main sleaze, as in spam from larger, established, 'legit' companies. I
am seeing a 20% increase in spam that doesn't trigger any of the zombie,
forged, gappy or dialup list rules. Neither are they triggering SARES
or SOUGHT rules.
Looks like with the global downturn, many companies are turning to
'free' email marketing services to not only cut down on costs of
marketing, but to more quickly get the message out. Many more third
party email marketing companies are allowing questionable mailing lists
and are opting to keep the money and client rather then enforce their
posted terms of service.
Traditional outbound marketing would require people to make cold calls,
postcards or mailers send via snail mail. To reach 10,000 people via
cold call would take 100 people 10 days (well, they would 'reach' 1% of
them).
Postcards, US third class could take three weeks and cost around $1.00 each.
Main sleaze: as in DKIM SIGNED, NOT FORGED, SPF RECORDS MATCH, some
with and some without knowledge and adherence to the US Federal CAN-SPAM
laws.
Traditional SA methods of looking for forged headers, zombies, and
dialup networks doesn't help much. Neither does Bayesian filtering
since most of this new main sleaze spam is targeting the customers
vertical market anyway. Hardly any 'zombie/forged/trojan' originated
email ever gets past. These are actually very easy to identify.
Some blacklists and reputation filters help, but this is reactive, after
the fact, and usually after the company in question has finished their
spam runs. These emails are not using any evasion tricks, and are
usually directly send to one contact at a time with full username/email
address.
(Even had one yesterday from a competitor in the anti-spam market:
spammed us trying to sell their anti-virus client software :-).
Yes, our marketing and sales people beat us up about using these above
methods in our marketing, and even uploaded a 'questionable' list of
email addresses to one of our listservers. The temptation is great to
(ab)use email in this fashion.
Maybe I am stuck in 1994 when (most) people respected the net. Maybe I
react badly when one of these main-sleaze emails makes it past our
filters, but the good news is that they help us identify third party
email marketing companies that aren't careful about their clients.
What are you seeing? more main-sleaze spam, directly targeting your
company/ vertical market or clients? or aren't you seeing much of this?
--
Michael Scheidell, CTO
Phone: 561-999-5000, x 1259
> *| *SECNAP Network Security Corporation
* Certified SNORT Integrator
* 2008-9 Hot Company Award Winner, World Executive Alliance
* Five-Star Partner Program 2009, VARBusiness
* Best Anti-Spam Product 2008, Network Products Guide
* King of Spam Filters, SC Magazine 2008
_________________________________________________________________________
This email has been scanned and certified safe by SpammerTrap(r).
For Information please see http://www.secnap.com/products/spammertrap/
_________________________________________________________________________
