| ♦ REFRESH to rotate MAAMAW'S CLICKY NOTES thru this space..... Timely Tips, Best of the Boards & More ♦ |
Be sure to visit the Current Message Board when you're finished here. We're very friendly, so don't be shy... just jump right in and post your question. Scams outnumber legitimate biz ops about a bzillion to one, so it's well worth your time. |
| | View Thread | Return to Index | Read Prev Msg | Read Next Msg | |
|---|
FIB - Scams 101 - Ye Olde Archives
Posted By: The Roadie <wcarton@flash.net> In Response To: Mel: Thanks, I agree and understand that, but... (Jennie)
Saturday, 29 January 2005, at 8:19 a.m.
> I do understand and agree with what you say. My concern is understanding
> the weight of this "abuse@domain" issue even if a legit co. has
> several obvious ways of assisting their customers. This is very critical
> to me because we take the utmost care to ensure that all of our
> names/addresses are opt-in, we respond to permissions and are accessible
> at every touch point. We just don't have the "abuse@domain.com"
> set up. Granted, anything that goes to an unknown domain address is
> handled by my folks, I'm still concerned about this ( I don't want our
> company to be blacklisted because we lack a simple email address).
Thanks for the kind words and the important question. I have a few in return, then I'll address the "abuse" issue.
1) Are you running a closed-loop confirmation on all subscription requests (sometimes called double opt-in)? If not, you aren't conforming to current best practices for mailing list management. If you have any kind of web form subscription form, you need to ensure that the OWNER of an address is the one signing it up, and only a closed-loop confirmation will prove that.
It's critical to read and understand all the elements of this essay:
http://www.mail-abuse.com/an_listmgntgdlines.html
2) You need to retain all confirmation emails and logs for the lifetime of the list you're collecting them for, to protect yourself against spam reports sent to your upstream provider. ONLY those logs are a effective defense against the inevitable spam complaint. Even well-run lists will get some small percentage of folks who forgot they subscribed AND CONFIRMED. And it's the only way to handle the inevitable churn of addresses, where somebody subscribes, abandons the address later, and a new person picks it up who didn't subscribe. THEY can report your emails as spam, and you need to drag out the proof to protect yourself. Of course, when the address was abandoned, your emails would have been rejected for a while, and you ARE handling rejections as unsubscribe request, aren't you?
For more reading on what can get reported as spam:
http://www.mail-abuse.com/an_reptspamgdlines.html
An unconfirmed subscription form can (and will eventually) be used as a harassment engine, since some spammers have made scripts that use such forms to submit their enemies' addresses to. When you get hundreds or thousands of fresh newsletters as a result of a lame harassment trick like that, you really start to appreciate the ones (now a vast majority) who require confirmations. If you ignore the confirmation request, you do NOT end up falsely subscribed to the list.
And the list manager doesn't end up being blacklisted by the Non-Confirmed Mail List Blocklist: http://www.mail-abuse.com/nominats_nml.html
3) The Internet works with no central authoritity through the use of cooperation, and conformance to international agreements. These agreements are called "RFC"s, which stands for "Requests for Comment" which really refers to the documents that are circulated among interested parties. When the comments are ended by some mutual agreement, the document becomes a "standard" but for historical reasons is still called an RFC.
The one that specifically and strongly recommends an "abuse" address is RFC 2142:
http://www.rfc-ignorant.org/rfcs/rfc2142.php
It's the same document that requires the existence of a "postmaster" address.
If a provider (domain name) fails to have an abuse address, it is eligible for listing on the RFC-Ignorant blacklist:
http://www.rfc-ignorant.org/policy.php
Many network admins refuse to carry email from such listed domains, as it's evidence that the domain owners are not aware or or not caring enough to conform to RFCs that apply to ALL entities on the Internet.
Many providers have found that posting an abuse address only gets it harvested, and spammed into the stone age - so they try to put out an alternate address, like "spam" or "reportabuse" @ their domain name. This is deprecated by many network admins, but happens.
Many automated spam-reporting tools like SpamCop use an abuse address lookup service offered by http://www.abuse.net/
This is designed for domains where they have an alternate preferred address, or some some reason they want multiple addresses to get copied on spam reports. Or sometimes the entity being reported is a known spammer themselves, or rogue provider, and it's not worth reporting spam to that bad site, so the abuse.net database will suggest sending the spam report straight to the bad site's upstream provider.
So the bottom line is that the current expectations of all domains is that they have an abuse address set up (even if it internally just forwards to the proper staff), and that EVERY domain has one, even domains that are just used for outbound email and only appear in the headers of the email. For instance, your domain might be widgets.com, but your newsletter is sent out by mail.widgets-mail.com. There should be addresses for abuse@widgets.com *AND* abuse@widgets-mail.com, since many spam reporting tools just look through the headers of the mail to find and complain to the source.
And the main web page for widgets.com should have a link to your no-spam policy, and perhaps an easy link to the abuse address.
What's widely deprecated and mocked is providers who offer up only a web form for reporting abuse, and no abuse address. If the spam violation is committed by email, then reports must be accepted by email. Web forms are seen as a form of hoop-jumping, designed by rogue providers to reduce the numbers of spams that get reported, so their lazy admins can continue their work-avoidance strategy.
Hope this helps - let me know if you want any more data from my side of the table. :-)
Bill
| | View Thread | Return to Index | Read Prev Msg | Read Next Msg | |
|---|
FIB - Scams 101 - Ye Olde Archives is maintained with WebBBS 3.11.
|
| PLEASE READ THIS LEGAL NOTICE CAREFULLY BEFORE YOU FILE A LAWSUIT OR EVEN WASTE TIME THINKING ABOUT IT. It has been done before, but never successfully. In fact, the last dodobird who tried it ended up being ordered to pay more than $77,000 in attorney fees ($65,000+ to my attorneys and $12,000+ to my co-defendant's legal advisor).
If your attorney is worth his salt, he's going to tell you that the expense of filing a lawsuit you can't win is a whole lot worse than any "damages" resulting from messages posted on this insignificant little chunk of cyberspace. NEWS FLASH: I didn't just climb down off that ol' turnip truck yesterday. I'm well aware that expressing a negative opinion, relating one's personal experience, and restating provable facts are all legal in this country and do not constitute libel, slander, or defamation -- so you don't want to play games with me, and you sure don't want to start something you aren't prepared to finish. I don't take threats lightly, and I don't accept bribes (or did you call it a "mutually-beneficial arrangement"?). I'll turn you in faster than you can yell, "ARREST ME, I'M SCUM!!" Do yourself a favor and turn your legal team loose in greener pastures. Although we may, from time to time, monitor or review discussions, postings and the like on the Friends In Business (Scams 101) Message Board, we are under no obligation to do so. We are not responsible or liable for any claim arising from the content of any such discussions or postings or for any error, defamation, libel, slander, omission, falsehood, obscenity, pornography, profanity, danger, or inaccuracy contained in any information contained within such locations on the Site. You are prohibited from posting or transmitting any unlawful, threatening, libelous, defamatory, obscene, scandalous, inflammatory, pornographic, or profane materials or any material that could constitute or encourage conduct that would be considered a criminal offense, give rise to civil liability, or otherwise violate any law. You are likewise prohibited from posting any false claims against any company or individual. We will fully cooperate with any law enforcement authorities or court order requesting or directing us to disclose the identity of anyone posting any such information or materials. By posting messages and/or content on the Friends In Business (Scams 101) Message Board, you give permission for Lesley Fountain/Friends In Business/Shoestring Success Publications to display, distribute and use the posting and content for publication, advertising, promotion, excerption or example. You grant Lesley Fountain/Friends In Business/Shoestring Success Publications complete, perpetual, but non-exclusive rights to use, archive, reproduce, adapt, modify, distribute, sub-license, repurpose, rework, compile, or offer for sale or resale the messages, postings or content appearing on this site in whole or in part, throughout the world and universe, on a royalty-free basis without remuneration. If you cannot accept or agree with the terms of service for this website and discussion board, you are advised not to post on this board. In closing, I would like to remind you once again that it is still legal, in this great country of ours, to express a PERSONAL OPINION, as long as it is presented as opinion and not as fact. And finally, all you scammers out there will do well to remember that TRUTH IS AN ABSOLUTE DEFENSE against charges of libel, defamation, and slander... so if you're operating just a hop, skip, and jump ahead of the law, you might want to think twice before doing anything stupid... (AND SHAME ON YOU!!). |