« A Twist on the "Web Beacon" Scam | Main | This Should Be Illegal »

December 13, 2005

I'm going to bypass a highly charged rant on the "business opportunity" scams that litter not only spam-space, but Web-space, utility-pole-space, and everywhere else people sell information about how to start a business selling information about how to start a business selling information about....

One such spam arrived today that is, on the surface, fairly typical. Here's the text-only pitch (the HTML version is all images that I won't retrieve to avoid adding to the spammer's Web site hit count), all typos and grammos just as they arrived:

Dear Danny:

People, just like yourself, have made life-changing decisions who now enjoy exciting lives filled with the satisfaction that comes from personal success and achievement.

Iwould like to invite you to take a few moments to review the information available at [URL deleted].

If you have ever considered a career move that will allow you to join the top 5% earners in the country, than just take a few minutes to view the presentation. No strings attached. [URL deleted]

Thank you.

Nothing special. Seen it a gazillion times. No company name or other kind of brand identity to confuse me, and perhaps just enough mystery to induce me to visit the Web site (NOT!).

Because I view all spam suspects only in their source code form, I also saw that the spammer included what appears to be a little sales pitch as an HTML comment—code that doesn't display anything when viewed in an email program. Here is that gem (I've hidden the name):

[So-and-so] Media provides specialized services for its customers from it's double opt-in database of business opportunity seekers. Every person receiving mail from [So-and-so] Media has requested to receive this type of offer. You Danny Goodman may remove yourself from this database at anytime. All abuse complaints will be handled immediately. Thank you for your continued support and response.

Upon further research, I uncovered the likely sender of this message. The originating IP address of the message comes from a block that the Spam Prevention Early Warning System (SPEWS) has linked to a long-time spammer. The domain registration records of the domains in the message links are hidden from public view (through Domains By Proxy)—a huge red flag from a spammer trying to prevent more virulent antispammers from leaving burning bags of dog doodoo on his doorstep. Registration records for both the sender and spamvertiser domains were created on the same date (way back last week), leading me to believe spammer and spamvertiser are one in the same.

The disclaimer had been used in other spam back in October, but it can't be a real sales pitch, because neither Google nor Yahoo find a match for the media company being touted. I guess the disclaimer is included to serve as a smokescreen for anyone inquisitive enough to look at the message's source code. Or perhaps it tries to make the sender appear to be far more than what he really is.

I've seen plenty of "double opt-in" proclamations over the years, and every one of them has been false (Spam Wars explains all the terminology used by both sides of the war). Some of them have even been sent to addresses that could have only been harvested from my Web site. Therefore, while this disclaimer might look to be "official," it's a crock.