About six months ago, I noticed a significant uptick in spam email. But not just any spam, oh no. I found myself flooded with stock pump-n-dump spam, in incredible quantities.

What is pump-n-dump?

A pump-n-dump scam is where a scammer buys a large quantity of a cheap stock, then floods the world with hype to drive up the price of the stock. When it starts to rise, the scammer sells all his shares, the stock collapses, and the scam victims lose their investments.

Occasionally, the companies parasitized in this way can go out of business (small companies will sometimes use their own stock as collateral for loans, with the agreement that if the price of the stock drops below a certain point, the loans come due immediately).

And as I collected examples of this spam, I noticed something interesting: all the pump and dump scam spam originated from Salesforce, the $300 billion American tech giant.

So what does Salesforce have to do with penny stock scams, and why on earth would Salesforce be supporting pump-n-dump stock scammers? Hang on, let’s go down the rabbit hole.

---

When I say I’ve been getting stock scam spam in incredible quantities, I mean it. I’ve received 1,794 examples of stock pump-n-dump scam emails between March 17, when I first started collecting them, and October 30. That’s 1,794 scam emails in 227 days, or an average of about eight a day.

There are a lot of them. They come from multiple From addresses and claim to be from various “investment” companies, but they all have some characteristics in common:

• They all originate from IP addresses owned by Salesforce subsidiary Exact Target
• They all advertise URLs hosted by Salesforce subsidiary Exact Target
• While they come from different email addresses, they use similar graphics, language, and promote the same sets of stocks

How many different companies do they claim to come from? Lots. Every time I see an example of one of these spam emails, I build a rule in my mail reader app to route future examples to the Salesforce scam spam folder. Between March and October, here’s a list of the From addresses used in these scam emails:

Each From address will be used to send anywhere from three to twenty or so scam emails before it’s abandoned and the scammers move on to the next.

What does Salesforce make of all this?

On paper, Salesforce/ExactTarget’s spam policies seem good enough. In practice…

In practice, Spamcop has disabled reporting to Salesforce, because Salesforce (a) doesn’t pay any attention to abuse reports and (b) doesn’t follow spam best practices, specifically by not requiring double-opt-in and not honoring remove requests.

This isn’t a new problem, either. Spamcop stopped sending abuse reports to Salesforce/ExactTarget at least as far back as 2011, and maybe earlier.

Unsurprisingly, manual emails to Salesforce and ExactTarget abuse addresses do nothing.

---

So what’s all this about? What does Salesforce gain by assisting stock pump and dump scammers?

$$money$$

Pump and dump scams require broad reach. They are also extremely profitable when they work. So it’s worth spending money to make sure you can reach as many marks as possible; profit varies directly with the number of gullible dupes you can con into buying the hyped stock.

And Salesforce/ExactTarget isn’t cheap:

Note those prices are (a) billed annually up front and (b) are per organization. So even the cheapest plan is $4,800 out of pocket at the start, and the spammers are using multiple phony organizations in their spam.

This is, I’ll warrant, a nontrivial source of Salesforce revenue.

So Salesforce has a positive financial incentive to aid and abet these scammers, and thousands of folding, spendable reasons to disregard abuse reports.