Smartypants.com » Network Abuse, News, Scam Warnings
 

Smartypants.com Inc.

Have a question or problem?
Use our Contact Form to send us your computer-related question and we may feature it as a tech tip!

HOW SAFE IS YOUR DATA?
Find out with a Data Loss Prevention Analysis.

 

Recommended Software
AVG Pro - Anti-virus
Mozilla Firefox - Web browser
RealVNC - Remote Admin Tool
VLC - Video Player

Smartypants.com Inc
515 Squires St
Fredericton, NB
Canada E3B 3V3

Phone:
(506) 455.3108

Contact Us

 

  
Photobox Spam – Welcome to the dark side - Thursday, September 15th, 2011

Photobox is a digital photo company based in the UK that just teamed up with a digital greeting card company. Coincidentally, what had been a single ‘Welcome to Photobox’ spam which I ignored, has turned into a nearly daily deluge of offers for a service based in Europe that I wouldn’t use even if I did live there.

Tried getting the attention of their Twit-bot on Twitter @Photobox (the avatar is a blonde with big hair – the humans behind it could be anything). After much back and forth (’just drop what you’re doing and call when it suits us’) it said that ‘Andy’ was anxious to sort this out and was waiting for my call today (Sept 15/2011).

I called. Didn’t get Andy, but got Kash who goes by just the one name: “Andy’s not in today.”

Thanks for nothing, blonde avatar lady. Are you clueless or did you flat out lie?

Kash did make the request I get from every spammer I’ve ever called: Give me your email address and we can fix it.

No.

You bought a bad list, or let people sign up others without their permission, and have clearly stepped into opt-out territory: That’s where the spammer keeps hammering you until you say stop, rather than requiring an okay from you before they even start.

I want to know how you got my personal email address in the first place – I’m guessing it was through what you call the ‘Refer a Friend’ page and what should be renamed ‘Annoy your friends and enemies’ page. And why you started battering away at me after more than a year of silence.

One email in March, 2010, then silence until July 5, 2011, when Photobox apparently changed policies and the near-daily barrage began.

I doubt it’s just me: this smells like policy. The kind that spammers adopt.

-g

- Smartypants.com

 

« Bill Kunkel – the Game Doctor – Dead at 61 | OpenTable Open For Spamming »

3 Comments

Graham Hobson on 2011-09-19 at 07:23 (Reply)
Hi

Sorry to hear of your problems. I am a co-founder and CTO (person responsible for technology) here at Photobox. I can't tell you right now where we got your email address from, but we can probably tell by looking at the account. Please contact me personally (my email is submitted with this post) and I will check out the details.

Just to confirm a few points: we don't buy lists and send them spam, we get emails either because people register with them or from refer-a-friend, but in the case of the latter they get sent a single one-time invite, and no further mailings. Also, the blond avatar is very real and called Jemima. She's one of the most hardworking and honest people I know.

Hopefully we can sort this out for you once I hear from you.
Smartypants.com on 2011-09-19 at 13:31 (Reply)
Graham -

Thanks for the note.

As noted in the blog, I received the PhotoBox junk mail in 2010 and assumed it was just another annoying spammer trolling for valid email addresses.

Did it come via your annoy-a-friend feature? Maybe. I don't know.

But your claim that there are 'no further mailings' if you don't get an opt-in reply to the trolling-for-new-members invite? That just doesn't wash. Something at your end set off the pricey flood to my mobile. The latest was Saturday, and given what I see of your history, I can expect to get nailed again several times in the coming week.

This isn't new territory for me. I've had similar discussions with dozens of companies that seem to think my inbox belongs to them. I've heard pretty much all of the excuses:

- It was a rogue agent/affialiate/employee
- Hacker X did it
- We might have suffered a software glitch
- You MUST have signed up for our junk dump
- We know you keep saying NO, but we know you really mean YES you wish to pay for our ads because their, well, so important

NO means NO.

It's a fairly simple concept that, in my humble opinion, over eager online marketers try to wishful think that into YES, then go into excuse mode when they're caught.

Some of the hardest working people I know are spammers. Intensity and integrity aren't necessarily bed mates.

She asked me to Follow her and she'd DM me. I did - and within 12 hours my Twitter feed was flooded with Twitter spam for Photobox. So I terminated that. She asked again, but damned if I'm going to fall for that trick a second time 'round.

She asked me to call. I did - and you've probably read some of the results of that effort.

Now she wants me to Follow her again - as if - and to call her right away.

I think the best bet may be to simply add up the incidents and send you a bill. If you want to pay to use my inbox, that's a different story.




-g
Smartypants.com on 2011-09-19 at 14:51 (Reply)
Since the last post, I've spoken on the phone with Jemima and with Graham. Both offered their apologies for this annoying experience, and while I gladly accepted, I'm convinced their system is still designed to allow for abuse.

I suspect Graham is right that I wasn't the target of 'annoy-a-friend' but someone appears to have actually registered using my email address. (I know it wasn't me because the address used would have been photobox@ one of our domains - that way we can see what happens to the address: if it's sold, traded, stolen.)

Graham says that means I'm in the opt-in list. But I didn't opt in. And there's a simple way to plug that security hole: Require that the registrant click a validation link in the registration notification email to ensure that it's not a bogus registration. Like the one that apparently started this conversation.

And because Photobox doesn't keep track of IP addresses for very long , according to Graham, there's no way to know for certain where the phony registration came from.

Thanks to some research and testing, we're ready to produce a guide giving step-by-step instructions on How To Use Photobox To Spam Your Friends or Enemies.

This weak registration control has been used in the past by overly eager marketing departments to try to masquerade junk mail as permission-based advertising.

It's a bit like dating someone who simply will not accept NO for an answer, and who assume that NO answer must mean YES.

We also didn't resolve the issue of cost: the time and data charges forced on us by Photobox.

Graham did say he would ensure that the updated database gets over to their third-party email marketing firm (where have I heard that term before?) without my email address in it.

But I'm not happy that I had to give him my personal email (given what's happened in the past) to help him wash his bulk email list. (It's called 'list-washing' and it's a common spammer tactic...not saying it's going on here, but it is a VERY common practice).

Graham noted I could have opted out. Then agreed that opt-outs are a common way for spammers to validate that they have a live one.

He also suggested that a legitimate-looking websites should indicate that it's safe to visit and unlikely a source of spam. Unfortunately, that train left the station at least five years ago.

-g

Post a Comment

 

   

Copyright © Smartypants.com Inc 2010

About Us | Hire Us | Tech Tips | Suggested Software | News | Web and Mail Hosting | Hosting | Home