Posts Tagged ‘spam’

An F for Fred Flare

Monday, 3 October 2011

Fred Flare, Inc, has received the not-so-coveted rating of F from the Better Business Bureau.

Readers may recall my entry of 12 August on how Flare had allowed some of the information that I'd provided to them to be used by spammers. (I had creäted an e.mail address exactly for business with Fred Flare and provided it uniquely to them.) Not long after I'd posted that entry, I contacted the BBB; Flare should have been responding to the issue of a hacked customer dB with a sense of urgency, but there was no evidence of such a sense.

On 6 September, a representative from Flare commented to the 'blog, and also sent e.mail:

Please forgive our late response to customer complaint #8703538 from Daniel Kian M cKiernan.
We are investigating whether our email service provider iContact might have been hacked.
We haven't found any evidence confirming this as of yet but are being extra thorough.
Rest assured, no credit card information has been compromised. We DO NOT save cc details for that very reason.
I will update you as I learn more. Thank you for your patience.

Now, as I implied in reply to the 'blog comment, the theory in that comment casting suspicion on UPS is a poor one. There's no particularly good reason for the spammer to spoof the name of their source (indeed, there is good reason for them not to do this), other spam from this breach spoofs other senders, and UPS (along with FedEx and DHL) has for many years routinely been spoofed by spammers.

The second theory (that in the e.mail) has some plausibility, but was, at that point, just a theory.

The promise (in the 'blog comment) of More soon! went simply unfulfilled. Meanwhile, spam continued to be sent to the address, at least one piece using my full name.

When the BBB dead-line for communication from Flare was imminent, they sent no more than a copy of that original 'blog comment and of that theorizing e.mail. The BBB, following SOP, asked me if this resolved my complaint, and I explained why it didn't.

What that communication did was reset the clock. But this time it just ticked-down to zero with no further communication from Flare, and the BBB regards such silence as unacceptable; hence the F

I don't know how the NYC BBB handles attempts at a ratings change; the San Diego BBB has been known to allow merchants to revive cases after many months (and known then to completely discard the rating if the customer does not respond). (If Fred Flare does not act on this case, it will eventually be considered sufficiently ancient as not to be used in rating.)

For my part, I guess that my next step is to file a complaint with the FTC. I don't know that a lot will come of that, though.

I'm really saddened by this whole course of events. There is no question that Fred Flare offers some cool and whimsical stuff that is difficult or impossible to get elsewhere; I think that they should be rewarded for that much even setting aside whatever desire I might have for any of that stuff, and ceteris paribus I would want such an enterprise to prosper.

But it's imperative, in these days where information once loosed flows so freely, to take responsibility for the databases that we keep of information on other people (including the addressbooks of our e.mail handlers). Mistakes will happen, but we need to own any mistakes that we make, and to off-set their effects.

I had hoped that I'd get a reply within hours after I'd first contacted Flare. I should have been quickly told (as I was eventually told) that no credit-card information had been released. And Flare still needs to do something for those victims who, unlike me, provided addresses that are not easily discarded.

Warning Flare

Friday, 12 August 2011

When I'm required to provide a working e.mail address for a relationship with an institution, I usually creäte a new address, specific to my account with that institution. The address itself is typically that of a forwarder, and that forwarder is almost always to an address whose sole purpose is to receive the e.mails from these various forwarders.

One benefit of this arrangement is that, if I want to disconnect from that institution, I can delete the forwarder. But my real concern has been control of spam. If I receive spam, then from the address of the forwarder I can determine which institution provided my address to the spammers; and I can cut-off the spammers by deleting the forwarder.

This morning, I received three pieces of spam, each with the title UPS notification, each ostensibly from UPS, and each with a body

Dear customer.


The parcel was sent your home address.
And it will arrive within 3 business day.

More information and the tracking number are attached in document below.

Thank you.

Copyright © 1994-2011 United Parcel Service of America, Inc. All rights reserved.
(Anti-spam software on the mail-server removed any attachment.) Many of you will have got e.mail similar or identical to this; it's a trick that has been employed now for years.

But what is of particular interest is that each of these three messages came to the address that I'd provided exactly and only to Fred Flare .com. So Fred Flare has allowed some or all of my account information to be leaked to some party who tried then to hijack my computer.

Upon discovering the first two, I quickly tried to contact Fred Flare. My first attempt failed because their own filters prevent the delivery of attachments, and I'd attached copies of the spam. My second attempt therefore omitted these, which potentially compounds the problem for Flare.

In my case, I can just delete the forwarder once I'm done communicating with Fred Flare, but other, more trusting people provided their principal e.mail addresses. It would be no small task for Fred Flare to make it right for those people, but it is the responsibility of Fred Flare to do so.

Batten your hatches! Sandbag the whole town!

Saturday, 3 May 2008

28bytes alerts his readers to the fact that 3 May 2008 is the 30th anniversary of the first piece of spam e.mail.

Although — because spam e.mail can cross national borders — there is a limit to what the Federal government might practically and legitimately do about spam e.mail, the Federal government doesn't do what it could. In fact, Federal legislation actively subverted the efforts of some state legislatures to battle spam.

My suggestion is this: On 3 May of every year, send one piece of email, objecting in your own words (however brief) to poor Federal action against spam, to each of the following:

(If one of your Senators is hiding his or her e.mail address, then send e.mail to curator@sec.senate.gov. I don't have a fall-back address for Representatives.)

Encourage each of your acquaintances, friends, and family members who are unhappy about spam e.mail to do the same, and to likewise encourage those whom they know.

This year, there will be very few people sending such objections, but next year there could be substantially more, and the numbers could continue to grow each year.

[Edit (2013:07/17): As part of an SEO programme to get sites to link to Politics.Answers.com, Stuart Hultgren, of Answers.com, contacted me to let me know of a dead link and of a good replacement.]

Another 'Bot-'Blog

Tuesday, 26 February 2008

A 'bot has again commented to one of my entries, linking back to its 'blog; this time at mediadistricts.com. The style of the entries at that 'blog show some trivial improvements over the style that I described earlier. Now the form is

[source-'blog name] wrote an [variable adjective] blog post today on [entry title]
Here’s a [variable adjective-noun]
[random quotation]
[variable text] [variable linked text]
The previous 'blog was registered by over proxy. This time, there appears to be an unproxied registrant:
Roseanna M. Hallman
12328 HOLLYHOCK CT
WOODBRIDGE VA 22192-2001
(703) 490-2260
who apparently has about 86 domains.

'Bot-'Blogs

Monday, 25 February 2008

By virtue of a 'bot commenting to a prior entry, I discovered a 'bot-maintained set of advertising sites at weblog4all.info, each guised as a 'blog. The 'bot-or-'bots (I suspect that there is just one) find(s) entries in 'blogs or in 'blog-like pages, and then creätes an entry in one of its own 'blogs (eg iraq.weblog4all.info) of form

[source-'blog name] wrote an interesting post today on [entry title]
Here’s a quick excerpt
[random quotation]
For more information, click here
Each page of the 'bot-'blogs also has many links to videos, which are hosted on an advertising-supported site or sites.