November 23, 2024

When spammers try to go legitimate

I hate to sound like a broken record, complaining about professional mail distribution / spam-houses that are entirely unwilling to require their customers to follow a strict opt-in discipline. But I’m going to complain again and I’m going to name names.

Today, I got a spam touting a Citrix product (“Free virtualization training for you and your students!”). This message arrived in my mailbox with an unsubscribe link hosted by xmr3.com which bounced me back to a page at Citrix. The Citrix page then asks me for assorted personal information (name, email, country, employer). There was also a mailto link from xmr3 allowing me to opt-out.

At no time did I ever opt into any communication from Citrix. I’ve never done business with them. I don’t know anybody who works there. I could care less about their product.

What’s wrong here? A seemingly legitimate company is sending out spam to people who have never requested anything from them. They’re not employing any of the tactics that are normally employed by spammers to hide themselves. They’re not advertising drugs for sexual dysfunction or replicas of expensive watches. Maybe they got my email by surfing through faculty web pages. Maybe they got my email from some conference registration list. They’ve used a dubious third-party to distribute the spam who provides no method for indicating that their client is violating their terms of service (nor can their terms of service be found anywhere on their home page).

Based on this, it’s easy to advocate technical countermeasures (e.g., black-hole treatment for xmr3.com and citrix.com) or improvements to laws (the message appears to be superficially compliant with the CAN-SPAM act, but a detailed analysis would take more time than it’s worth). My hope is that we can maybe also apply some measure of shame. Citrix, as a company, should be embarrassed and ashamed to advertise itself this way. If it ever became culturally acceptable for companies to do this sort of thing, then the deluge of “legitimate” spam will be intolerable.

Comments

  1. It’s sad how much spam there is out there. I’ve tried all types of things to not give out my email address to hardly anyone and yet I still find tons of spam each day (I think today I had about 200 messages). It’s gotten to the point where I think it is almost best to just change email addresses every few months. I have a yahoo account that is getting over 2000 spam messages per week. Any attempts I’ve made to unsubscribe to those seems to bring me more.

    You really do have to wonder about when a company is spamming as to why – surely as you said they likely aren’t doing it on purpose – and it goes back to why it’s better to just market yourself to others using traditional means and then try to get them to opt-in – if you have a good enough product they will.

  2. Slanking kosthold says

    The main problem is just that, everyone else does it, so why shouldn’t they do it.. kind of a bad circle. Also, alot of the companies, even the really big ones are desperatly trying to survive these days, so of course they will try absolutely every trick in the book to do so. Do I think it’s ok? No, there are better ways.

  3. Same here … I receive tons of spam emails each and every day from legitimate companies I don’t even know !

    Sadly, we can’t do much against that ….

  4. Joseph Clrarck says

    I revive spam email every day,even from big companies that i never have subscribe or any service with them.

    • Russian girl says

      I have several email addresses and they are all full of spam(20-50 letters per day). Basically thre are letters from big companies I have never heard before. I heard that spam is expensive and profitable, that is why big companies do it.
      Best regards, girl from Russia, Elena

  5. Worse yet, they are addressed to other family members (but my email address), violating that person’s privacy by revealing to others that they have done business with each other. (We haven’t been sharing email accounts–they must be using directories and marketing services to blindly correlate on last name.)

  6. There is a set of the companies which in the various ways collect huge databases e-mail (ten millions). It can steal unfair system administrators from database servers which services of mail boxes render. Also there is a set of programs which scan sites and collect e-mail has made protection against robots. Then these companies sell these bases to other companies which accept orders for advertising dispatch through e-mail. But as these companies as a rule use the of a server for dispatch of advertising (spam), it always constant IP addresses. With it it is easy to struggle using for example a mail box from google – gmail. It is necessary to note some tens such letters as SPAM and in your box quickly stops to arrive not necessary mail.

  7. Spam isn’t likely to go away anytime soon. The internet is easily the largest advertising medium that has ever been or likely ever will be. It doesn’t matter what you are doing, you are going to get hit with advertising. And ever since there was that whole Facebook debacle, it looks like the advertising in Minority Report is probably going to be a reality in the next 15 to 20 years. (Facebook, as some may recall, was going to mine people’s private information and bombard them with tailored ads if they kept up their account with the service, and use account information for their own purposes anyway if they deleted themselves from Facebook. For those that didn’t see Minority Report, advertising stations in the film scan people’s eyes, and personalize an audio/visual ad to them wherever they went – although when I hear “You need a Guinness” … I tend to agree.)
    The premise works that if a company releases a huge flood of spam mails, most people will not be dumb enough to actually consider it, but a few people will – and that will lead to what amounts to revenue that it didn’t cost much to get. If you’re a low rent company…you’re going to stick with it. (Barnyard Fun is still probably making some money.)
    Heck, the premise behind most marketing that you have a product, and if you say the right things about it, whether or not it’s actually worth the money (which it isn’t always – though sometimes it is) and hopefully enough people will be gullible enough to buy it without knowing everything about it to begin with.
    At any rate, a company that sells a superior product wouldn’t have to do this kind of thing. A great product sells itself for the most part.

  8. It’s hard to determine, but are you really, really sure that it was Citrix that sent the mail?

    Many spammers can and will use the reputation of major companies to increase their chances of success.

    My 2 cents.

    -Michelle

  9. First I must say I like Citrix I’ve used their products in the past and worked with them on projects. But, I do sometime wonder where big companies get these list. i know they must buy them but man it’s sure a pain in the A** when you get something you simply couldn’t care less about and when you try opt out they have another surprise.

    Colm

  10. Hi all,

    Recently MYOB, that makes the accounting software package, has been fine for SPAMMING their customers:
    http://www.news.com.au/technology/story/0,28348,25979857-5014239,00.html

  11. Any chance you used GoToMeeting or GoToWebinar? They might have gotten your email sort of legitimately, even if you didn’t opt in for more emails.

  12. Jeff Tyrrill says

    This isn’t new. I’ve been receiving spam messages from major, household name companies for the last 8 to 10 years. I’m not going to name names in this blog comment, because I don’t have the time and energy to research them all just in case one of them is innocent after all, somehow. But it’s at least 20 companies or so, and many of them are far more well-known than the company named in this blog post.

    Worse yet, they are addressed to other family members (but my email address), violating that person’s privacy by revealing to others that they have done business with each other. (We haven’t been sharing email accounts–they must be using directories and marketing services to blindly correlate on last name.)

    This only started up right when the public consciousness started learning that supposedly, only scammers and illegitimate companies spam, because, supposedly, spamming is so hated, that even the densest companies would supposedly realize it was not in their interests.

    Unfortunately, big, supposedly legitimate companies frequently spam. And nobody is really aware of the problem, because these companies have gotten away with plausible deniability that they are practicing opt-in.

    Just to add: One company in particular had the gall to specify that if I unsubscribed from their marketing and advertising list, they would be “unable” to notify me of product safety recalls. Disgusting.