back to article Ever had to register to buy online - and been PELTED with SPAM?

Spam has been a fact of life, on a par with death and taxes, for many years now. To be blunt, spammers don’t particularly care about us. They don’t have any sense of reason or shame that we can appeal to, and they have no incentive to be accommodating. We’re not their customers. In fact they make their money from selling us, not …

COMMENTS

This topic is closed for new posts.

Page:

Silver badge
Meh

Re: Is unsubscribing really the worst possible thing to do?

When it comes to real spam, yes, it really is the worst possible thing to do, and you've given one of the most important reasons in your own post already.

Whenever you hit that unsubscribe link on a true spam post , you are sending the owner of that particular list a message telling him not just that your email adress is actually live ( which ups its' value, as there's quite a lot of dead crud in those email lists), but you are also telling him that it belongs to an idiot who actually interacts with what is obviously a spam email, making you a prime mark for those nice mails with dodgy links designed to integrate your PC in a botnet.

So by trying to unsubscribe from those mails you're upping the risk of getting deliberately targeted by malicious spam instead of the half-hearted shotgun approach by several orders of magnitude.

1
0

Re: Is unsubscribing really the worst possible thing to do?

I think he's aware of the conceptual principle that a signal is sent back to the spammer; what he's debating is whether or not spammers actually use that information in practice. What you're saying sounds like nothing more than the same assumptions he's questioning.

As others have said, most reputable companies are spamming people, but you know who they are, and they have to honour unsubscribe requests by law. The rest is probably in your spam folder already. So the article's worry about "should I click unsubscribe" is probably unfounded IMO unless you're still besieged by 90s-era Viagra spam because you don't have any kind of modern spam filter.

I think the point the article is missing (by focussing on these quasi-paranoid maybe-issues) is that we need a new generation of spam filters that can do things like show you emails from a company you're sort-of interested in, but at a rate that suits you rather than them. For some reason everyone has upped the ante and is sending stuff way more often now (judging by my inbox) but I don't want to unsubscribe from all of them because actually I do want occasional reminders about that stuff, but maybe only every month, or only 6 weeks before Christmas. And I'd quite like to filter emails from Lego so I only see the Star Wars ones. Things like that.

2
0

Re: Is unsubscribing really the worst possible thing to do?

"Personally, I put it down as being a myth."

It's not a myth, ask a mail sysadmin. You can buy lists of "unsubscribed" addresses.

Our advice is to only unsubscribe to a list that you have subscribed to. Never try unsubscribing to spam, you will probably be donating your address (maybe all your contacts) to an address harvester.

My personal no. 1 spam hate is bouncing spam to the (forged) "From:" or "Reply to:" address instead of rejecting it. This is the favoured behaviour of Symantec et al, who would go out of business without a sufficient supply of spam.

2
0
Anonymous Coward

It’s easy enough to use your DELETE key

The other problem with the argument that "It’s easy enough to use your DELETE key" is that I get spam sent to my mobile phone - it uses up my bandwidth allowance.

I've thought of creating a special account which is only used for online purchases which I can make sure my phone doesn't retrieve mail from - however, sometimes it is useful to know that a delivery is going to be made imminently.

0
0
Anonymous Coward

Odd.....

....but I guess this must be a US article. The only reason is that companies in the UK MUST allow the option to decline marketing mails / affiliate mails. It's those one or two tick boxes that you clearly are ignoring. I've signed up with dozens and dozens of UK sites and don't get hit with spam.

If they don't offer these options, then don't do business with them. If they can't follow these basic rules, forget trusting with your credit card details.

3
0
FAIL

Re: Odd.....

UK Companies MUST allow the option? Surely you're having a laugh? For one thing, not all companies do it and one quick look around would show you that and for another, who's going to punish them? Are you going to go around suing them like some sort of low-rent, IT Batman?

2
3

Re: Odd.....

I think this is a "grey area". I get lots of spam promoting established UK businesses which actually originates from outside the UK and is from "affiliate" marketers who may be acting outside the terms of their agreement. The overseas (often, US) spammer is probably working within local laws and the UK business hasn't been involved in the data processing.

Granted, this spam has mostly arisen to addresses that at one point or another have been given to US businesses or leaked on to the Internet in the very early days, but once they're out there, UK businesses are quite happy to turn a blind eye to their affiliates' behaviour.

1
0
Silver badge

Re: Odd.....

Too right. And of those that have the option, a good half IME just ignore it. I tick the "don't send me anything" options with religious fervour. I read the text carefully "Tick box a if you don't want our email promotions. Tick box b if you do want our partner's promotions" and select accordingly.

But the vermin still send the rubbish, and this includes major retailers. To be fair the unsubscribe requests are usually, but not always respected, but the thrust of the article still applies: Why do the pea-brains in marketing think for a single moment that anybody would want weekly or even monthly news and offers clagging up their inbox?

2
0

Re: Odd.....

Never seen one of those tick boxes.

0
0
Silver badge
Devil

"They don’t have any sense of reason or shame that we can appeal to, and they have no incentive to be accommodating. We’re not their customers. In fact they make their money from selling us, not selling to us, so they have an excellent motive not to help us."

Sounds exactly like that tax thing if you replace "selling" by "serving".

1
0

Security

One problem with these companies that collect registration information is that they are either the ones with the worst security OR they're liable to getting bought and your details transferred to more serious spammers.

I tried to get Specsavers to stop sending me physical mail (actually to someone I used to live with who was getting deluged with it) and returning the mail for two years made no difference. When I contacted their data people they actually had the hide to demand more personal details about me than they already had in order to verify who I was.

0
0

maybe people should start suing companies through the civil court to recoup the cost of processing their unwanted communications

2
1
Silver badge

@NomNomNom- Great idea

I'll process your unwanted communications, at £50 an hour; and I'll make the court applications for you, at £75 an hour. I'll also take you out for a fantastic meal every Friday lunchtime. Send me your e-mail address so we can get moving with this great idea.

4
0
Silver badge

@NonNomNom

For most people and companies the costs of dealing with spam would be classed as consequential losses. These are not normally admissable as part of small claims procedings, so you'd need to take them to full country court, where you've still got a good chance of the case being dismissed or lost, and then you'd be liable for the other side's legal costs.

And if you've already deleted the spam (and thus incurred costs) then where's your evidence? If you haven't deleted them, where's the processing cost? That could be a bit of a bind.

I've never heard of a claim for potential consequential losses, so you could make legal history if you win, and if you do then I'd like you to turn your attention to perpetual motion.

0
0

Suing and winning

Someone already sued and won:

http://www.theregister.co.uk/2006/01/06/spam_court_media_logistics/

0
0
Silver badge

Re: Suing and winning@JohnG

I concede your correction! But the settlement your link refers to wasn't a contested amount scrutinised by the court, as the article points out. If you can settle out of court (as in that case) you're OK, but had it gone to court and been contested, then the damages would probably have been nil or thereabouts, because the demonstrable losses would have been next to nothing.

There's some other issues, that the linked case was specifically about a company who hadn't any commercial relationship with the claimant. In context of this thread, we're mostly talking about spam from companies with whom you do have a relationship, and the ICO states (with my emphasis) "The Privacy and Electronic Communications Regulations 2003 cover the sending of email marketing. This legislation says that organisations must only send marketing emails to individuals if you have agreed to receive them, except where there is a clearly defined customer relationship"

Even where there is a case to answer, simply reading the article you've highlighted would give the companies whom you might sue the simple answer : Admit liability, but argue that the claimant has actually incurred no worthwhile losses.

0
0

Re: Suing and winning@JohnG

yea i was thinking along the lines of blatant blackmail. ie take the gamble that they'd settle out of court

0
0
Vic

Re: @NonNomNom

> These are not normally admissable as part of small claims procedings

Yes, they are.

A company failing to comply with PECR is unlawful, and I can (and have) invoiced for the clean-up associated with that failing. Wait a couple of weeks, and you can put that unpaid invoice through the Small Claims process.

I've done this. I have to be quite annoyed to go through that rigmarole, but so far it's been pretty effective...

Vic.

0
0

Cleft stick

The worst offender I know is spex4less. I have bought spectacles from them in the past, and may well do so again. Their prices, quality, and customer service are first-class. I've had them telephone me to confirm a prescription because it was so far different from the one I gave them the year before. Brilliant. But they do have the habit of trying to sell me another pair every day after I have bought one. They bombard with emails.

I want to continue to shop with a reliable, trustworthy, and cheap supplier. I don't want the drifts of emails that clog up my inbox. Telling them this does not change things.

This is what spam filters are for. I take them out of the blacklist when I place an order, and put them back after I have recieved it. They are clever enough not to send direct marketing while an order is open, so it works nicely.

1
0

I just have a few addresses, one for work, one for friends and family, one for buying stuff and one for registering on forums etc. Only really need to check 2 accounts then and I don't get to see spam unless I need to go hunt for an invoice or reset a forum password.

1
0

Same here...

I use exactly the same system. I get almost no spam on my professional or personal addresses and I check on the other ones once a week(ish) unless I've bought something. Forums are all set up to not contact me unless someone PMs me or if I've subscribed to a particular thread. My worst spam problems are mass reply-to-alls from friends, family or acquaintances.

2
0

I used to get lots of spam. I don't any more. I don't have a facebook account, I don't use twitter. I do post to newsgroups, and use forums, and I have my own website, and my email address is on every page. I don't have spam filtering enabled on my ISP mailbox, either. Maybe because I don't give my email address to any site that requests it - if a site wants an email address to view things, I won't bother. If a site is heavy in adverts, I close it. If I'm buying something, I read the 'if you don't want to not opt-out of receiving emails from us please don't tick the box' and tick what is hopefully the right choice - or I go somewhere else if the messages annoy me. My SpamAssassin folder shows about 20 spam messages identified in the last 30 days, plus I've deleted 2 by hand. I don't reckon that's too bad.

I'm not sure what I'm doing that makes things better these days, but since those painful days of dial-up when every other message was spam, email's significantly more spam-free.

0
0
Anonymous Coward

Political parties are worst offender

Communicating with your local councillor or MP via their website usually requires your details - including an email address - before the query is accepted.

In my experience the Labour Party is the worst offender. They send political spam for years after to that email address - even when you were pretty sure you had ticked the "do not use" box. It Even when direct complaints appear to stop it - the list gets resurrected a few years later. The spam itself appears to offer a route to unsubscribe - but just goes in circles.

Their worst offence was to take my general comment about a road calming measure and submit it - in severely edited form - to the County Council Highways Department's complaints page. Their submission forged my name, snailmail and email addresses. All apparently part of a vendetta between the local Labour Council and the Tory County Council.

The local Conservatives are also now sending me political spam by misusing my email address from an MP query.

0
0
Silver badge

Who the fuck ...

... is daft enough to purchase anything online in the first place? Can't you find it within 20 miles of where you live? If not, why the hell do you think you need it?[1]

Honestly ... this whole "I saw it on teh IntraWebTubes, so it must be true" culture is starting to make me think that HomoSap has stopped evolving. Gut feeling is we are a dead-end species.

Enjoy your PLEASEGooMyFaceYouMSTwits, kiddies ... Your great grandchildren (if you have any) are going to to revile your names.

[1] Folks restoring antique machinery being an obvious exception ... but then, they have clues. The PLEASEGooMyFaceYouMSTwits equally obviously do not.

1
24

Re: Who the fuck ...

"Who the fuck ...

... is daft enough to purchase anything online in the first place? Can't you find it within 20 miles of where you live? If not, why the hell do you think you need it?[1]"

Perhaps those who like to pay significantly less for things?

2
1
Silver badge
FAIL

What the fuck ...

er Jake,

what the hell are you talking about?

"GooMyFaceYouMSTwits,"

something about social networks? i dunno

buying online? well i dont want to pay more and I sure as hell dont want to get off my arse to do it , not to mention taking time off work to get to the shops - which only open during the day for the unemployed. ooh the irony

1
1
Silver badge
FAIL

Re: Who the fuck ...

... is daft enough to purchase anything online in the first place? Can't you find it within 20 miles of where you live? If not, why the hell do you think you need it?[1]

a) because it saves money

b) because it saves time

c) because it saves both

d) you can buy 40W CO2 laser tubes twenty miles from where you live? Good for you. And no, it's not an antique machine that needs restoring.

For the record, I'm not deluged with spam. Far from it. Most is coming in via the admin address for a mailing list I manage, apparently scraped before they obfuscated the addresses on their web pages. A large part of the remainder (amounting to a few messages a day) has been scraped from Usenet some time in the past. Some is addressed to $randomstring@mydomain, and maybe a single message a day is some vendor who ignores the 'no mail' checkbox. And I've had just a single case of a vendor leaking or selling the e-mail address I gave him.

2
1
Anonymous Coward

A big problem is the giant BCC'ed address book hack

A lot of companies do it this way… the one I work for was no exception. The "mailing list" exists as an entry in the secretary's email client address book. Often it is done this way because the people have never bothered to research alternatives.

Each "UNSUBSCRIBE" note they have to process manually. Likewise with bounces.

At my work place we recently retired an old router box running Untangle and put a Ubuntu server in its place. To this I set up Postfix and a tool called Mailman. Majordomo was the other consideration I had, but Mailman is quite user friendly.

You set one of these up as a moderated list with a select few people allowed to send without moderation. Voila, instant newsletter alias. Bonus points by allowing people to unsubscribe themselves and having the system automatically unsubscribe bouncing addresses.

When I explained this to them the question was asked: "Where were you 10 years ago?"

The next step is actually having the site add their subscription in when they contact us and ask to be added. There's a check-box that's ticked by the user to indicate one wishes to subscribe and at the moment this gets picked up in our ERP system (OpenERP) and creates a lead — the "Opt In" field is taken from the site. My next task will be to export this list and feed it to Mailman periodically.

The point being — doing it right so far has proven much easier than the dodgy hack that many still insist on. It saves gaffs like the one the Taliban made not too long back, saves time on manual searches through lists of addresses and even allows a degree of self-service for the customer.

1
0
FAIL

Re: A big problem is the giant BCC'ed address book hack

Sometimes it is not even BCC'ed!

I quite often get mails that are just a huge list of "TO" or "CC" addresses...

1
0
FAIL

Charities

You're so right about charities; I always say to friends "here's a tenner, you're welcome" - no way am I giving my email address to a charity; they used to be the worst offenders for unaddressed junk (dead-tree) mail.

But for real places that were one-offs, can you go into your account and change the email address? I know it takes time, but I do that occasionally - for those places that have no "close account completely" button. Actually, I change the email address first, then close the account - so that if they still want to email, they can't.

1
0

Re: Charities

I'm now reluctant to give to a charity I haven't given to before because of the problem of being plagued for years afterwards with dead-tree junk. This Christmas I made a donation to the Guardian's appeal (other appeals are available) to avoid this problem.

0
0
Silver badge

Re: Charities

"This Christmas I made a donation to the Guardian's appeal "

What, you mean you bought a copy?

7
1
Anonymous Coward

Re: Charities

The charity who keep ringing me to ask for donations are one I will no longer donate to - I gave them the money to caring for local people with life-limiting illnesses, not to annoy people during work hours.

2
0
Gold badge

An exception to the rule - with some help.

Actually, a year ago I did something completely different when I received again UCE from Oracle - I'd already tried unsubscribing so I decided to see what else I could do. I sent a note to whatever legal department I could find that I didn't appreciate being emailed for something I would never use, and was disappointed that an organisation such as Oracle would engage in this activity.

The result was, well, impressive. A lawyer in that department who seems to hate spam as much as I do took this email and went digging, and it emerged the company they were using for mailing lists was not updating its blacklist as directed by Oracle. Given the fairly panicky email I got from the provider to apologise I suspect they must have had their feet roasted.

I was kept in the loop throughout this process by the lawyer, so to me that was a plus for both their legal department and for their approach to marketing - let down by a 3rd party.

Naturally, this is a legit setup, I have no intention to do this with the BUY VIAGRA CHEAP rubbish, but sometimes it is worth just politely asking the question where you may get an answer. If you don't get an answer it's time ye olde blacklist - preferably server based.

It is worth noting that EU Data Protection laws don't just mandate asking for permission to use data for marketing (and must make that opt IN, not opt OUT), they also require companies to keep that data up to date and relevant. The child product emails in the Reg article are thus clear evidence of a company not living up to its obligations, and they can be reported and fined for this. From the client information management strategies I have seen, by far the most important omission is registering the DATE of the entry coming into the system and each element thereof.

However, what I miss in Data Protection rules is an obligation for companies to tell where they got your name from. This creates a problem - as soon as you have made the mistake of registering with a company that stated in a 6 point light grey font on a white background in a page footer that it would resell your data you're on a list that gets sold to all and sundry, and you're condemned to playing a game of whack-a-mole to identify the company that does the selling because only they have the ability to remove you..

2
0

Re: An exception to the rule - with some help.

I had the same experience with my credit union. It took them a few times, but they finally got to the bottom of the problem and fixed it. I dealt by email with not some flunky, but the VP.

0
0
Silver badge

Even worse are the "now give us feedback" nags

Yes I bought a small item for 1.49 delivered. No I cannot now bother to click through several screens logging back in and rating the seller's performance.

0
0
Silver badge
Unhappy

Re: Even worse are the "now give us feedback" nags

That's one bad thing about Amazon. I don't mind rating a seller but as far as I can tell you have to write some text in the text box before it'll accept the rating.

0
0

Not Quite Spam IP Blocks

Many of the not-quite-spam e-mails I've received over the years do appear, at first glance, to come from the folk they say they're from. However they're not. Even quite large companies are apt to use specialised e-mail companies for this, for example PurePromoter (http://www.pure360.com). These can be spotted, flagged in an artificial header and ultimately sent to the appropriate low-priority folder, cough, on the IP address block that they use via procmail (http://www.procmail.org). A typical rule would be:

:0 fW

* ^Received: from .*\[94\.236\.20\.1(2[89]|[345][0-9])\]

| formail -I "X-BIB: PurePromoter Ltd"

Sadly specifying these blocks do require that you grok your Regular Expressions. Some nice CIDR-type block specification seems to be beyond procmail.

You can also have a rule like this:

:0 fWDB

* emails:http:.*/unsubscribe.php\?

| formail -I "X-BIB: Pluto PHP unsubscribe"

As they're spotted too.

Then it's a case of a single rule on the new X-BIB header:

# Box all the BIB messages

:0

* ^X-BIB:

not-quite-spam

You can, like me, spend rather a lot of time on such shenanigans. My procmailrc is enormous, and beyond my simple comprehension. I think that it may be self-aware.

4
0
Silver badge

Paypal - grrrr

I made what was effectively a charitable donation; they used paypal. I ticked the box saying that I did not want to create a paypal account (I read their nightmareish T&Cs years ago). The next thing that I knew I received email from Paypal telling me how to update my account settings. I phoned them, they lied to me; gave me an email address to complain to that did not work.

They are an unscrupulous bunch of crooks who have no intention of operating in a truthful manner. I will now never have anything to do with any organisation that only accepts payment via that bunch of bandits.

5
0
Silver badge

Re: Spam filter rules.

"choosing Gmail for email is swapping spam for advertising".

Hmm. Is there advertising on my gmail page? Oh, yes all the way over there on the right, where I don't look because the actual email is all the way over there on the left. Get a wide screen, and keep the browser window maximised. Or read it on your shinyslab (of whatever flavour) where the IMAP transfer (yes, we all know about goggle's broken IMAP...) doesn't include ads.

1
0
Thumb Up

Spamgourmet

Others have mentioned throwaway addresses. I've happily used spamgourmet.com for years, and sometimes update the cutoff limit for an address, so it's not really a "throwaway" address: there's that flexibility. It's a bit geeky, but deliberately so to put off Joe Sixpack types: nothing to faze any Reg reader.

1
0
Mushroom

johnlewis.com

Don't do it. Got multiple spams per week from waitrose, some insurance place as well as jl. unsubscribe didn't work, all their emails now go straight to a black hole somewhere, will not use them again.

1
0

Re: johnlewis.com

Hmm.. that's the first complaint of John Lewis I've ever seen. Their customer service is generally reckoned to be well above average. Did you trying contacting their customer service?

(No I'm not associated with JL in any way, just curious as I know an awful lot of people who use them.)

4
1
Holmes

How to confirm that an unsubscribe mechanism works?

Answer: You can't, but the email providers (such as Gmail) could if they cared that much. In essence, they need to test the unsubscribe mechanisms with honeypot addresses and see whether or not they work or just result in more spam. In cases where they do work, the email should be annotated to that effect, and in cases where they don't work, the email provider should make extra efforts to put the spammers' out of business.

This should actually be part of comprehensive anti-spammer tools that the "sincerely anti-spammer" email services should provide. Imagine something like SpamCop, but on steroids. Rather than a meek shot at the spammer's ISP and webhost, there should be several iterations of increasingly refined analysis and targeting to break ALL of the spammers' infrastructure, pursue ALL of the spammers' accomplices, and help and protect ALL of the spammers' victims.

The spammers are in effect holding up signs saying "I'm a criminal and I will rob you." Doesn't it seem bizarre that their business models are still working so well?

0
0
Anonymous Coward

Re: How to confirm that an unsubscribe mechanism works?

The Bankers and Pension Fund managers in effect holding up signs saying "I'm a criminal and I will rob you." Doesn't it seem bizarre that their business models are still working so well? Not when you consider they have the balls of the Government in their hands. TFIFY.

Spammed from a 'reputable' company, forward it with covering complaint to the CEO (Google is your friend).

Make a note of CEO's name.

If the problem is fixed then all is hunky dory

else

Never buy any product from any business that employs that person (LinkedIn is your friend) and if asked, say why.

0
0

If there's no valid reason for the company to have my email address, they don't get it.

So, if they're not going to send me an email confirmation for a product, or shipping notes etc, they get fake@email.com as the address, or x@y.com both of which usually pass whatever sad excuse they've got for checking.

Otherwise, yes, use a throwaway.

0
0
Go

Unique emails

I do the unique email thing with a slight twist relative to what everyone else seems to be doing...

Instead of company@mydomain, i do whatever@company.mydomain by using a wildcard subdomain. This serves two purposes:

1, i can junk the address with dns which causes less load on my mailserver (and i can create mx records which point back at whoever is the source of the spam).

2, Some spammers will take a given list of domains and try random common names @ the domain, so you can still identify the troublesome domain.

While i primarily use the unique email address setup to identify companies which have sold me out to spammers, i have found that several are starting to be sneaky about this - if the email address contains their own company name they won't give it out, so companyname@yourdomain wont get sold to spammers but blah@yourdomain will.

3
0
Silver badge
Stop

Everyone I contact gets a unique address to use for me and if they abuse it I block it and they don't hear from me again. It takes zero effort to hand out new addresses and only a little effort to block them if they go bad. What annoys me is that I am always careful to tick 'No, don't send me marketing crap' but half of them do anyway. I doubt it's a bug in the entry form so most likely they just ignore the checkbox.

Thankfully my email system means I don't actually get spam (or only once for each contact) but the best solution I've found when it comes to online shopping is to only buy stuff from Amazon. It's the smaller, independent retailers who generate the spam so I stopped using them a long time ago.

1
0
jrd
Thumb Up

gmail works

I've had 1 email address for 10 years which I use for everything, and I do a lot of shopping online, I'm on mailing lists etc and I must say almost no spam gets past gmail's excellent filters. Those that do always seem to respond to unsubscribe requests, so I would recommend this extremely simple and low-overhead combination if you have spam problems.

1
0

My personal solution

My personal solution to this is to use my own domain with a "catch-all" e-mail address (anything before the @ sign goes to my user). I give every company with which I deal a slightly different version of my e-mail address (usually blatantly obvious, like reg_resp@mydomain.co.uk). From that point on, all it takes is careful use of procmail (it obviously helps that my ISP explicitly support uploading a .procmailrc file -- all halfway-decent ones do). If a company sells "my" e-mail address on, I can quickly spot e-mails not originating from the rightful sender; that one address variant simply gets devnulled, leaving all the others alone.

It's been working for over 14 years now and counting.

The worst offender was actually a private mailing list. Some Windows user managed to get infected with some malware which picked up on my e-mail address from a posting I made to the list, uploaded it to some list somewhere, and a deluge of spam ensued. After posting an e-mail to the list saying "SOMEONE ON THIS LIST HAS A VIRUS!", contacting the list moderators and changing my e-mail address, everything fixed itself.

0
1

Page:

This topic is closed for new posts.

Forums

Biting the hand that feeds IT © 1998–2018