a different sign up email address. There's one layer of redirection too: no-one gets my 'real' email address.
If I start receiving spam from a company, I unsubscribe from their emails using their website. A bit irritating to be auto opted-in but otherwise fine, they need to know I exist as they emailed me an invoice and sent me some goods.
However if I get spam from (say) company Y but using the email address allocated to company X, then company X never gets my business again, and I put an email rule in at the point of mail redirection (i.e. way before the email gets downloaded to any of my devices) to bounce the mail back to the sender. This happens very infrequently.
-
Wednesday 2nd January 2013 10:15 GMT Benedict
Re: Own your own domain name
Redirecting back to the alleged sender of the spam is moronic as the address field will almost certainly be forged, which just creates more junk (aka back-scatter).
What you should be doing is redirecting it to the customer services department of the company who leaked/sold your email address with a message telling them why they have received it.
-
Wednesday 2nd January 2013 15:21 GMT Anonymous Coward
Re: Own your own domain name
My girlfriend recently attempted to sign up to a mailing list on a Dutch education website (normally they would remain unnamed but, sod it - Pearson). She used the address pearson@<her domain>. She had a response from some snooty lady saying that she is violating Pearson's trademark and that she must change her email address. She replied explaining her reasons for using their name as part of her email, but was ignored.
-
Wednesday 2nd January 2013 20:14 GMT Anonymous Coward
Re: Own your own domain name
You can ignore that email about trademark violation as she is not using a domain name, or email the snooty cow back and tell her that she should read up on her trademark laws before she emails again - if I recall correctly, the Dutch have laws against false trademark claims.
If your girlfriend would register pearsons-nl.com, for example, she would indeed be reliably on track for a trademark dispute. I would however, add to any reply that the response seemed to suggest that Pearson had an adverse reaction to tracking of Data Protection abuse, and that your girlfriend is thus considering reporting this to those who are in charge of enforcing compliance with the "wet Persoonsgegevens" (Dutch Data Protection, if I recall correctly). Could be entertaining to see what that would give as response - especially if you copy in their press liaison.
I have no problem with a company trying to guard their trademark, but God help any setup who thinks they can {lecture me on}/{threaten or bully me with} an incorrect interpretation of law as I enjoy returning that fire with interest. There's far too much of that going on at the moment.
-
-
Wednesday 2nd January 2013 09:08 GMT Anonymous Coward
In the UK ...
Regulation 22 of The Privacy and Electronic Communications Regulations 2003 applies and UK companies must honour unsubscribe requests.
I only know this because one UK company was bombarding me with marketing crap and ignoring unsubscribe requests. When I found this regulation I emailed them and threatened them with action for non compliance. It worked.
-
Wednesday 2nd January 2013 09:13 GMT AlexV
Master of your own domain
Get yourself a domain name (there are some really cheap ones around, if you don't care what the tld is), set it up so that anything@example.com gets forwarded to your real address. Then, whenever a website wants your email address, you give it their name: theregister@example.com for example.
If they are well behaved and send you only emails you want, or honour unsubscribe requests for those you don't, all fine. If they prove rogue, blacklist that "to" address and never be troubled by them again.
I find it more convenient than having to create an address before using it (like trashmail) or having to visit a site to pick up mail sent to it (like mailinator), but that's because the vast majority use-case is non-spammy. If it was mostly spammy, or I needed an address to use with someone already known to be spammy, then I'd use mailinator.
-
Wednesday 2nd January 2013 09:22 GMT Tezfair
Re: Master of your own domain
Been doing this for years, its quite good as a paper trail.
My biggest culprit is Swinton Car insurance, I get a load of random junk to 'swinton@' email address because I once did an online quote. I have a rule now that fwds 'their' junk mail back to Swinton.
So the more they sell my email account the more crap they will get back
-
Wednesday 2nd January 2013 09:42 GMT Tom Wood
Re: Master of your own domain
"So the more they sell my email account the more crap they will get back"
Oh, I'm sure that really bothers them. All those envelopes they will have to waste their staff time opening!
Seriously, just send them to the bit bucket - replying to spam with spam just makes you part of the problem.
-
Wednesday 2nd January 2013 10:23 GMT Fred Flintstone
Re: Master of your own domain
I have a rule now that fwds 'their' junk mail back to Swinton.
The only way that will help is if you find out the email address of the MD/CEO and send it there with an explanatory note, or another email address that is in active use. Most companies send from an "no reply" mailbox..
-
Wednesday 2nd January 2013 12:57 GMT daimun
Re: Master of your own domain
Swinton are also one of the pita spammers I can't shake off. Another is taxi.com Their T&C even state "You may opt out from receiving this information at any time". This is complete BS of course as I have tried many times. Fortunately my email hosting service provides the option of a blacklist and I take great delight in getting a daily spam report and reading who's been deleted at source. TAXI send at least one message *every day*, often four!
Like lots here I also use the company@mydomain email assignment.
-
Wednesday 2nd January 2013 20:19 GMT Anonymous Coward
Re: Master of your own domain
With any UK company you do the following:
1 - keep a record of receipt of email and a dated screendump of your unsubscribe.
2 - as soon as you receive another email from them (must be after more than 2 weeks), file a formal complaint with the Office of the Information Commissioner (forms are on their website). You don't need to engage in conversation with the company in question as you have used the communication provided already (the "unsubscribe" and it wasn't effective. It's not your job to sort out their problem.
3 - copy any further email you receive from them into the case number you will be given.
-
Thursday 3rd January 2013 11:35 GMT BenR
Re: Master of your own domain
While in theory that's the 'right' thing to do, the ICO are the biggest waste of time and money going. They are a bunch of useless, toothless cretins generally, with about as much punitive power as the cup of tea slowly cooling on my desk.
I went through them with a complaint about spam phone calls and text messages, despite being registered with TPS. I'd gone to the trouble of filling in their idiotic form, and providing them with all the information the wanted and more, including the name, registered office address, phone number, contact details and website of the company in question. They contacted me back saying there was nothing they could do as they 'couldn't identify the company making the calls'.
Hopeless.
-
-
-
-
-
Wednesday 2nd January 2013 09:14 GMT Sean 30
couldn't care less, you bought from them so might do again...
Funniest one for me is a company I purchased a holiday through constantly sends me spam, this despite the fact I took them to court and won. Do they REALLY think I would ever buy anything from them ever again!
I'm happy to get confirmation of transactions etc via email, but no need to send the spam unless I ask for it.
-
Wednesday 2nd January 2013 09:14 GMT Graphsboy
Useful service
Spamgourmet.com does it for me. Create on-the-fly email addresses at the time you're registering and set the number of forwardings in the the new email address itself. And because you can create as many different addresses as you want, you can tell by what you allow to subsequently get forwarded to you exactly who's been a sod and passed your details on.
-
Wednesday 2nd January 2013 09:15 GMT Peter Hoare
Is unsubscribing really the worst possible thing to do?
The article repeats the age-old saying that clicking the unsubscribe link is the worst possible thing to do. Is there actually any evidence for that being the case? That it merely confirms to the spammer that the address is valid?
Give the ease with which spammers can throw out email (usually via botnets) I really find it hard to believe that there is any benefit to them in validating any of the email addresses. Why would they go through that bother? When they can easily acquire 10 million addresses, and can easily email each and every one of those, what do they gain by whittling that list down?
So yes, it's a perfectly feasible scenario that spammers DO use that method to confirm the address is valid, but I'd really like to see some evidence that this is in fact the case. Personally, I put it down as being a myth. In fact I'd be more worried - given the 'morals' of the spammer - that clicking the link to unsubscribe was likely to lead to an infected webpage that made me part of the botnet used to send out the next wave of spam.
-
Wednesday 2nd January 2013 09:55 GMT Grikath
Re: Is unsubscribing really the worst possible thing to do?
When it comes to real spam, yes, it really is the worst possible thing to do, and you've given one of the most important reasons in your own post already.
Whenever you hit that unsubscribe link on a true spam post , you are sending the owner of that particular list a message telling him not just that your email adress is actually live ( which ups its' value, as there's quite a lot of dead crud in those email lists), but you are also telling him that it belongs to an idiot who actually interacts with what is obviously a spam email, making you a prime mark for those nice mails with dodgy links designed to integrate your PC in a botnet.
So by trying to unsubscribe from those mails you're upping the risk of getting deliberately targeted by malicious spam instead of the half-hearted shotgun approach by several orders of magnitude.
-
Wednesday 2nd January 2013 12:57 GMT Eddie Edwards
Re: Is unsubscribing really the worst possible thing to do?
I think he's aware of the conceptual principle that a signal is sent back to the spammer; what he's debating is whether or not spammers actually use that information in practice. What you're saying sounds like nothing more than the same assumptions he's questioning.
As others have said, most reputable companies are spamming people, but you know who they are, and they have to honour unsubscribe requests by law. The rest is probably in your spam folder already. So the article's worry about "should I click unsubscribe" is probably unfounded IMO unless you're still besieged by 90s-era Viagra spam because you don't have any kind of modern spam filter.
I think the point the article is missing (by focussing on these quasi-paranoid maybe-issues) is that we need a new generation of spam filters that can do things like show you emails from a company you're sort-of interested in, but at a rate that suits you rather than them. For some reason everyone has upped the ante and is sending stuff way more often now (judging by my inbox) but I don't want to unsubscribe from all of them because actually I do want occasional reminders about that stuff, but maybe only every month, or only 6 weeks before Christmas. And I'd quite like to filter emails from Lego so I only see the Star Wars ones. Things like that.
-
-
Thursday 3rd January 2013 11:41 GMT vagabondo
Re: Is unsubscribing really the worst possible thing to do?
"Personally, I put it down as being a myth."
It's not a myth, ask a mail sysadmin. You can buy lists of "unsubscribed" addresses.
Our advice is to only unsubscribe to a list that you have subscribed to. Never try unsubscribing to spam, you will probably be donating your address (maybe all your contacts) to an address harvester.
My personal no. 1 spam hate is bouncing spam to the (forged) "From:" or "Reply to:" address instead of rejecting it. This is the favoured behaviour of Symantec et al, who would go out of business without a sufficient supply of spam.
-
Wednesday 2nd January 2013 09:15 GMT Anonymous Coward
It’s easy enough to use your DELETE key
The other problem with the argument that "It’s easy enough to use your DELETE key" is that I get spam sent to my mobile phone - it uses up my bandwidth allowance.
I've thought of creating a special account which is only used for online purchases which I can make sure my phone doesn't retrieve mail from - however, sometimes it is useful to know that a delivery is going to be made imminently.
-
Wednesday 2nd January 2013 09:25 GMT Anonymous Coward
Odd.....
....but I guess this must be a US article. The only reason is that companies in the UK MUST allow the option to decline marketing mails / affiliate mails. It's those one or two tick boxes that you clearly are ignoring. I've signed up with dozens and dozens of UK sites and don't get hit with spam.
If they don't offer these options, then don't do business with them. If they can't follow these basic rules, forget trusting with your credit card details.
-
-
Wednesday 2nd January 2013 09:50 GMT Anonymous Coward
Re: Odd.....
Too right. And of those that have the option, a good half IME just ignore it. I tick the "don't send me anything" options with religious fervour. I read the text carefully "Tick box a if you don't want our email promotions. Tick box b if you do want our partner's promotions" and select accordingly.
But the vermin still send the rubbish, and this includes major retailers. To be fair the unsubscribe requests are usually, but not always respected, but the thrust of the article still applies: Why do the pea-brains in marketing think for a single moment that anybody would want weekly or even monthly news and offers clagging up their inbox?
-
-
Wednesday 2nd January 2013 09:49 GMT Jon Press
Re: Odd.....
I think this is a "grey area". I get lots of spam promoting established UK businesses which actually originates from outside the UK and is from "affiliate" marketers who may be acting outside the terms of their agreement. The overseas (often, US) spammer is probably working within local laws and the UK business hasn't been involved in the data processing.
Granted, this spam has mostly arisen to addresses that at one point or another have been given to US businesses or leaked on to the Internet in the very early days, but once they're out there, UK businesses are quite happy to turn a blind eye to their affiliates' behaviour.
-
-
Wednesday 2nd January 2013 09:36 GMT Destroy All Monsters
"They don’t have any sense of reason or shame that we can appeal to, and they have no incentive to be accommodating. We’re not their customers. In fact they make their money from selling us, not selling to us, so they have an excellent motive not to help us."
Sounds exactly like that tax thing if you replace "selling" by "serving".
-
Wednesday 2nd January 2013 09:38 GMT hitmouse
Security
One problem with these companies that collect registration information is that they are either the ones with the worst security OR they're liable to getting bought and your details transferred to more serious spammers.
I tried to get Specsavers to stop sending me physical mail (actually to someone I used to live with who was getting deluged with it) and returning the mail for two years made no difference. When I contacted their data people they actually had the hide to demand more personal details about me than they already had in order to verify who I was.
-
-
Wednesday 2nd January 2013 10:38 GMT Anonymous Coward
@NonNomNom
For most people and companies the costs of dealing with spam would be classed as consequential losses. These are not normally admissable as part of small claims procedings, so you'd need to take them to full country court, where you've still got a good chance of the case being dismissed or lost, and then you'd be liable for the other side's legal costs.
And if you've already deleted the spam (and thus incurred costs) then where's your evidence? If you haven't deleted them, where's the processing cost? That could be a bit of a bind.
I've never heard of a claim for potential consequential losses, so you could make legal history if you win, and if you do then I'd like you to turn your attention to perpetual motion.
-
Friday 4th January 2013 12:57 GMT Vic
Re: @NonNomNom
> These are not normally admissable as part of small claims procedings
Yes, they are.
A company failing to comply with PECR is unlawful, and I can (and have) invoiced for the clean-up associated with that failing. Wait a couple of weeks, and you can put that unpaid invoice through the Small Claims process.
I've done this. I have to be quite annoyed to go through that rigmarole, but so far it's been pretty effective...
Vic.
-
-
-
Wednesday 2nd January 2013 13:30 GMT Anonymous Coward
Re: Suing and winning@JohnG
I concede your correction! But the settlement your link refers to wasn't a contested amount scrutinised by the court, as the article points out. If you can settle out of court (as in that case) you're OK, but had it gone to court and been contested, then the damages would probably have been nil or thereabouts, because the demonstrable losses would have been next to nothing.
There's some other issues, that the linked case was specifically about a company who hadn't any commercial relationship with the claimant. In context of this thread, we're mostly talking about spam from companies with whom you do have a relationship, and the ICO states (with my emphasis) "The Privacy and Electronic Communications Regulations 2003 cover the sending of email marketing. This legislation says that organisations must only send marketing emails to individuals if you have agreed to receive them, except where there is a clearly defined customer relationship"
Even where there is a case to answer, simply reading the article you've highlighted would give the companies whom you might sue the simple answer : Admit liability, but argue that the claimant has actually incurred no worthwhile losses.
-
-
Wednesday 2nd January 2013 09:55 GMT Robert E A Harvey
Cleft stick
The worst offender I know is spex4less. I have bought spectacles from them in the past, and may well do so again. Their prices, quality, and customer service are first-class. I've had them telephone me to confirm a prescription because it was so far different from the one I gave them the year before. Brilliant. But they do have the habit of trying to sell me another pair every day after I have bought one. They bombard with emails.
I want to continue to shop with a reliable, trustworthy, and cheap supplier. I don't want the drifts of emails that clog up my inbox. Telling them this does not change things.
This is what spam filters are for. I take them out of the blacklist when I place an order, and put them back after I have recieved it. They are clever enough not to send direct marketing while an order is open, so it works nicely.
-
-
Wednesday 2nd January 2013 10:45 GMT Phil 54
Same here...
I use exactly the same system. I get almost no spam on my professional or personal addresses and I check on the other ones once a week(ish) unless I've bought something. Forums are all set up to not contact me unless someone PMs me or if I've subscribed to a particular thread. My worst spam problems are mass reply-to-alls from friends, family or acquaintances.
-
-
Wednesday 2nd January 2013 10:00 GMT Gerphy
I used to get lots of spam. I don't any more. I don't have a facebook account, I don't use twitter. I do post to newsgroups, and use forums, and I have my own website, and my email address is on every page. I don't have spam filtering enabled on my ISP mailbox, either. Maybe because I don't give my email address to any site that requests it - if a site wants an email address to view things, I won't bother. If a site is heavy in adverts, I close it. If I'm buying something, I read the 'if you don't want to not opt-out of receiving emails from us please don't tick the box' and tick what is hopefully the right choice - or I go somewhere else if the messages annoy me. My SpamAssassin folder shows about 20 spam messages identified in the last 30 days, plus I've deleted 2 by hand. I don't reckon that's too bad.
I'm not sure what I'm doing that makes things better these days, but since those painful days of dial-up when every other message was spam, email's significantly more spam-free.
-
Wednesday 2nd January 2013 10:03 GMT Anonymous Coward
Political parties are worst offender
Communicating with your local councillor or MP via their website usually requires your details - including an email address - before the query is accepted.
In my experience the Labour Party is the worst offender. They send political spam for years after to that email address - even when you were pretty sure you had ticked the "do not use" box. It Even when direct complaints appear to stop it - the list gets resurrected a few years later. The spam itself appears to offer a route to unsubscribe - but just goes in circles.
Their worst offence was to take my general comment about a road calming measure and submit it - in severely edited form - to the County Council Highways Department's complaints page. Their submission forged my name, snailmail and email addresses. All apparently part of a vendetta between the local Labour Council and the Tory County Council.
The local Conservatives are also now sending me political spam by misusing my email address from an MP query.
-
Wednesday 2nd January 2013 10:08 GMT jake
Who the fuck ...
... is daft enough to purchase anything online in the first place? Can't you find it within 20 miles of where you live? If not, why the hell do you think you need it?[1]
Honestly ... this whole "I saw it on teh IntraWebTubes, so it must be true" culture is starting to make me think that HomoSap has stopped evolving. Gut feeling is we are a dead-end species.
Enjoy your PLEASEGooMyFaceYouMSTwits, kiddies ... Your great grandchildren (if you have any) are going to to revile your names.
[1] Folks restoring antique machinery being an obvious exception ... but then, they have clues. The PLEASEGooMyFaceYouMSTwits equally obviously do not.
-
Wednesday 2nd January 2013 10:55 GMT mark 63
What the fuck ...
er Jake,
what the hell are you talking about?
"GooMyFaceYouMSTwits,"
something about social networks? i dunno
buying online? well i dont want to pay more and I sure as hell dont want to get off my arse to do it , not to mention taking time off work to get to the shops - which only open during the day for the unemployed. ooh the irony
-
Wednesday 2nd January 2013 12:09 GMT Stoneshop
Re: Who the fuck ...
... is daft enough to purchase anything online in the first place? Can't you find it within 20 miles of where you live? If not, why the hell do you think you need it?[1]
a) because it saves money
b) because it saves time
c) because it saves both
d) you can buy 40W CO2 laser tubes twenty miles from where you live? Good for you. And no, it's not an antique machine that needs restoring.
For the record, I'm not deluged with spam. Far from it. Most is coming in via the admin address for a mailing list I manage, apparently scraped before they obfuscated the addresses on their web pages. A large part of the remainder (amounting to a few messages a day) has been scraped from Usenet some time in the past. Some is addressed to $randomstring@mydomain, and maybe a single message a day is some vendor who ignores the 'no mail' checkbox. And I've had just a single case of a vendor leaking or selling the e-mail address I gave him.
-
Wednesday 2nd January 2013 10:13 GMT Anonymous Coward
A big problem is the giant BCC'ed address book hack
A lot of companies do it this way… the one I work for was no exception. The "mailing list" exists as an entry in the secretary's email client address book. Often it is done this way because the people have never bothered to research alternatives.
Each "UNSUBSCRIBE" note they have to process manually. Likewise with bounces.
At my work place we recently retired an old router box running Untangle and put a Ubuntu server in its place. To this I set up Postfix and a tool called Mailman. Majordomo was the other consideration I had, but Mailman is quite user friendly.
You set one of these up as a moderated list with a select few people allowed to send without moderation. Voila, instant newsletter alias. Bonus points by allowing people to unsubscribe themselves and having the system automatically unsubscribe bouncing addresses.
When I explained this to them the question was asked: "Where were you 10 years ago?"
The next step is actually having the site add their subscription in when they contact us and ask to be added. There's a check-box that's ticked by the user to indicate one wishes to subscribe and at the moment this gets picked up in our ERP system (OpenERP) and creates a lead — the "Opt In" field is taken from the site. My next task will be to export this list and feed it to Mailman periodically.
The point being — doing it right so far has proven much easier than the dodgy hack that many still insist on. It saves gaffs like the one the Taliban made not too long back, saves time on manual searches through lists of addresses and even allows a degree of self-service for the customer.
-
Wednesday 2nd January 2013 10:17 GMT hugo tyson
Charities
You're so right about charities; I always say to friends "here's a tenner, you're welcome" - no way am I giving my email address to a charity; they used to be the worst offenders for unaddressed junk (dead-tree) mail.
But for real places that were one-offs, can you go into your account and change the email address? I know it takes time, but I do that occasionally - for those places that have no "close account completely" button. Actually, I change the email address first, then close the account - so that if they still want to email, they can't.
-
Wednesday 2nd January 2013 10:18 GMT Fred Flintstone
An exception to the rule - with some help.
Actually, a year ago I did something completely different when I received again UCE from Oracle - I'd already tried unsubscribing so I decided to see what else I could do. I sent a note to whatever legal department I could find that I didn't appreciate being emailed for something I would never use, and was disappointed that an organisation such as Oracle would engage in this activity.
The result was, well, impressive. A lawyer in that department who seems to hate spam as much as I do took this email and went digging, and it emerged the company they were using for mailing lists was not updating its blacklist as directed by Oracle. Given the fairly panicky email I got from the provider to apologise I suspect they must have had their feet roasted.
I was kept in the loop throughout this process by the lawyer, so to me that was a plus for both their legal department and for their approach to marketing - let down by a 3rd party.
Naturally, this is a legit setup, I have no intention to do this with the BUY VIAGRA CHEAP rubbish, but sometimes it is worth just politely asking the question where you may get an answer. If you don't get an answer it's time ye olde blacklist - preferably server based.
It is worth noting that EU Data Protection laws don't just mandate asking for permission to use data for marketing (and must make that opt IN, not opt OUT), they also require companies to keep that data up to date and relevant. The child product emails in the Reg article are thus clear evidence of a company not living up to its obligations, and they can be reported and fined for this. From the client information management strategies I have seen, by far the most important omission is registering the DATE of the entry coming into the system and each element thereof.
However, what I miss in Data Protection rules is an obligation for companies to tell where they got your name from. This creates a problem - as soon as you have made the mistake of registering with a company that stated in a 6 point light grey font on a white background in a page footer that it would resell your data you're on a list that gets sold to all and sundry, and you're condemned to playing a game of whack-a-mole to identify the company that does the selling because only they have the ability to remove you..
-
Wednesday 2nd January 2013 10:26 GMT MartinSullivan
Not Quite Spam IP Blocks
Many of the not-quite-spam e-mails I've received over the years do appear, at first glance, to come from the folk they say they're from. However they're not. Even quite large companies are apt to use specialised e-mail companies for this, for example PurePromoter (http://www.pure360.com). These can be spotted, flagged in an artificial header and ultimately sent to the appropriate low-priority folder, cough, on the IP address block that they use via procmail (http://www.procmail.org). A typical rule would be:
:0 fW
* ^Received: from .*\[94\.236\.20\.1(2[89]|[345][0-9])\]
| formail -I "X-BIB: PurePromoter Ltd"
Sadly specifying these blocks do require that you grok your Regular Expressions. Some nice CIDR-type block specification seems to be beyond procmail.
You can also have a rule like this:
:0 fWDB
* emails:http:.*/unsubscribe.php\?
| formail -I "X-BIB: Pluto PHP unsubscribe"
As they're spotted too.
Then it's a case of a single rule on the new X-BIB header:
# Box all the BIB messages
:0
* ^X-BIB:
not-quite-spam
You can, like me, spend rather a lot of time on such shenanigans. My procmailrc is enormous, and beyond my simple comprehension. I think that it may be self-aware.
-
Wednesday 2nd January 2013 10:28 GMT alain williams
Paypal - grrrr
I made what was effectively a charitable donation; they used paypal. I ticked the box saying that I did not want to create a paypal account (I read their nightmareish T&Cs years ago). The next thing that I knew I received email from Paypal telling me how to update my account settings. I phoned them, they lied to me; gave me an email address to complain to that did not work.
They are an unscrupulous bunch of crooks who have no intention of operating in a truthful manner. I will now never have anything to do with any organisation that only accepts payment via that bunch of bandits.
-
Wednesday 2nd January 2013 10:41 GMT Steve the Cynic
Re: Spam filter rules.
"choosing Gmail for email is swapping spam for advertising".
Hmm. Is there advertising on my gmail page? Oh, yes all the way over there on the right, where I don't look because the actual email is all the way over there on the left. Get a wide screen, and keep the browser window maximised. Or read it on your shinyslab (of whatever flavour) where the IMAP transfer (yes, we all know about goggle's broken IMAP...) doesn't include ads.
-
Wednesday 2nd January 2013 10:43 GMT Evan Essence
Spamgourmet
Others have mentioned throwaway addresses. I've happily used spamgourmet.com for years, and sometimes update the cutoff limit for an address, so it's not really a "throwaway" address: there's that flexibility. It's a bit geeky, but deliberately so to put off Joe Sixpack types: nothing to faze any Reg reader.
-
-
Wednesday 2nd January 2013 15:22 GMT Juan Inamillion
Re: johnlewis.com
Hmm.. that's the first complaint of John Lewis I've ever seen. Their customer service is generally reckoned to be well above average. Did you trying contacting their customer service?
(No I'm not associated with JL in any way, just curious as I know an awful lot of people who use them.)
-
-
Wednesday 2nd January 2013 11:02 GMT Shannon Jacobs
How to confirm that an unsubscribe mechanism works?
Answer: You can't, but the email providers (such as Gmail) could if they cared that much. In essence, they need to test the unsubscribe mechanisms with honeypot addresses and see whether or not they work or just result in more spam. In cases where they do work, the email should be annotated to that effect, and in cases where they don't work, the email provider should make extra efforts to put the spammers' out of business.
This should actually be part of comprehensive anti-spammer tools that the "sincerely anti-spammer" email services should provide. Imagine something like SpamCop, but on steroids. Rather than a meek shot at the spammer's ISP and webhost, there should be several iterations of increasingly refined analysis and targeting to break ALL of the spammers' infrastructure, pursue ALL of the spammers' accomplices, and help and protect ALL of the spammers' victims.
The spammers are in effect holding up signs saying "I'm a criminal and I will rob you." Doesn't it seem bizarre that their business models are still working so well?
-
Thursday 3rd January 2013 00:45 GMT Anonymous Coward
Re: How to confirm that an unsubscribe mechanism works?
The Bankers and Pension Fund managers in effect holding up signs saying "I'm a criminal and I will rob you." Doesn't it seem bizarre that their business models are still working so well? Not when you consider they have the balls of the Government in their hands. TFIFY.
Spammed from a 'reputable' company, forward it with covering complaint to the CEO (Google is your friend).
Make a note of CEO's name.
If the problem is fixed then all is hunky dory
else
Never buy any product from any business that employs that person (LinkedIn is your friend) and if asked, say why.
-
-
Wednesday 2nd January 2013 11:22 GMT Bgfreeman
If there's no valid reason for the company to have my email address, they don't get it.
So, if they're not going to send me an email confirmation for a product, or shipping notes etc, they get fake@email.com as the address, or x@y.com both of which usually pass whatever sad excuse they've got for checking.
Otherwise, yes, use a throwaway.
-
Wednesday 2nd January 2013 11:22 GMT Joe Montana
Unique emails
I do the unique email thing with a slight twist relative to what everyone else seems to be doing...
Instead of company@mydomain, i do whatever@company.mydomain by using a wildcard subdomain. This serves two purposes:
1, i can junk the address with dns which causes less load on my mailserver (and i can create mx records which point back at whoever is the source of the spam).
2, Some spammers will take a given list of domains and try random common names @ the domain, so you can still identify the troublesome domain.
While i primarily use the unique email address setup to identify companies which have sold me out to spammers, i have found that several are starting to be sneaky about this - if the email address contains their own company name they won't give it out, so companyname@yourdomain wont get sold to spammers but blah@yourdomain will.
-
Wednesday 2nd January 2013 12:16 GMT AndrueC
Everyone I contact gets a unique address to use for me and if they abuse it I block it and they don't hear from me again. It takes zero effort to hand out new addresses and only a little effort to block them if they go bad. What annoys me is that I am always careful to tick 'No, don't send me marketing crap' but half of them do anyway. I doubt it's a bug in the entry form so most likely they just ignore the checkbox.
Thankfully my email system means I don't actually get spam (or only once for each contact) but the best solution I've found when it comes to online shopping is to only buy stuff from Amazon. It's the smaller, independent retailers who generate the spam so I stopped using them a long time ago.
-
Wednesday 2nd January 2013 12:23 GMT jrd
gmail works
I've had 1 email address for 10 years which I use for everything, and I do a lot of shopping online, I'm on mailing lists etc and I must say almost no spam gets past gmail's excellent filters. Those that do always seem to respond to unsubscribe requests, so I would recommend this extremely simple and low-overhead combination if you have spam problems.
-
Wednesday 2nd January 2013 12:35 GMT A J Stiles
My personal solution
My personal solution to this is to use my own domain with a "catch-all" e-mail address (anything before the @ sign goes to my user). I give every company with which I deal a slightly different version of my e-mail address (usually blatantly obvious, like reg_resp@mydomain.co.uk). From that point on, all it takes is careful use of procmail (it obviously helps that my ISP explicitly support uploading a .procmailrc file -- all halfway-decent ones do). If a company sells "my" e-mail address on, I can quickly spot e-mails not originating from the rightful sender; that one address variant simply gets devnulled, leaving all the others alone.
It's been working for over 14 years now and counting.
The worst offender was actually a private mailing list. Some Windows user managed to get infected with some malware which picked up on my e-mail address from a posting I made to the list, uploaded it to some list somewhere, and a deluge of spam ensued. After posting an e-mail to the list saying "SOMEONE ON THIS LIST HAS A VIRUS!", contacting the list moderators and changing my e-mail address, everything fixed itself.
-
Wednesday 2nd January 2013 12:46 GMT heyrick
Semi-related whinge
Those sites that require you to create a profile before they'll tell you how much they're going to hit you for postage. That's the point where I close the tab and instruct Firefox to "forget about this site". All they need to know is the postage method (SAL, EMS, courier, etc) and the country...
-
Wednesday 2nd January 2013 13:13 GMT Gaz Jay
It's all about Opens and Clicks
I used to work for a marketing company - we handled mailing lists for some pretty big UK retailers.
One of the things we used to do was sanitize our mailing lists. The reason for this was to keep costs down for the company we were mailing for, to try to keep good relations with it's customers/former customers and also to stop our own email dispatch servers from being black listed.
We used to keep track of which email addresses were being "opened" and "clicked". If we sent an email to a particular customer and it wasn't opened (but was received OK), we would note this in our mailing list. If we sent out a further 2 emails that were not opened by this address, the email address would automatically be removed from further mailings.
I don't know if any other marketing companies were doing this. But it made sense to us. The companies were were mailing for consistently got >95% successful delivery rates and high open and click rates as a result.
-
Wednesday 2nd January 2013 13:45 GMT Hollerith 1
I try not to buy from sites that force me to register
When I'm looking to buy something online, and find the shop I'm dealing with is forcing me to register in order to buy, I see if a competitor will sell without the registration process. I then stick with that one and blacklist the forced-to-register site, and if I am feeling in the mood, I email the latter to say 'this is why you did not get my business'. I like to use vendor websites rather than Amazon if i can, sort of like supporting the independent little shops, but if I have to register, I figure I have no reason to add to my pain and go back to Amazon or a similar site I have had to register with. Of course, that's why they like you to register.
I also make a point of deleting any special offers that come from a forced-to-register site. It just encourages them.
Finally, I often take the grmpy pleasure of registering each and every time on certain sites, such as ticket sales sites. I have one concert hall that now sends me about 12 advanced programmes via snailmail. Thir money down the drain, and I never have to worry about remembering my login.
-
Wednesday 2nd January 2013 13:48 GMT Anonymous Coward
In the UK we have the TPS, MPS, FPS, e-MPS and the Baby MPS. All supposed to reduce the amount of shite hitting your telephone, post box, fax and email. All schemes operated by the Direct Marketing Association (iirc).
It's not ideal as it's really no more than just a little self-regulation by the marketers. But, in my experience, the TPS and MPS have a noticeable impact upon phone calls and direct mails from within the UK.
The problem is, as I recall, even if you are on one or multiple lists, those companies who operate a default opt in at registration (and there appear to be a growing number of these in the UK) then that very act of enforced consent at registration (with opt out post-registration) opens up the floodgates once again, as it may be deemed that you have given your consent to all and sundry thereby rendering any prior TPS, MPS etc registration null and void.
Ultimately trusting all marketing scumbags to self-regulate is like asking an alcoholic to work in a bar without taking a drink - some may, others won't.
But hey, if you are in the UK and there are some larg(er) UK organisations not following the rules of self-regulation to the letter then why not organise a PITA protest and get say 1,000,000 people to flood the data controller(s) with highly detailed, lengthy and watertight DPA requests? I'm sure they'd love that. After all, the most they can charge for a DPA SAR is a tenner. Get enough people to simultaneously submit a watertight and highly detailed DPA SAR and I'm quite sure it case some considerable grief. I'd pay a tenner for the chuckles!
-
Wednesday 9th January 2013 13:18 GMT Derichleau
Section 11 of the DPA
To stop receiving any and all marketing from a UK-based company you should opt-out under section 11. But you have to make sure that the data controller is a UK-based data controller, which rules out Amazon for example as their data controller is based in the EU so they don't have to comply with the DPA.
-
Wednesday 2nd January 2013 13:53 GMT technohead95
Desperate need to control spam
I think there needs to be a system in place to control spam. The reason why email spam is so common is because it is so affordable to do so. It costs next to nothing to send out mass emails.
One method I read a while back was to charge for every email sent. The charge would be something very small like 0.001p and thus would be almost nothing for home users and would only be a minor charge for larger businesses. However, for spam companies, it would cost huge amounts as they send millions upon millions of emails every day. It would make it simply unaffordable to spam via email. Each ISP and webmail provider would need a way to invoice the email address owner.
You could argue that most spam companies use zombie PCs to send out spam and thus wouldn't incur the cost. Each email address owner can set a maximum cap on email addresses sent per month and thus protect them from getting stung with a massive bill if their PC has been infected with a spam bot. The ability to control the maximum cap should be easy for the user/business so it does not affect their legitimate day to day use.
-
Wednesday 2nd January 2013 14:21 GMT Jez Lawrence
yes. Spam sucks.
I sympathise with the author of the article though I'm struggling to see the point of it - this is not a new problem, nor is it news that opt out lists are no such thing. You're not even venturing an opinion as to what should be done about it. But if you just wanted to have a moan though, mission accomplished and fair enough - one of the perks of being an interwebz scumba-er, journalist I suppose. Moaning to nerds that spam is annoying is however a bit like calling up the westboro baptist church to tell them God Hates Fags - you're guaranteed a good reception but you're not exactly challenging their world view...
Me, I just use my very first ever webmail address, which was created back in the mid nineties before spam filters and things were truly available/functional. The spam became totally overwhelming by the end of the decade and I stopped using it for communicating with actual people. Instead I hit on the idea of just using for signing up to websites, games and forums. I have another email address which is only given to actual friends.
Result: no spam for me at all. Ever. Management required on my part: zero.
I more or less completely ignore my original email address except for just after making a purchase to ensure the receipt came through. And best of all because it's a hotmail address, Microsoft are paying for all the spam handling software, storage of the several GB worth of Spam collected over 15 years and of course the processor time. Until last year I was considering trying to get an apple webmail address to use for spam, because honestly I'd rather the Jobsien form-over-function hipster brigade suffered ...but then microsoft brought out windows 8 and have actually tried to claim with a straight face that it is an improvement, so I guess I'll stick with punishing Redmond instead.
Where was I? Oh yes. Spam. It is bad. The solution? Well, as the great Dennis Leary once said: life sucks - get a helmet.
-
Wednesday 2nd January 2013 15:39 GMT Anonymous Coward
Just because I buy your product/service doesn't mean I want to get spammed.
Some good spamfighting tips, especially with the custom email address at your domain. It's interesting to see how an email address gets sold on to other providers and who buys the mailing lists....
There used to be an hosting/domain company (who shares the same name as that radio station that plays 'more music variety') that wrote into its terms and conditions of sale that the customer would agree to receive marketing communications from the company with no option to opt out (as I found out after I'd joined them).
Needless to say, a few angry emails later (from me and I would guess the rest of their customers) they've put an option to unsubscribe from all marketing emails.
All very sneaky to bury it in the T&Cs - when time comes for renewal, it's likely I'll be moving away from them regardless, on principle. Marketing material should always be opt in...
-
Wednesday 2nd January 2013 15:49 GMT Tralala
Right on but didn't you forget about apps?
a despairing voice of reason [sadly, a bit of a rarity on register these days]
I also hide at Amazon or ebay to escape this info grab..
If you factor in motley 'verified by mastercard' schemes then sites are not attracting customers but actually driving them away. Sites trading in info need to ask themselves what business they are really in..
I would add that the same is happening with 'apps'
As an example I've been looking for a RSS reader/scraper for some Samsung Nexus iPaid Appple thingies
I can't get one - free or paid - that does not force me to hand over my details.
There is no benign or practical reason for this.
App makers should pay me to permit them to track my reading habits so they may profit from it.
It's unclear if this trade in 'soft-spam' is sustainable in the long term but if personal information is being monetised by companies to mine it, exploit it and trade in it then they must pay consumers to get it.
Currently we are happy to give it away for free....
That's got to change.
-
Wednesday 2nd January 2013 16:40 GMT bag o' spanners
I'd hazard a guess that a huge percentage of bandwidth clogging spam consists of socmedia notifications. Too lazy to visit the site? Read 400 likes, comments, and recommendation emails a day instead.
I noticed that blanket notifications are an opt out item on most socmedia platforms. So I opt out. I also opt out of stuff that "friends" have co-opted me into. Validation junkies may love to bask in the warm glow of a daily spam blizzard, but I'd rather be doing something useful. Like drinking beer.
-
Wednesday 2nd January 2013 17:10 GMT Arbstop
data gathering
By the very nature of online insurance sellers (and I guess the comparison websites as well) the data that you have to submit to them to get an insurance quote is probably the highest value information on you of all the possible online purchasing experiences.
You have to give them - name, address, occupation, age, health issues and all sorts of data about your lifestyle. Now that info itself must be so valuable that they don't need to actually sell you any insurance and they can make a mint from you.
When I last thought about getting a car a number of years ago I duly filled in all the online forms, using a disposable email address, and have been receiving some very well targetted spam emails about once a week ever since.
If you want to setup a website to gather such high quality data on real people then I can't think of a better business than insurance.
It would be really interesting to see what the various revenue streams are for gocomparethemeerkat.coms are ...
-
Wednesday 2nd January 2013 17:56 GMT Acme Fixer
I went to Office Depot and as I checked out, the cashier asked, "Do you want your receipt as paper or by email?" BINGO!!! As soon as they get your email address, the spam starts rolling in!! Of course, I told her, I'll take paper, 'cause if I give you my email address, you will spam me! And I already have enough of that.
-
Wednesday 2nd January 2013 20:32 GMT David 45
Spam or not spam?
Depends on your definition I suppose. I use Mailwasher Pro and find very little to "wash" these days, thank goodness, even though I have several accounts. I have to visit my Hotmail web pages every now and again to check the junk folder in case something legit has slipped in there and, again, there isn't a lot there either apart from the odd 414 scam! G.Mail is much the same. Effective filters can be created to send spam straight to the trash if needs be. I use Spamgourmet to create disposable addresses containing a company's name if I'm suspicious, so it's obvious if it's been passed on, although some sites throw up an invalid address error, or similar, sometimes and I can't use it. My biggest current annoyance is actually Amazon. Their persistent marketing mails are really OTT, with their "recommendations" based on previous purchases but whether that could be defined as spam is probably debatable. Most times, I just delete their stuff on sight, as it gets a tad tiresome.
-
Wednesday 2nd January 2013 21:09 GMT Bucky 2
Mostly just clueless
"How would you feel about “registering” with every bricks-and-mortar shop you buy something from?"
It used to be the case (okay, years ago), that whenever you purchased anything from Radio Shack, they'd write out a receipt by hand, asking for your mailing address so they could send you junk flyers in the mail. Sometimes the sales people would be particularly belligerent about demanding your information.
It isn't just merchants, either. I recently had an extended stay in the hospital, during which an organization made occasional visits with dogs. It was very nice. I wrote to thank them. Big mistake. Had to write an email filter against them in the end.
Ultimately, though, I'm still of the opinion that many organizations are simply clueless, rather than mean-spirited. Radio Shack stopped demanding personal information some time ago. The animal folks I still believe are more stricken with overzealousness than with any kind of evil mercenary attitude.
-
Wednesday 2nd January 2013 23:34 GMT Herby
My own domain...
I got one as well. Yes, I make up unique addresses for various functions. Yes, I can tell where they got the address. This is all well and good, and I found out that someone harvested my address from a Tektronix mailing list, and I now get all sorts of "ticket generated" spam using that address.
The downside of this is that with your own domain, you get all sorts of spam that points to "users" that have never existed. Hundreds of them. On each email. So I now have a wonderful pre-processor that trashes all of these. In addition, you get people signing up for hotmail accounts with names on your domain (in my case many in Spanish) and I try to click on the link that says "no I didn't want this" while putting the address in my trash list.
It is a never ending battle, as the problem with Spam email is that (unfortunately) IT WORKS. So what if you generate zillions of spam emails, if just 10 or so net you some sort of $$$ they they have succeeded in their task. Since the spamming operation is "free" ANY click, virus infection, or silly "enhancement" advertisement is money in their pocket. Simple economics unfortunately. If it cost just 1/10 (maybe less?) of a cent for each email (how much email do you send on a personal basis) it would drive up the costs for the spammers to make it non-economical for them to continue. The reason there isn't (that) much junk snail mail is that it has a definite cost associated with each piece that goes out the door.
As for such things as mailing lists, I suggest a small "one time" fee to setup these on a server, and allow them to be audited for "spam compliance" (subscription procedures, etc.).
No solution is "perfect", but when the majority of email can be classified as "spam" something needs to be done. I would like to track down the spammers and greet them with some sort of weapon of mass destruction, but that might be a bit extreme (joke), or then again it might not be, who knows. (*SIGH*)
-
Thursday 3rd January 2013 04:36 GMT Peter74447
Unsubscribe
I spent some time over the past 2 weeks going through all my spam and advertising emails and using the Unsubscribe link. Most of them instantly took the hint and claimed that i was removed from the list. A few of the sites did require me to log in to unsubscribe. What got me in this wonderful age of technology is the few sites that informed me that it "May take up to 10 days to process your request". 10 DAYS!!! WTF kind of system are you running if it takes that long to remove an email address from a database?
You can create an account, validate a credit card payment, transfer funds from one financial institution to another and ship an item half way around the world in 5 days, but to remove an email address from a database "may take up to 10 days"
-
Thursday 3rd January 2013 11:36 GMT Wardy01
The side of the coin
I work for a marketing company that sends about 1 million emails an hour (through each server we use to send).
The system we employ requires that our subscribers have to make 3 separate "i want this email" confirmations.
This is a real pain in the ass (tracking who's in what state) but it's a side of effect of the internet being in the state it's currently in.
I like to think that we are very good at what we do and always respect peoples right to cancel as a result we are very careful to ensure that un-subscribes are honoured (we've gone to the extreme of giving each email sent an individual unique id to ensure we have complete audit trails on them).
As a result of current thinking we consider a bounce an un-subscribe request in the same way as if someone clicked the un-subscribe link on the email, i personally spent hours spamming our bounce proccessing software (that I wrote to handle this) to ensure it was bulletproof ... something i'm proud of.
I agree with the message being conveyed here though ... not enough companies do this.
For my personal email, like many on here I have my own domain but my mail is routed through google, this basically means google filter all my mail and at any time i can do something like "company+my.address@mydomain.com" to use the afformentioned filtering tricks.
The beauty with gmail is that soo many people use it that it doesn't take long before any new spam is quickly added to googles "learning filter".
The upshot ...
I rarely see or have to deal with spam.
It costs me about £30 a year for a google apps for business account.
I wish it was a free service but seeing stories like this pop up everywhere makes me think ... maybe i can claim that cost back somehow !!!
-
Thursday 3rd January 2013 11:55 GMT Christopher W
Ah, spam.
I used to use OtherInbox to protect myself against exactly this kind of problem -- not just spam, but that middleground "bacn" which you don't hate receiving but which does clog up inbox arteries.
Amusingly I once had to supply an email address to download a WordPress plugin (the plugin was useful, so I caved) from MaxBlogPress. I supplied a brand new address on my OI account just for that... And within a day, I was receiving a dozen spam emails. I called out the MBP author on Twitter and emailed over with evidence of the unsolicited spamming - all of which was flatly and vehemently denied.
Until we can hit a button to electrocute the legitimate sender of an email when they send spam to us, this problem will persist unmitigated. SPF and DK have been shown to only slightly curb the influx of spam. I run a particularly aggressive combination of multiRBL and whitelist setups paired with tuned SpamAssassin and fail2ban on my busiest mailserver and it ditches about 95% of unwanted email -- but yet it still persists. And the amount of 'bacn' is so high now with every company fully committing to their 'online marketing campaigns' that after a while, if the boss maintains his habit of sticking his primary email address into every email form he comes across, there's not much you can do to prevent the influx.
I wish there was a unified, globally recognised mechanism for instantly unsubscribing - it would be the best elements of a good listserver combined with a protocol-defined mechanism for silently (or with confirmation message) unsubscribing from all mailing lists. It would require headers to be set defining the message as a mailing list which would then enable options in all mail clients which would need to support these parts of the spec. Never going to happen though. Oh well. Time for the pub.
-
Thursday 3rd January 2013 12:30 GMT Alan Brown
Not just disposable email addresses
I obtained a few 070 numbers (UK readers will recognise 'em) specifically to give to companies who have no business phoning me (Yes, I'm TPS registered and unlisted, etc. It doesn't stop everything) - they forward to VOIP accounts
I've had more than a few calls come in on the numbers and I make a point of making the calls drag on as long as possible. If XYZ company wants to spend £1.50/min to call me, who am I to stop them?
-
Thursday 3rd January 2013 15:53 GMT Anonymous Coward
I get loads of "offers" from places I've bought from in the past along with the usual spam. Over time I unsubscribed from some but still get loads. Then listened to a recent Guardian tech podcast where they interviewed one of the people behind (I think) the invention of MIME system for multimedia messaging and he gave a tip for dealing with email was to filter everything into blocks of related emails that could be dealt with individually. Following that I set up filters to detect "offers" emails from all the companies who send them to me and diverted their emails to a "email offers" folder when they are received. Result was last night having been away for a week visiting relatives I downloaded ~750 emails but after spam emails had been junk-ed by thunderbird and all the offers filtered I was left with only ~30! Plus I could then switch to the offers folder and identify a couple of sites to see if they had any interesting new year offers!
-
Thursday 3rd January 2013 17:02 GMT Brother52
DPA Anyone?
Until you mentioned $5 I couldn't understand why you were ignoring the opt out/opt in prompts that are required by law for websites that collect your personal data. At least here in the UK we have legislation to protect us from this sort of thing, if a site doesn't offer the option then I don't use it.
-
Friday 4th January 2013 04:32 GMT Shadow Systems
Tailor the email to the site.
Some email services allow you to either create an Alias, or as in the case of Gmail, utilize a (Your User Name)"+BlahBlahBlah"(at gmail dot com) addressing convention.
If your name is John Smith, and you're registering at Amazon, then you sign up with "JohnSmith+Amazon".
If it's Jane Doe & you're signing up at "The Sewing Supply Palace", then use "JaneDoe+TheSewingSupplyPalace".
This now *absolutely* identifies where you used the address, and thus whom sold it to the spammers.
From there, it's easy enough to create an email Filter to automaticly permanently delete *ANYTHING* to that Alias as spam, no matter *whom* may have sent it.
From there, you can log in to that site, change all your personal information to garbage, & sign out for the last time.
You've just poisoned their database's value (because it now contains a "Customer" whom isn't *really* named "YouAll SuckSpammingHell", or lives at "1234 Notgonna Tellya Lane, Nowhere, Mumbai", with a telephone number of "+1.23.456.7890", etc) and when the company tries to sell "your" customer data, they then helpfully poison all the *other* potential spammers' databases, too.
If you can't trust them not to spam you, then don't let them keep your personal data, either.
Use an email alias, and if they spam you, alter their copy of your personal data, add an auto-permanent-delete rule to your email client for that alias, and you never get spam to that alias again.
You're welcome.
=-)
-
Friday 4th January 2013 12:23 GMT Anonymous Coward
Re: @Graham Marsden
@Anonymous Сoward
Go Compare always gets hated why? I find that the animated girl on those confused com ads are far more annoying.
Thumbs up if you agree.
The mentally retarded marketing person that came up with that annoying as hell cartoon girl that you mention, just gave you a thumbs down for speaking truth!
-
Monday 7th January 2013 13:49 GMT Derichleau
You can opt out of marketing from any UK company under section 11 of the DPA
If you're being bombarded by unwanted e-mails from a particular UK company, then all you have to do is write to them and ask them to stop in accordance with your rights as a data subject. Forget all this unsubscribe malarkey, a section 11 request will stop marketing by post, text, e-mail, phone, and if you have an online account, even the advertising banners that appear in your account pages.
www.mindmydata.co.uk.
-
Tuesday 8th January 2013 13:57 GMT Sooty
What I want to know
Is why spam still exists? Who are the morons who are actually buying things from these people that make it profitable to continue?
I accept the phishing, etc emails that mimic valid ones to some extent will trick people, but really who tries to actually buy anything from the slightly less dodgy ones? If I get an email from a company I've never had dealings with, they instantly go on my 'have nothing to do with these crooks' list! Similarly with cold callers, I don't care what you are trying to sell, what sort of idiot will give their details to a stranger phoning them. All the spam is making me less likely to have anything to do with them.
I got an old window replaced last year, and the company called me several times a week afterwards to 'follow up' ie try and get me to replace all the others (about £4k). I finally shouted at them saying that I was getting the rest of them done ( I will eventually :) ) and would have used them, but there was absolutely no way I'd ever consider using them now due to all the calls. I may have used some 'colourful' language as well. Despite all the previous requests, that time they really did appear to take me off their lists.
-
Tuesday 8th January 2013 16:45 GMT Wardy01
Re: What I want to know
@Sooty
That's the thing, you don't have to buy anything from them for them to make money from you.
Often "real spam" is an attempt purely for you to confirm your email / other personal details in some way.
Doing so will result in them having confirmation of your personal details which are then sold on.
They can get your address by doing a range of things.
To name a few ...
Randomly generating somename@yourdomain type email addresses and sending a tracked image in it.
Scrape the data from web pages / forums you might have posted on.
Hacking in to someone else' database that has your details.
Others here are also talking about spam through sites they consider initially to be trustworthy but then ultimately do the same thing.
THAT'S WHY SPAM EXISTS!
-
-
Tuesday 8th January 2013 18:54 GMT Alan Brown
Spam exists because marketers feel they have a god-given right to advertise in your face - and because it's profitable to do so.
Even when not profitable, some outfits will continue to spam, because they can't imagine any other way of advertising. In a lot of outfits the "most sucessful salesman" is regarded by clients as "the most obnoxious salesman - we only bought something to make him go away"
-
Wednesday 9th January 2013 13:14 GMT Derichleau
It's simple to stop spam
Mailwasher Pro and regular expressions for overseas spam, Section 11 of the DPA to stop any and all marketing from a UK-based company. I section 11 my insurance companies so that they're not able to send me an automatic renewal as I never stay with the same company twice.
-
Wednesday 9th January 2013 13:51 GMT Wardy01
I love how some people think its sooo easy to stop spam ...
Give me your email addresses so I can test your theories :)
I have a neat app I wrote purely for testing my ability to block spam on some private domains.
It's not as obvious as you might think.
The most persistent of spammers for example would take to some of the following:
1. faking the from address
2. faking the from IP
3. randomly generating garbage in the subject / body
4. sending 1 pixel tracked images
5. spoofing legit business
6. faking / spoofing subdomains under legit domains
7. using adressing tricks that mean some emails not sent to you end up in your mailbox
To send an email requires little more than 1 line of code these days.
Servers filter email based on rules that you define which are typically based on something like ...
1. the from address
2. a keyword
3. a unique to address (such as the aformentioned "company+me@mydomain.com")
My app code can randomly generate a to address @somedomain that i specify with randomised content.
For example ...
I can put in gmail.com and get out a near unlimited number of email addresses.
If i then send some email content to each of these email addresses stating in the email header that it came from "notifications@facebook.com" how would your email client know it was from facebook?
I can style the body to look just like it came from facebook and need only include a facebook logo image to confirm you read the email.
I then know for sure what your email address is and that you read my email.
I should point out ...
I work for a company that sends about 1 million legit opt in only emails an hour, the app i'm talking about is to test our systems from this type of "attack".
the point being ...
Am i facebook? ... no
Can you tell it came from facebook? ... no
Can your email client tell? ... no
Who would likely get the blame for my spam email? ... not me
Is it spam? ... yes
Did I gain anything from it? ... yes - an email address I could sell
This is not an exhaustive example of tricks used but does highlight a common problem ...
The SMTP protocol (language used by mail servers) is flawed and has been since it begin.
There is no way round this unless the standard for the SMTP protocol is in some way changed so that emails can only originate from trusted non spamming servers that will definately honour an unsubscribe request.