Tag: spam

Updated: Botnet hits Android smartphones, sends spam from Yahoo accounts?

Jul. 10 Security Comments Off

botnet_on_smartphones_email_spamCompromised Yahoo accounts have been used to send out spam by a botnet recently. In this case it’s not a ‘regular ol’ botnet’ living on zombie computers, but one operating out of Android powered smartphones.

A blogger on the Microsoft blogs named tzink noted this recently, with a lot of commenters posting about the same happening to them. The originating countries can be traced back due to the IPs used: they were Chile, Indonesia, Lebanon, Oman, Philippines, Russia, Saudi Arabia, Thailand, Ukraine and Venezuela.

A quote:

All of these message are sent from Android devices.  We’ve all heard the rumors, but this is the first time I have seen it – a spammer has control of a botnet that lives on Android devices.  These devices login to the user’s Yahoo Mail account and send spam.

 

Apparently the developing world citizens are less strict about security on their smartphones. In this case tzink suspects that malicious software disguised as a free app is is part of the botnet.

However, one commenter thinks it’s just the malicious Android app itself signing up for new Yahoo accounts, and not using existing Yahoo email accounts:

With all of the samples I’ve seen, the Yahoo! email address follows the same format (FirstnameLastname followed be 2 numeric characters @yahoo.com). This would suggest it is simply a botnet which has circumvented the Yahoo! Android sign-up API to create new accounts rather than those being peoples actual email addresses.

 

Spam filters will have a tougher time distinguishing good email from bad email, if these email are being sent from/by normally legitimate Yahoo email accounts. They should be able to filter by content though, as tzink notes that the spam message content

Email spam volume has been dropping in recent times, but this jump into the smartphone arena by a botnet makes it clear that we’re not yet finished with the spam game.

Remember, there’s always a way to handle spam: don’t forget to read ‘Help, I’ve received spam from $company! What to do now?

Update 1: according to a post on The Verge, Google denies that Android smartphones have been compromised and a botnet is sending out the emails.

From the end of that article:

There’s still a definite possibility that this is indeed an Android botnet of some sort, and both researchers claim the evidence points that direction, but we’re far less certain than we were before, and a little less trusting, too.

The spam was supposedly sent using a spoofed mobile email signature, bypassing spam filters. Because of that mobile email signature, the messages are/were considered to be coming from Android smartphones, but that is now uncertain.

Related Posts:

Tags: , , ,

Ongage: improving micro-deliverability to maximize inbox placement

Jun. 26 Email Marketing Comments Off

Recently Ongage announced a new solution to maximize inbox placement using multiple ESPs. The overall reputation of an ESP can be very good (upwards of 95%) but certain domain reputation can be better with one, and other domain reputation better with the other.

Ongage now offers the option (called OngageConnect) to send through multiple ESPs, therefor maximizing inbox placement.

A quote from the solution page:

This technology provides marketers the ability to leverage the combined strengths of multiple ESPs, and offers them the freedom and flexibility to select the best matching and performing ESP, for each geographic region, recipient domain (aol.com, hotmail.co.uk, yahoo.fr, gmx.de, gmail.com, etc.), campaign and segment.

It sounds pretty cool, but Joshua Baer wrote on deliverability.com that he’s not too sure about the service. He’s all for innovation and improving list performance, but believes this should be about the sender’s reputation, not the ESP’s reputation. He’s also afraid of spammers abusing the service. TechCrunch wrote about it as well.

Here’s a screenshot of the ESP report in the interface of OngageConnect:

ongage_esp_report_micro_deliverability

The profit calculator shows the following:

email_marketing_roi_calculator_ongageconnect

The answer to the above profit percentage after using the service: “It depends.” When you already have a good list and are not a high-volume, many domains sender, this service would probably be overkill.

However, as I understand it, the service looks interesting to say the least and might be a nice innovation in the email marketing industry: let’s hope it will be a good tool for email marketers trying to maximize inbox placement. This, of course, after they made sure the message is actually relevant to the receiver…

Related Posts:

 

Tags: , ,

Email deliverability rates dropped in second half 2011, says Return Path

Mar. 21 Deliverability, Spam Comments Off

If you’re having some deliverability issues, you are probably not alone. Email deliverability rate has dropped in the second half of 2011 according to Return Path. Calling it inbox placement rate, the percentage of IPR has dropped from an average of 80% (one in five has gone missing) to an average of 76,5% globally. This means almost one in four emails that has been sent has not been reported as delivered.

One of the key reasons of the dropping deliverability rates has been the fact that ISPs are putting more weight behind reputation metrics and enforcing strict rules.

Here’s a chart with all the global regions and their respective deliverability rates:

It shows that inbox placement rates are highest in North America and Europe, Middle East and Africa while Asia Pacific and Central & Latin America sees the lowest inbox placement rates.

With general email spam dropping a lot lately (from 300 billion to 30 billion daily), it seems that crowded inboxes due to commercial/spam messages are becoming a thing of the past. Have ISPs and webmail providers like Gmail, Hotmail and Yahoo tightened their spam filters too much?

Have you seen a decline in your delivery rate? More people asking where the newsletter is you normally send? Or as an end user of for instance Gmail or Hotmail, have you noticed more messages ending up in the spam folder, even when they weren’t spam?

It seems too much of a coincidence (I don’t believe in coincidence, but in this case…) that Gmail has posted an article on their official blog detailing the reasons why messages have ended up in your spam folder.

Just over a month ago, Gmail has tightened their spam filters, with quite some messages not reaching the inbox anymore as a result, another post on Return Path’s blog tells.

Related Posts:

 

Tags: , , ,

DMARC launched: standardizes email authentication

Feb. 01 Deliverability 8 comments

The DMARC.org (Domain-based Message Authentication, Reporting and Conformance) website launched two days ago with an official press release stating that fifteen of the biggest email and technology providers have teamed up to combat the threat of deceptive email through standardization of email authentication. This includes the correct use of SPF records and DKIM.

A quote from the press release:

The DMARC specification addresses concerns that have traditionally hindered widespread deployment of an authenticated, trusted email ecosystem. Today, email receivers lack a reliable way to know the extent to which an email sender uses standards like SPF and DKIM for authenticating their messages. As a result, providers must rely on complex and imperfect measurements to separate legitimate unauthenticated messages sent by the domain owner from fraudulent phishing messages sent by a scammer.

Which companies are involved?

All of the big webmail providers are involved: AOL, Gmail, Hotmail, Yahoo! Mail (they together account for about 1,5 billion email addresses), financial institutions and service providers (Bank of America, Fidelity Investments, PayPal), social media properties (American Greetings, Facebook, LinkedIn) and email security solutions providers (Agari, Cloudmark, eCert, Return Path, Trusted Domain Project).

Read more

Tags: ,

New York Times email marketing oopsie, 8 million people emailed

Jan. 02 Email Marketing 11 comments

In the closing of 2011, the New York Times did a bit of an email marketing oopsie: a total of 8 million people were emailed instead of 300.

According to an article at The Next Web, an offer about subscription continuation was supposed to be sent to 300 people. Instead, the target group was a little bit bigger: 8 million.

At first the official Twitter account tweeted that it wasn’t from them:

 

 

Afterwards a reporter noted that it was from NYT and something went quite wrong:

 

In the end, to clear things up, New York Times sent out an apology mail stating the error and apologizing.

This just goes to show that absolute care and checks should be in place when putting together target groups for email campaigns.

Also, this might affect their inbox placement as quite some people will have marked that first erronous message as spam, meaning that the apology email arriving later was put in the spam folder as well.

Related Posts:

Tags: , ,