I’m A Spammer! Well, Not Quite…

Before I get into this post, I’d like to mention that I was interviewed for the first time about my finance site, which was pretty cool. I also wrote one of my rare guest posts for Sonia of Logallot titled 7 Certainties Of Blogging That Prevent Boredom. Check those out if you’ve got the stomach for it. 🙂

Last September I wrote a white paper and put it up on my business website for potential clients to download. I decided I wanted to capture email addresses so I could follow up on some of the people who downloaded it. That turned out to be one of the biggest mistakes of my life, and I’m still paying for it. And I should have known better.

Dean Studios (Des Moines, IA) Advert,  Early 1960s
Joe Wolf via Compfight

It worked pretty well initially, as more than 50 people downloaded it. Then suddenly I started to get a lot of returned email, only I hadn’t sent these emails out. It seemed that my business email address had been scrapped because of the script I used and was now sending spam email blasts out with my email address, though not from my IP; thank goodness!

Not only that, but these scammers have hacked into multiple people’s email accounts, though I haven’t been able to figure out which ones, because every email that comes back my way has a different person’s name on it, and every once in awhile when someone responds to it I can tell that they know the person by name.

I should have known better because this type of thing happened to me back in 2007 as well. At that time I created my newsletter page with a script so that people could give me their email address along with a message and also tell me which newsletter they wanted, as I was writing two at the time. Within months the same thing started happening, though not at the volume and length of time this one is. All I did then was remove the script and it stopped within a few weeks. This time around it’s been almost 8 months; help!

Actually, the official term is spoofing, and it seems there’s little I can do about it except hope it slows down at some point. One blessing is that, unlike years ago, my email address hasn’t been put on a blacklist. That’s because these days IP addresses are logged instead of email addresses, and none of them are coming from my IP.

Most of the time I delete the messages, but every once in awhile I download one and try to track down the IP address, though I know that’s fruitless. And I will download any emails where someone thinks they’re responding to their friend and tell them what’s going on, hoping that they’ll contact their friend and that they didn’t click on the link in the email.

What are the lessons to learn here? Check this out:

1. Find ways to verify any scripts you put on your websites. Maybe instead of just scraping your email address someone will figure out a way to get into your website or blog and hack it; it’s been done often.

2. Make sure that if you’ve got an email address on a site like AOL, Hotmail, Gmail, Yahoo, etc, that your password is strong. Don’t make it easy for scammers to find your stuff; use caps, numbers, symbols if allowed, and try to make your password at least more than 10 characters; I only have one that short.

3. If you ever receive an email from someone you know but there’s no signature file at the bottom of it, don’t open that bad boy. And if most emails you get from your friends don’t have signature files to begin with (shame on them), just look at the email and see if it resembles what you’d normally get from your friends. Some folks are just so trusting…

4. Make sure you have a good antivirus program running just in case you have a lapse of mental faith and decide to click on a link without thinking. Good software will prevent the virus or malware you just invited onto your computer from getting there.

So, feel sorry for me while taking precautions of your own; protect yourself, because there’s a lot of nefarious people out there.
 

31 thoughts on “I’m A Spammer! Well, Not Quite…”

  1. Mitch, at least you caught on before they ruined your online reputation. They could have used your name as a spammer.

    It is sad that people do not have anything else to do, but try to harm others by spreading trash around the net.

    I hope people are smart enough to recognize the signs of a spammer.

    Great story Mitch, I appreciate your candor for letting people know how easy it is for people to fraud your email.

    1. Thanks Michael. You know, back in the day they were using my name, but now they don’t have to. I’m with you, spammers seem to have no real soul do they?

  2. Mitch, great tips! I’ve been good with #3 and have no problmem labeling them spam. #4 too since I had nasty viruses before I had the good Norton installed. Worth every penny! #1 is one I have to check out, thanks Mitch. I don’t seem to get as much spoofing as I once did since I set up spam filter on emails. Thank goodness.

    1. Lisa, I wish this one would stop already. It didn’t last this long years ago and frankly I’m tired of this junk jamming up my daily mail as well because I get tons of rejects. Still, a big part of me knew better.

    1. Pitt, firewalls only work if these creeps are getting information from your computer. My script was on my website, and there was no firewall. I often wonder why hosting companies don’t have more firewalls set up; maybe it’s not something they can do.

  3. Today I got two emails one from wells fargo and another from efax that looked pretty convincing I have to say.

    They appeared to come from the correct domain.

    It’s crazy out there man.

    What makes it so bad is you’re not the only one with this information I had a bank send me a letter that my info was stolen from them. I’m like great.

    1. Darnell, that’s a different story. It’s one reason why using Mailwasher works so well because it shows all those links while mail is still on the server and you know easily whether it’s fake or not so you don’t even download them. Course, the email that shows up about accounts I don’t have are always easy. lol

  4. LOL nice title. But I can understand how frustrating it is when we get cursed for spam even if we are not responsible for it. Happened sometime ago with some of the automated emails on my server. As the server was down for some hours it was not able to run another check on what emails have been fired and thus it sent another copy of exactly same email and it was very frustrating for me.

    1. Irksome isn’t it Keral? I guess if we want a free internet we have to deal with those who use nefarious ways on it as well. Sometimes we can’t protect ourselves but none of us should make it too easy for these weasels.

  5. Hey Mitch

    That’s not nice that you’ve been spoofed for eight months! I hope it soon dies away and you can relax again.

    I’d not really thought about verifying scripts but you’re right it’s something I need to do before I add it to my blog. I guess googling the script name may be a start.

    I don’t really have email accounts on Yahoo etc and I don’t really use my gMail account but I’ll be sure to go and change my password now you’ve mentioned it!

    Any other email accounts have spam filters in place so I hope I don’t click on anything bad.

    Thanks for sharing Mitch and have a great weekend.

    1. Thanks Tim. My email addresses are protected well except for that one off my main business site. I mean I don’t get anything returning from any of my other online email addresses; I should have been more circumspect before using that particular script. I also hope it stops soon; tiring…

  6. Yeah it’s too bad there’s nothing to be done about spoofing. My work email receives hundred of bounces per month. Not only that, but the spammers just take the business domain name and start making up names like “

    fr**@bu**********.com











    ” and “

    ke***@bu**********.com











    The mail server gets hit over and over again with bounces back to these fake accounts. What can you do?

    I wouldn’t recommend that people use any “off the shelf” type of mails scripts to collect and send emails. If they’re serious about this sort of thing, they should use Mailchimp, Aweber, iContact or something similar. They’re already taking all the steps possible to keep your email safe and make sure you don’t inadvertently become a spammer yourself.

    I use Mailchimp myself. It’s free to use up to the first 2000 users so it’s a great place to start. Yes they get prickly about affiliate marketing, but I’m not doing that anyway so I’m cool with it.

    This way they can send the emails, and the ISP’s know they can trust them and the email is more likely to make it through spam filters.

    Finally, I don’t know if anyone noticed this, but the PayPal and ebay spoof emails are getting scarily good. I have to imaging it’s quite lucrative. If you did a lot of this stuff you might easily just click on it without thinking.

    What will they think of next?

    1. John, for the purposes I was using the script for none of those things you mentioned would have worked. I needed something along the lines of what folks use on their contact pages, only modified to give me minimal information. I should have researched it more but them’s the breaks.

      As to the other issue, I mentioned Mailwasher to someone else earlier. Trust me, the program works really well; you can do a search on this blog for an article I wrote on it if you don’t remember it.

      1. Hey Mitch, it sounds like all of those services would have worked great for what you needed. That’s exactly what they do: allow you to choose the info you wanted to collect, supply you with the form code (just like a contact page) and allow you to plunk it onto your site. You could even set up options to send follow-up emails automatically, etc. Plus they can update dynamically if you login and change the options (meaning you don’t have to re-insert the code).

        Meanwhile the services take the risk of actually sending the emails, and you don’t have to worry about your web host thinking you are a spammer, or even having a script residing on your site being commandeered by spammers.

        Also, I checked out Mailwasher. That merely spares you from downloading the spam to your machine, it doesn’t help you prevent the spoofing (really nothing can) or keep the bounces from those spoofs from hitting your mailserver in the first place.

        That said, that’s pretty much what most people will need. If the program ran on a Mac I would recommend it to some friends I know.

        I really could have used it myself, I was getting so much spam I ended up filtering my email through Gmail to stop it – it worked like a charm, too, but that method might be too much for some folks…

      2. John, I knew Mailwasher didn’t take care of spoofing; I thought you were talking about being able to check email before downloading it. And if those services have forms then I might have to look into one because that wasn’t available years ago when I first wanted to use scripts.

      3. Ok yeah I think I misunderstood what you were talking about and wrote a whole mess ‘o unnecessary stuff lol.

        But definitely take a look at Mailchimp at least. The features have evolved a lot in the last few years and you can try it out for free

  7. I’ve had some issues with my email newsletter as well, actually my hosting service allows me to send 800 mails a day (which is usually enough) but once, I have made some changes in my notification system and because of this error it sent thousands of mails. So my hosting service shut down my page because of spam. (actually they sent me a warning mail which I didn’t get)

    1. Goodness, I’m trying to figure out who you are, Edit, Helene or Laura. lol Anyway, it can be horrid when that happens but I assume you’ve gotten your email back by now.

  8. I acted like a spammer as well, but it was a couple of years ago. I had some issues with my newsletter set-up on my blog, and the robot has sent thousands of emails one day. And the hosting service provider shut down my site, because of the huge amount of emails. (It was written in the contract, that only 800 mails are allowed a day) They sent me a warning but I haven’t got it. So it was a trouble to get things done, since then, I always check out my settings.

    1. That’s too bad Peter. You know, those types of inadvertent things can happen here and there and software is to blame for most of it. At least you could feel good knowing you didn’t do anything intentionally bad.

  9. It always makes me upset to check all the mails in my spam folder, but unfortunately there are always some important messages as well. I just haven’t found the perfect spam filter or something went wrong with my settings, and I’m afraid I may be marked as spam as well because I cannot send any mails to a couple of my contacts. What should I do?

    1. I’m not sure I understand your issue Ursula. If you only send a few emails here and there you won’t be labeled a spammer unless you’re sending marketing email to people who don’t want it. And having a signature file, which I mentioned in the post, is a smart thing because spammers don’t use signature files.

  10. Paypal and Moneybookers (Skrill) recently thanked me as I reported more than 100 spoof emails to them. It might be the script, Mitch but I personally doubt that. More likely somebody have scraped WhoIs database for Alexa top 100k websites. Being cautious is absolute necessity when opening emails that doesn’t look right.

    About getting flagged by spam filters, this might not be exactly the case. Your website is hosted on same IP with another 67 websites and if any of these website owners abuse the system, the whole lot of websites that send emails will be blacklisted by spam filters.

    1. Carl, in my case it had to be the script because nothing happened until I’d been running the script; I don’t believe in coincidences without a reason. And trust me, the business site isn’t anywhere close to the top 100K lol.

      1. Well, that’s pretty bad. I have seen results from malware scripts for few times in my career, bad part is those are difficult to detect, one recent example was a script that actually can be detected by only one anti-virus software, but nobody check web files with that kind of software, I’ve detected it accidentally by backing up website and running exactly this software on folder, but seemed that Google Labs at that time, didn’t show any detection either, but penalized the websites!

  11. Good tips, Mitch. A few years ago I used a web form for e-mail on my woodworking web site rather than posting an e-mail address. That got scraped and I was getting all manner of ugly messages from irate people. I still can’t do business with anyone who uses AT&T for e-mail because they have my domain blocked. Sigh.

  12. Hey Mitch,

    Spams are one of the most irritating thing that you can see in the online industry. And being labeled as a spammer generally ruins not only your site but most importantly, your reputation. Whether we like it or not, there are just some people out there who cares nothing but to bring you and your site down by manipulating your site through hacking and making you look like a spammer. If that happens, it the end of everything so I guess it’s important to secure your site by making it more complex in terms of log-in information. Also, it’s good to be cautious but not freaking in a sense.

    1. Farrell, the lucky thing is that none of the emails are coming from my IP. The unlucky thing is that it could potential ruin part of my business since all anyone would have to do is visit the website listed in the email address, follow it to my blog, and start saying bad stuff because of it. I’ll have to figure it out one of these days.

  13. Well, that’s pretty bad. I have seen results from malware scripts for few times in my career, bad part is those are difficult to detect, one recent example was a script that actually can be detected by only one anti-virus software, but nobody check web files with that kind of software, I’ve detected it accidentally by backing up website and running exactly this software on folder, but seemed that Google Labs at that time, didn’t show any detection either, but penalized the websites!

Comments are closed.