Daily Archives: February 24, 2016

Email Spam Re-revisited: How “mainstream” email marketers promote spam

Posted on by
Reply

Email spam–defined here as “unwanted, unsolicited commercial email”–is big business, with spam emails producing millions of dollars in revenue for the larger spam kingpins. There’s a huge cost to this spam, though. Google has released a PDF on the economics of spam, that talks about how much cost spam emails externalize onto others. Spam filtering, for example, costs about $6 billion a year, and without it, email would be largely unusuable.

Spammers often try to justify their spamming by claiming that email advertising is necessary to keep Web content free. It’s true that advertising is a necessary component of the Web–I wouldn’t be able to pay for all my Web sites without it. But as the Google report says, spamming is not the same as this kind of advertising:

How does spam differ from legitimate advertising? If I enjoy watching network television, using a social networking site or checking stock quotes online, I know I will be subjected to advertisements, many of which may be irrelevant or even annoying to me. Google, Yahoo!, Microsoft, Facebook, and others provide valuable consumer services, such as social networking, news and email, supported entirely by advertising revenue. While people may resent advertising, most consumers accept that advertising is a price they pay for access to valuable content and services. By contrast, unsolicited commercial email imposes a negative externality on consumers without any market-mediated benefit, and without the opportunity to opt out.

The vast majority of spam operations are run by a handful of spammers, the so-called “ROKSO spammers,” extremely prolific email spammers (some of whom are affiliated with organized crime, like Leo “Badcow” Kuvayev, a person involved in spam, malware, fake pharmaceuticals, and child porn and now in prison) who are part of the Register of Known Spam Operations.

There are also a lot of affiliate marketing companies–companies who pay affiliates to promote products. Some of these companies also run email marketing. All of them claim to be opposed to spam. But many are perfectly willing to allow spam, even spam by big-time ROKSO spammers, because of simple economics: it makes money.

I’ve blogged about one of these ROKSO spammers and his connection with “mainstream” affiliate and email marketing companies before. I monitor spam from this person, largely because I get a vast quantity of it to various email addresses. And when I say vast, I mean it–as in 839 examples of spam email in the last 20 days alone.

This particular spammer has a pretty simple modus operandi. He signs up for affiliate codes with “mainstream” email marketers and affiliate sales companies and spams, spams, spams. He tends to go for certain kinds of affiliate accounts: fake diabetes “cures,” quack “heart attack prevention” nostrums, right-wing conspiracy books, weight-loss fad diets, woodworking plans, and “get paid to do surveys” scams are his forté.

He’s worked with a wide range of affiliate companies before: Clickbank, Flex Marketing, and Clickbooth most often.

His spam activities slowed for a while, but recently have redoubled. And this new salvo of spam activities features two affiliate companies in particular: Clickbank and Cake Marketing. To a lesser extent, he’s still Spamvertising through AD1/Flex Marketing, but not as much.

He’s not foolish enough to spam Clickbank or Cake Marketing links directly. Instead, he spam links that are just 301 redirectors to Clickbank or Cake URLs, or open the URLs in a frame, to provide enough distance to shield Clickbank and Cake from direct association and provide a level of plausible deniability.

A few things have changed since I first write about this particular spam system, but the overall shape remains the same. The spammer, Mike Boehm, sends out millions of spam emails containing links to throwaway domain names. These domains used to be redirectors located at Namecheap; nowadays, they’re protected by Cloudflare, a name well known to spam fighters.

These domains are simply redirectors–that is, when you click on one of the links, you just get sent somewhere else. With these new spam runs, you end up either at a traffic redirection site owned by Cake Marketing, or at a domain that opens a Clickbank link in a frame. The new spam affiliate system is a bit different from the old one, and looks like this:

More than 90% of the spam emails–and like I said, there are a lot of them–go through Cake Marketing or Clickbank.

I’ve sent repeated complaints to the Cake Marketing and Clickbank email addresses, and received no reply. The spam affiliate accounts remain active. I expected this from Cake Marketing; to my knowledge, they never acknowledge spam complaints. I’m disappointed in Clickbank. They have terminated this spammer multiple times in the past, but appear disinclined to do so now.

Thereis an interesting postscript to this story: Clickbank has apparently established a reputation in the time since my last blog post on this subject as a spam haven. When I attempted to post this entry on LiveJournal, the following error message popped up: