Subscribe to AHBBO's Weekly Ezine!
© 2013 Elena Fawkner
"Automatic complaints are sent when a filter whose action isset to Kill after complaining is triggered. For each filter, youcan configure who the complaint should be sent to. ... Themessage body is also scanned for e-mail and website addresses. If any addresses are found, they're added to thelists mentioned above." Source: http://www.spamkiller.com/Features.html
SpamKiller is spam filtering software. Its purpose is toscan incoming email for spam and take appropriate actionin response to those messages that are identified as spam, such as automatic deletion. Another handy function is that the software allows the user to generate automatic and manual complaint emails which the user then sends to the webmaster of the offending domain as well as any number of other recipients such as spam-reporting "authorities" and the webhost and/or ISP of the person sending the offending mail.
Good idea, you say? Fair enough, you say? Well ... maybe.Note the quote above: "... The message body is also scanned for e-mail and website addresses ... [and] added to the lists mentioned above", i.e. the list of recipients of the complaint.
Now, imagine this. Let's say you're a paying advertiserin my ezine. Your ad contains your URL and email address. I spam mail my ezine or send it to someonewho forgets they subscribed and they think it's spam.
Imagine further that the recipient of my so-called spam uses SpamKiller software (or some similar program). The software scans the message header and extracts the relevant information about the person who sent the email (me). Fair enough. Assuming that it IS spam, of course.
But the capability of the software doesn't stop there. Asmentioned in the above quote, it also scans the message BODY, which contains your ad, and adds your URL and email address to the list of recipients of the complaint. The ever-diligent big-spam-hunter also makes sure that one or more spam-reporting "authorities" is copied on the complaint.
WeStopSpam.net*, diligent, professional organization that it is, immediately and automatically forwards the complaint to email@example.com and your webhost, an equallydiligent, professional organization shuts your site downfor three days for spamming.
You, of course, learn about all of this AFTER the event.
Think it can't happen to you? Think again. It happened to me. This week. Except I wasn't a paying advertiser in theoffending ezine. The publisher of the ezine reprinted oneof my articles. The article contained my resource box.The resource box contained my website URL. SpamKilleradded my URL to the list of recipients of the emailcomplaining of the "spam", copied WeStopSpam.net andWeStopSpam.net forwarded the email to with the result that my webhost, DumbHost*, shut down mysite for what was to be three days.
The actual downtime was two hours. By that time I had threatened to sue and they finally got around to actually READING the offending email and realizing that I, in fact, was just an innocent bystander.
There is so much that is wrong in this whole scenario thatit's hard to know where to begin.
THE PERSON WHO GENERATED THE COMPLAINT
Let's start with the individual who generated the complaint in the first place. This is the person using the SpamKillersoftware. His email to me (which was auto-generated bySpamKiller) contained the following subject line:
"UCE Complaint (So-and-So Newsletter*)"
The body started out:
"I have received the attached unsolicited e-mail from someone at your domain. [He had not.]
"I do not wish to receive such messages in the future, so please take the appropriate measures to ensure that this unsolicited e-mail is not repeated.
"--- This message was intercepted by SpamKiller (www.spamkiller.com) ---"
The full text of the intercepted message followed.
The header of the offending email clearly showed that thesender of the email was someone from so-and-so.com*.Unfortunately, the newsletter concerned contained virtuallynothing but my article interrupted by what I assume werepaid ads.
I'm sure that the paid advertisers in this particular ezinealso received a complaint and that WeStopSpam.net receiveda copy and automatically forwarded it to the advertiser'sISP and/or webhost who may or may not have shut themdown, at least temporarily. (Hopefully not all webhostsare of the calibre of DumbHost when it comes to this sort of thing.)
So, this individual, in his zealousness to rid the Internetof spam, blithely dragged the names and reputations of at least half a dozen perfectly innocent bystanders through the mud.
The moral of the story? If you use spam-filtering softwareand the complaint-generating function that comes with it,have the common decency and responsibility to stop and think about who you're adding to your hitlist. If you don't, and you get it wrong, don't be surprised to find a process-server on your doorstep.
SPAM FILTERING SOFTWARE
To give SpamKiller its due, it appears to be an excellentproduct. There's a free 30 day download available athttp://www.spamkiller.com . I downloaded it myself tosee what, if any, cautions are given to users about theneed to make sure that the recipient of the complaint is,in fact, responsible for the email concerned.
Well, there is such a caution but it took me a good 45minutes to find it. The software comes with an excellent,comprehensive built-in help facility. Tucked away at theend of the page on "Sending manual complaints" is thecaution:
"Note: SpamKiller does not check that the loadedaddresses are appropriate for the selected message. Don'tuse a ... complaint unless you are certain that its recipientsare responsible for the spam that you are complaining about."
I would respectfully suggest that this warning be displayedin a more prominent position, coupled with warnings aboutwhat can happen to those who use the software in anirresponsible manner so as to ensnare innocent parties.
Now, let's take a look at WeStopSpam.net's role in all of this. In my case, "all" they did was forward a complaintthey had received from our friend in the previous sectionto my webhost. Here's what they sent:
"From: firstname.lastname@example.org To: email@example.com X-Loop: one Subject: [WeStopSpam (http://www.ahbbo.com) id:17846286] So-and-So Newsletter Date: Sun, 25 Feb 2001 23:14:50 -0700 (MST) X-Mailer: Mozilla/4.0 (compatible; MSIE 5.5; Windows 98) via http://westopspam.net/ v1.3.1- WeStopSpam V1.3.1 - This message is brief for your comfort. ...Spamvertised website: http://www.ahbbo.com > http://www.ahbbo.com is 220.127.116.11; Tue, 27 Feb 2001 02:56:58 GMTOffending message: ..."
So, my website was reported for spamming because it was"spamvertised" - lovely butchering of the English language, Imust say. This appears to be a coined term for a website that is advertised by means of spam. This means that any paying advertiser in the ezine itself is treated as a spammer, merely because spam was used to send the ezine.
I checked out the website of the ezine concerned. It proclaimed that its 85,000 subscribers were all "opt-in" i.e. that the subscribers each took some positive step to have their email address added to the ezine's mailing list.
Any reputable advertiser is going to be concerned that therecipients of the ezine are opt-in, so this would have been ofcomfort to the advertisers concerned in this instance.
Mind you, when I sent an email to the address displayed at the publisher's site, it bounced. Maybe this person IS a spammer. I don't know. And that's the point. How are you supposed to know that if you're just the advertiser or article author?
But, as far as WeStopSpam.net is concerned, that doesn't matter. The mere fact that the advertiser's opportunity was advertised in the allegedly spam email is sufficient to make the advertiser a legitimate target. In my case, I didn't even advertise! The publisher of the ezine ran my article. How many of you out there make your articles freely available for reprint?
WeStopSpam.net would presumably have you restrict the reprint rights to your articles to only those publishers who you know for a FACT are sending to a 100% guaranteed opt-in list. How do you do that? Quite simply, you can't. To expect any such thing is just unreal and smacks of an appalling lack of understanding about how the online world works.
A reasonable compromise would be if reprint rights were granted to publishers who send their ezine to an opt-in list. I would have no objection to that. Of course, that wouldn't help you with WeStopSpam.org because their policy is to shoot first and ask questions later ... but wait, on second thought, they don't even ask questions later. They just shoot.
You don't get a "please explain" or anything else. You'reconvicted first and then it's up to you to prove that you'reinnocent. Of course, by then, the damage is done. ButWeStopSpam.org doesn't care. I'm sure they see it as just a casualty of war.
OK, now let's turn to the real bad guy in all of this. The webhost who shuts down a website on the grounds of nothing more thanthe say-so of an unverified spam complaint. In my case, it's DumbHost but I know there are many other webhosts and ISPs out there who are just as irresponsible.
Here's the email I received from DumbHost informing me my site had been shut down:
"To whom it may concern,
"We recieved [sic] the following spam complaint regarding ahbbo.com. Your domain will be temporarily disabled for 3 days. You can have your domain re-enabled at the end of this 3 day period by requesting so at firstname.lastname@example.org. If we continue to recieve [sic] complaints, action may be taken to disable your domain.
"Regards, Abuse Response Team"
The email that followed was the one from WeStopSpam.net.
Note that my site was shut down because "[w]e recieved [sic] the following spam complaint regarding ahbbo.com". Not because I had SPAMMED, mind you, but because DumbHost had received a spam COMPLAINT. The notification that mysite had been disabled was the FIRST communication from DumbHost on the matter.
An appropriate response would have been: "We've received a complaint of spamming against you. We take all complaints of spamming very seriously. Please let us have your response to this complaint so we may take appropriate action". But Iguess that would have been too much like due process forDumbHost to want to bother with.
Here's what followed:
From me to DumbHost:
"If you even bothered to read the "offending email" you willsee that it came from so-and-so.com, NOT ahbbo.com. The publisher of the email in question reprinted one of my articlesin his newsletter. That article contained a resource box whichcontained a link to my domain.
"If my site is shut down for ANY length of time as a result of this complaint, expect a lawsuit without further notice."
Their reply (from "Level II Customer Care Representative" - ha!):
"Was this bulk mail authorized by you? This is considered an offense of our terms of service no matter where it originates as long as the email is sent or authorized by you. The email advertises your website, that is why your domain has been disabled for 3 days.
Regards, Abuse Response Team"
"No! I've never heard of these people before. It is common practice for newsletter publishers to publish articles written by other people. The author's resource box is always included at the end of the article. If this person's newsletter went to someone who wasn't subscribed, then it's the newsletter publisher who should be reported for spamming, not the innocent author who is unfortunate enough to have their work reprinted.
"Did anyone even read the email concerned before shutting my site down? It's obvious what happened. If my site is not reinstated today, I will be issuing legal proceedings tomorrow.
"By the way, don't you think your question should have beenasked BEFORE shutting me down, not after?"
"Okay, I was asked to take a look at your account, I will forward this information to abuse and they should get back to you shortly...
"Best regards, Jordan M. Level II Customer Care"
(They apparently don't use full names at Level II CustomerCare. Can't imagine why.)
Finally, this one from the "Abuse Response Team" at DumbHost:
"In light of this new information, I have gone ahead and re-enabled your domain. Be advised that any mass emails such as this will be considered a violation of our terms of service. You may want to take steps to ensure that services such as this are not sending out this kind of advertisement for your site.
Regards, Abuse Response Team"
"They did not send an advertisement for my site. My articlesare publicly available for reprint, as are thousands of otherauthors'. It is usual practice for authors to give permissionfor reprinting provided the newsletter publisher publishes theauthor's resource box at the end of the article. It's a way ofgenerating traffic to the author's website.
"The author has no control over who uses the article in thisway. Is a paying advertiser in an ezine shut down if thepublisher of the ezine sends a spam email (assuming thatit was spam in the first place)? ... That policy makes no sense whatsoever."
Nothing. Zip. Nada. No apology, no nothing.
Nice going DumbHost. You must be proud.
PLAN OF ACTION
My experience was pretty trivial in the scheme of things. I was able to get my site restored in just a couple of hours. Consider the damage that could be done to your business if that didn't happen though. What would be the impact on YOUR bottom line if your site was shut down for 3 days? Or a week? Or for good?
So, what's the innocent party to do in a situation like this?Here's one plan of action:
1. SUE irresponsible complainer for defamation.2. SUE irresponsible spam police for defamation.3. FIRE webhost.4. SUE fired webhost for lost profits.
I for one am not generally in favor of government regulationwhen it comes to the Internet. This is one area, however,that I must say some form of governmental control shouldbe taken. Where else but online can you have a situation where it's commonplace for someone to take punitive action against an innocent bystander BEFORE giving them a fair hearing? Where else but online can ignorant and/or maliciousindividuals be allowed to cause such injury to someone else's livelihood without being called to account? Try that in the real world and you'll be answering a charge of vandalism,defamation and trespass to goods just to start.
It's high time someone took a balanced approach to the issue of spam and recognized that, although spam is an undeniable problem, so too are anti-spam zealots and plainmalicious types who think it's sport to trash some innocent person's business and reputation. They should be held toaccount for the damage they cause.
In addition, in recognition of this unfortunate fact of online life, a fact, I might add, of which webhosts are only too wellaware, webhosts should also be held accountable for shutting down livelihoods based only on the prosecution's case in chief. The defense is entitled to be heard and any conviction that results from a one-sided hearing is nothing short of an abject denial of due process. The legal profession can't get away with that. Why the hell should webhosts?
Elena Fawkner is editor of A Home-Based Business Online
© 1999-2017 AHBBO.com Publishing
All Rights Reserved.