28 Jun 2006 prozac   » (Journeyer)

Proposal For a Global UBE Opt-Out Database

Introduction

I manage a small IT department, and part of the work involves helping users deal with SPAM. Since we have hosted e-mail service that uses OpenWebMail, I basically just enable Blocklist Filtering and SpamNabber, which gets most, but not all, SPAM out of the user's way. But also, those avenues sometimes mark legitimate e-mail as SPAM.

So, to check for legitimate e-mail being directed as SPAM, I periodically manually review SPAM flagged e-mail. It is easy enough to see the legitimates among the SPAM in a list showing From and Subject. Occasionally I have to actually read the e-mail.

And I have an idea of a service that would submit e-mail addresses to a database of existing Opt-out services.

What started me out on this was the influx of many SPAMs referring to similar "targeted dating services." Odd, I thought, until I noticed that they were all from a related UBE-er, http://www.revenueuplink.com/. These UBE SCUM SPAM on other's behalf. In this case, several dating services.

Interestingly, following the obvious Opt-out link in the SPAM led to being removed from the third party's services and not the SCUM UBE's services. I had to do a little extra work through a small maze of links at http://media-uplink.com/ and http://cool-uplink.com/ before finding http://www.revenueuplink.com/.

Also, these Revenue Uplink scum are scum because they harvested the e-mail address they spammed.

Anyway, I finally got to the Opt-out link, and did so, and was driven to ads in an IFRAME along the way too! Most of these UBE SCUM actually do supply a Website form to submit and address to Opt-out.

For grins, that day I followed several more Opt-out processes. About half of them provide a small maze of re-directing passages all different too.

The Proposal For a Global UBE Opt-Out Database

I would like to offer a service that would compile a list of UBE-ers that support Opting-out. It would just be a list of those UBE-ers to whom I can submit an e-mail address to. It would have a database of the UBE-er and how to submit an e-mail address for removal.

For example, a person would go to http://www.optmeout.com/ (not a real Website) and then submit their e-mail address. The website would then use it's database of UBE-ers' with an Opt-out mechanism, and then submit the e-mail address to each and every one of those UBE-ers.

Boom. That's it.

This Almost Exists

I am looking around for something like this, but found nothing yet, only references to "How to Opt-out" instructions.

There is the FTC's "How To" (http://www.ftc.gov/bcp/conline/pubs/alerts/optoutalrt.htm) and there is a website that sort of look like it may be of help but is poorly designed at Center for Democracy and Technology (http://opt-out.cdt.org/).

And Spamhaus has a reference to Opt-out (http://www.spamhaus.org/mailinglists.html).

And there is a paper mailing "How To" from Privacy Rights Clearinghouse (http://www.privacyrights.org/fs/fs24a-OptOutAddresses.htm).

But I have not seen anything that would opt-out for me.

[the rest of this entry is just informational]

About SPAM

SPAM generally comes in two flavours, outright fraud and UCE. Fraudulent SPAM tries real hard to hide its source, uses misspelled words, stupid subjects, absurd e-mail addresses, sometimes has no body except for embedded images, etc. Fraudulent SPAM never has "remove" or "unsubscribe" references. Most of these are scams and sellers of fraudulent services and/or products, or just promote some obscure stock.

UBE is unusually not about fraudulent services or products. About half of UBE are by companies that just think sending UBE is okay. The rest are UBE services hired by companies to advertise on their behalf. These latter are basically defrauding their clients by pretending to send to Opt-in databases. Almost all of these UBEs have "remove" or "unsubscribe" references.

About From: Fields

I have noticed a few things about the From header. E-mail with a From field that has a name that is not reflected in the address is always suspicious, such as:

"Andres Hardin" <xicwngtzatl@boelter-yates.com>

As long as newsletters and Opt-in advertisers use a properly formatted From address, I can spot 99% of SPAM vs. legitimate e-mail from the From fields alone.

Here are some examples of properly formatted From fields:

DSL from Yahoo! <directmail@yahoo-inc.com>
Staples Rewards <staples@e.staples-deals.com>
"BizQuest Newsletter" <service-newsletter@bizquest.com>

But, then some fraudulent SPAM uses okay looking addresses, like:

"Daisy Haas" <DaisyHaas@mail.ru>

And then there are idiot e-mail hosting companies such as AOL, Comcast and Yahoo, that do not enforce proper address formats and allow simply text1234@aol.com. They could at least enforce an addr-spec address enclosed in angle brackets!

Latest blog entries     Older blog entries

New Advogato Features

New HTML Parser: The long-awaited libxml2 based HTML parser code is live. It needs further work but already handles most markup better than the original parser.

Keep up with the latest Advogato features by reading the Advogato status blog.

If you're a C programmer with some spare time, take a look at the mod_virgule project page and help us with one of the tasks on the ToDo list!