by David Romerstein on December 3, 2009
The Zeus botnet is making another attempt at stealing your personal information this week. Starting early in the morning on 1 December 2009, email messages began going out telling recipients that they need to register themselves in the CDC’s H1N1 program. Messages with subject lines like “Create your personal Vaccination Profile” and “Governmental registration program on the H1N1 vaccination” are enticing recipients to visit a webpage proudly displaying the Center for Disease Control logo, from which they can download their “H1N1 Vaccine Profile Archive”. The ‘archive’ is, in reality, the installer program for the Zeus bot, which will place a keylogger on your machine and try to steal your personal data.
Most anti-virus vendors have signature updates that will mark this installer as malware, so one way to protect yourself is to make sure that your A/V software is up to date. All of the fake CDC URLs we visited were detected as forgeries by the newest versions of Firefox, as well.
by Cloudmark on December 3, 2009
It seems like a simple and basic concept of email marketing. Get permission from the intended recipient before sending. Confirm permission. Maintain records of when, where, and how you got permission. Engage the recipient with your mailings to compel them to purchase your product/service. Nurture your relationship with your customers and grow them into a loyal evangelist.
Instead of following these basic tenets of email marketing, I am seeing marketers (clients of ESPs) engaging in practices which are questionable at best.
They rent or purchase lists of email addresses, obtain addresses through co-registration programs in which users did not expect their email addresses to be indiscriminately distributed, and acquire addresses from email appending vendors through fuzzy logic matching.
In any of the situations above, did the recipient give undeniable permission to you, the sender? Just because you acquire an email address does not mean you have the right to send to it.
ESPs, you are not off the hook. You need to require permission practices of your clients, or you need to reconsider your relationship with these clients. Is what the client is paying you enough to cover the cost of resolving deliverability issues and the damage to the reputation of your IP addresses and the reputation of your company?
- Having clients who do not know the provenance of the email addresses in their mailing lists should not be acceptable.
- “Inadvertently” mailing to a suppression list should not be acceptable.
- Having clients who also send through another ESP and do not remove invalids or respect unsubscribes should not be acceptable.
- Providing the excuse of “But, my client is a large and recognizable brand!” for a client’s bad practices should not be acceptable.
ESPs who require and enforce best permission practices should be applying peer and industry pressure within the ESP community to adopt these policies. Ultimately, ESPs need to take responsibility for their clients’ practices. If you are aware that your clients are engaging in questionable or bad practices, address those issues before contacting an ISP or anti-spam vendor to resolve the issue.
