I just got an email message from VMware which began as follows:
Thank you for your past interest in VMware. As part of our routine scheduled maintenance, we will be removing email addresses and associated subscription information from our marketing database for contacts who have not updated their profile and/or subscription preferences within the last 6 months.
If you would like to remain on our mailing list and wish to receive updates on news, specific solutions, offers and much more, then please update your current profile.
If you do not take any action by June 30th, we will permanently archive your record.
In a recent email message to me entitled “Fighting the Good Fight,” friend, author and politician Michael Burstein referred me to Kate Hutchinson’s blog entry about spamming by Sam Yoon. Michael is an avid reader of my blog and therefore knows that I’ve been in more than a few scraps of my own like Kate’s. What is most amusing about Michael’s referral is that I, too, have first-hand experience with Yoon’s spamming. Here’s the complaint I sent to Yoon on March 3, 2009:
As long-time readers of my blog know, I have been trying for a long time to help the environment and waste less of my own time by getting people to stop sending me junk mail.
My primary method for doing that is to use email to contact the person or organization sending the junk mail and ask them to stop.
Last year, after receiving several pieces of junk mail from Naomi Zygiel-Almozlino, a Realtor at Coldwell Banker in Newton Center, I contacted her by email and asked her to stop sending them.
I subsequently received a Rosh Hashanah greeting from Ms. Zygiel-Almozlino via email which began, “Dear Friends”. I responded to her as follows:
Naomi,
We don’t know each other (as far as I know). The only reason you have my email address is because I sent you email asking you to stop sending me postal junk mail. That was not license to add me to your bulk email list; on the contrary, common sense dictates that if I write and ask you to stop sending me junk mail, I probably don’t want you to send me spam either.
Please remove me from your email list.
She did not respond.
Last month, over six months later, I received another spam message from Ms. Zygiel-Almozlino advertising an event being sponsored by ORT America. Because there was a huge PDF file attached to the spam, the message was over 4MB.
Oddly, the same spam message was sent by Ms. Zygiel-Almozlino to my wife. My wife has no idea who this woman is, has had no previous interaction with her that she can recall, and has no idea how her email address ended up on Ms. Zygiel-Almozlino’s list.
I wrote to Ms. Zygiel-Almozlino and told her just what I thought of continuing to spam me after I asked her to stop, failure to acknowledge my previous request, subscription of my wife to her list without my wife’s consent, and sending 4MB spam messages. My message ended as follows:
In short, as far as I can tell, you are spamming both my wife and me without permission and ignoring requests to stop.
If this continues, then my next step is going to be to post about your unacceptable conduct publicly on my blog, which is read by many people in our community. Realtors build their careers on reputation; what do you think it will do to your reputation to be publicly outed as a spammer?
I’m sorry to get nasty, but it wouldn’t have been necessary if you had stopped sending me bulk email the first time I asked, or even if you had bothered to respond to my previous request, instead of simply ignoring it.
Again, Ms. Zygiel-Almozlino did not have the courtesy to even acknowledge my email. Since then, she has spammed me twice more.
I leave it to my readers to decide for themselves what this conduct says about Ms. Zygiel-Almozlino’s character and whether they would do business with someone who behaves this way. As for me, I certainly won’t.
Operation Smile started spamming me in 2004 after I donated to them on-line and gave them my email address so they could send me a receipt.
They have sent me spam on November 5, 2004; December 22, 2004; January 11, 2005; December 7, 2005; December 20, 2005; March 8, 2006; May 11, 2006; May 28, 2007; and November 4, 2008.
I have complained to them about the spam on November 7, 2004; January 9, 2005; December 8, 2005; May 28, 2007, and November 4, 2008. The one and only response I received was on January 11, 2005, when they apologized and claimed (falsely) that the spam would stop.
The American Institute Philanthropy gives Operation Smile a grade of rating of “D” (on an ABCDF scale). In contrast, Smile Train, another charity which does similar work, gets a “B-” grade.
Because of their poor grade and their penchant for spamming, I strongly discourage people from providing any support, financial or otherwise, to Operation Smile.
A phishing message in my spam folder caught my eye today, so I decided to take a closer look at it.
It claimed to be from CapitalOne. It had a legitimate sender address, a legitimate Subject line (“Please Call Us Regarding Recent Restrictions”), and convincing-looking content that was mostly lifted straight from a real CapitalOne email message. Most importantly, all of the links in the message were legitimate links pointing at capitalone.com URLs.
The only text in the message that was not boilerplate was this:
Please Call Us Regarding Recent Resctriction [sic]
This is not a promotional e-mail. Please call us immediately at (866) 496-5027 regarding recent activity on your Capital One Card. We’re available 24/7 to take your call.
Please disregard this e-mail if you’ve already call us since the date this e-mail was sent.
We appreciate your prompt attention to this matter.
Thank you
Capital One Card Fraud Prevention Security Department
Here’s what makes this phishing message different from others I’ve seen: the “hook” is the phone number, not the links in the email body.
Here’s what you hear, recited in a female computer-synthesized voice, when you call the number shown above:
Welcome to the the card activation center. Please remember that we will never ask for your personal information such as your social security number, passwords, card numbers, etc. via email. Please enter your card number followed by the pound key.
[doesn't matter what you enter here]
Please enter your personal identification number associated with this card followed by the pound key.
Please enter your four-digit expiration number [sic] (months year) followed by the pound key.
Please hold while your card is activated.
The card number, personal identification number or expiration date doesn’t match with our records.
[starts over]
Obviously, whoever set up this toll-free number is collecting card numbers, expiration dates and PINs, which they will then either sell or use to obtain cash advances from ATMs.
I wish there were somewhere I could report this scam to get the toll-free number taken down, but I honestly have no idea who would be interested in doing something about this and able to act quickly.
Some time ago, author Galen Gruman, an Executive Editor at InfoWorld, started a petition demanding that Microsoft continue to sell Windows XP past the time when they had originally intended to stop, on the grounds that many individuals and businesses saw no need to switch to Windows Vista and shouldn’t be forced to do so.
Thinking that this was a worthy cause, I signed Gruman’s petition, which demanded an email address. As is my custom, I gave a unique address, so that if I subsequently started receiving spam at that address, I would know whose fault it was. Of course, I made sure to indicate when signing the petition that I didn’t want to receive any bulk email as a result.
I’m sure you’ve figured out where this is going. Shortly after signing the petition, I started to receive spam sent to the email address I had used. I sent the following email to Gruman:
Mr. Gruman,
When I give my email address out to Web sites, I tag it so that I can figure out where spammers get my email address.
When I signed your Save XP petition, I gave the email address [elided]. I specified when signing the petition that I did not wish to receive email from InfoWorld or anyone else on matters unrelated to the petition. My recollection at the time I signed was that the petition page was quite clear on the fact that the email address I was specifying would be used only to verify that I had not signed before.
Imagine my dismay, then, at receiving the attached spam from InfoWorld this morning.
What should I make of this?
Jonathan Kamens
He responded (at least he responded!), “I’ve forwarded this to the folks who maintain the mailing list to make sure there’s not been an error in how the form handles optins and optouts. Thanks for bringing it to my attention.”
IDG, InfoWorld’s parent company, just spammed me this morning at the same address.
IDG and InfoWorld have made it clear that they are unreprentant spammers, and Gruman has made it clear that he doesn’t mind helping spammers to harvest email addresses. Shame on all of them.
I recently attempted to buy a couple pairs of jeans from Sears through their Web site, an attempt which failed spectacularly, as did my attempts to get Sears to fix it. Also, it turns out that not only does Sears spam people who order through their Web site, but they keep doing it after they’ve been asked to stop, and they intentionally format their spam to evade spam filters. Read on if you want all the details…
The Perkins School for the Blind used to be on the list of charitable organizations which my wife and I support. At some point I donated to them on-line through their Web site, providing my email address at that time so that they could send a receipt via email.
They subsequently used that address to spam me on May 30, 2007. I sent them a complaint in response about the spam on May 31, telling them that I gave them my email address so they could send me a receipt, not so that they could add me to bulk email lists, and that if they ever spammed me again I’d report them to the appropriate service providers and permanently remove them from the list of organizations which we support.
They did not respond to my complaint, and they spammed me again on June 14, so I sent them another complaint, informing them that I had, as promised, complained to their service providers and permanently removed them from our charitable giving list.
That message finally got a response on the same day which read in part as follows:
Please accept our sincerest apologies. While we are new to email messaging, we take spamming very seriously and in no way is it our intention to send unwanted emails to any of our constituents. Unfortunately, there was a communication breakdown and your request to be removed from our email list did not make it to the appropriate people. I assure you that you have been removed from our email list permanently. We are also working on a policy for the school to ensure that this does not happen again.
That’s fine as far as it goes, but unfortunately, they spammed me again today, January 31, 2008. Not only that, but they included the recipient list of the spam in the “To:” header of the email, thereby violating the privacy of the 986 Perkins supporters on the recipient list of that spam, and perhaps of even more people than that if they sent out multiple such messages.
Needless to say, I sent them a rather strongly worded complaint, indicating that I had reported the spam to their service providers and ending with this:
Please give me one good reason why I shouldn’t send email to the 985 other people whose addresses you exposed suggesting to them that they complain to you and to your service providers if they are as upset as I am about your spamming and your violation of their privacy (well, actually, there are only 979 other people for me to write to, since I’ve CC’d this message to your coworkers at Perkins who appeared on the distribution list).
Shame on you.
I got back an apology a few hours later from the individual at Perkins who had sent out the email, which read in part, “I realized that I made a huge error when I put everyone’s name in the `to’ field… there is noone to blame but myself and it shouldn’t reflect on the school.” Later in the day, another individual at Perkins actually called my house to apologize, but I wasn’t home to take the call and I frankly have no interest in speaking with them about this and have no intention of calling them back.
I don’t think they’re bad people. I don’t think they’re intentionally trying to send spam to people who don’t want to receive it. However, none of that changes the fact that people who can’t handle the mechanics of only sending bulk email to people who have asked to receive it, shouldn’t be sending bulk email, period.
At around 3:21pm US/Eastern on November 4, 2007, a zombie botnet began a dictionary spam attack against one of the domains I host.
zombie botnet — a group of PCs that have been broken into by a hacker and turned into “zombies,” i.e., PCs over which the hacker now has control, so that he can tell them to do things like send out spam on his behalf.
dictionary spam attack — an attempt to deliver spam to legitimate users at a particular domain by attempting to send email to many different addresses within the domain in the hope that some of them will be valid.
I knew this was happening because the log monitor I run on my mail server began reporting many “User unknown” mail delivery failures for this domain every minute.
![[Digg]](http://blog.kamens.us/wp-content/plugins/bookmarkify/digg.png)
![[Facebook]](http://blog.kamens.us/wp-content/plugins/bookmarkify/facebook.png)
![[Email]](http://blog.kamens.us/wp-content/plugins/bookmarkify/email.png)
