Remove me!

Do those unsubscribe links actually work, or are they just another spammer scam? A reporter goes undercover in the world of fake Rolexes to find the answer.

Topics:

Casper Jones is the head of BlackMarketMoney.com, a spam operation that’s been pelting the Internet with junk e-mail for fake Rolex watches. I’m almost positive his name is a pseudonym. But does he know that Chris Smith is not my real name?

That’s how I introduced myself last month, when I sent Casper an e-mail asking to join his spamming crew. I fibbed to him that I was a full-time bulk e-mailer looking for a new sponsor. I said that one of my business associates had recommended his program. (For authenticity, I lightly sprinkled typos and grammatical errors throughout the message.)

I wanted to be one of Casper’s sales affiliates. In today’s world of spam, a sales affiliate sends out junk mail on behalf of a spam-site operator or “sponsor,” who assigns the affiliate a special tracking code to include in his e-mail ads. For every sale the affiliate’s spams generate, he is paid a commission by the site operator. Sponsors also provide “remove” lists, spamming software, and other support to help their affiliates successfully market the site.

Since September, Casper and his associates had been clogging my various e-mail accounts with ads for a watch shop called Royal-Replicas.com (formerly onlinereplicastore.com). I filed several complaints with the Chinese Internet service provider hosting the site, to no avail.

I suppose I could have just clicked the “unsubscribe” links in the dozen or so spams they sent me every day. But I didn’t trust these people one bit. I was sure that if I could get inside Casper’s operation, I would find hard evidence confirming what savvy Internet users instinctively know: Trying to unsubscribe from spam is a fool’s game.

Just look at the place. Royal-Replicas.com provides no physical mailing address in its junk e-mails or at the site. The domain’s registration record lists someone in Spain as the owner. The site is hosted on a server in China, but the order page cites prices in Indian rupees as well as U.S. dollars. The headers of the spams reveal that many have been sent via “zombied” home computers. Even the headers of Casper’s private e-mails are a fraud. (He routed all his messages to me through proxy computers in South Korea.)



You Might Also Like

The “About Us” page at Royal-Replicas.com doesn’t help much, either. It contains little more than a bizarre rationale for buying its $300 knockoffs rather than the real thing: “Many people purchase watches that cost thousands of dollars and render the wearer liable to get their hand chopped off while walking home from a posh cocktail party.”

Bulk e-mailers are required to honor list-removal requests under the U.S. CAN-SPAM law. But still it’s common knowledge that clicking an unsubscribe link or handing over your e-mail address on a junk e-mailer’s remove page is insane. The U.S. Computer Emergency Readiness Team (US-CERT) warns that unsubscribe links are “often just a method for collecting valid addresses that are then sent other spam.” The FTC has sent warning letters to at least 77 marketers for their failure to honor unsubscribe requests.

Sure, a few spammers might take your name off to avoid trouble. But to most, you’re merely confirming that they’ve found a live one. Next thing you know, they’ll have sold your e-mail address to other spammers as “validated” — or, in other words, ready for spamming.

At least, that’s what I thought until Casper brought me onboard. My undercover mission into the heart of fake-Rolex spam didn’t turn out exactly as I had expected.

I tried flattering Casper in my e-mails, gushing that he had astutely tapped into a timely and lucrative spamming niche. (You could probably find similar watches on the streets of Chinatown for $25, but hey, some people prefer the convenience of holiday shopping from home.) But Casper doesn’t let just anyone join BlackMarketMoney.com. After I sent my introductory e-mail as “Chris Smith” from a free webmail account I had created, he asked to know the name of the person who had referred me to the site.

I told him I had learned about the program from a buddy in the #bulkers Internet relay chat (IRC) channel who uses the online handle Ep0ch. In fact, I had stumbled upon the home page for the watch spammers’ affiliate program after studying some of their junk e-mails.

I noticed that the spams never actually advertised Royal-Replicas.com directly; instead, they enticed recipients to visit an intermediary domain on a Brazilian server that redirected traffic to the main Chinese site.

Last month, using a special look-up tool, I enumerated the domains stored on the Brazilian server. As I was studying the list, many of which use clever typos — 0megas.net, Roiex.com, Ltalian.net — one name jumped out: BlackMarketMoney.com. I surfed over to the site, which featured an image depicting bullet holes and wads of dollar bills. “It’s easy money,” proclaimed the graphic.

A sign at BlackMarketMoney.com said affiliates got paid up to 40 percent commissions for every order. In addition to pushing replica watches, the program would soon be adding “penis extenders,” a cellphone charger and an online pharmacy to its portfolio of sites.

After spotting the member log-in panel in the upper right corner of the page, I decided to contact BlackMarketMoney.com and ask about joining.

Casper replied to my message saying he’d never heard of the #bulkers IRC channel or my friend Ep0ch. (Damn, he was good. Neither exists.) Casper said I needed to provide the name of a “big mailer” who could vouch for me.

I produced a list of names and addresses, assuming he would quickly detect that they were all bogus and he would ignore me. A couple of days went by and I still hadn’t heard back. I’d pretty much abandoned hope of ever becoming a BlackMarketMoney.com affiliate.

That’s when I decided to visit the unsubscribe page at a Royal-Replicas.com satellite site, and typed in the address of my most obscure e-mail account. (The address is unpublished, I rarely use it, and it only gets about 10 spams per day — half for Royal-Replicas.com, and the rest for a generic Cialis site.)

My thinking was this. If the canary survived in the mine, I could cut spam to that account in half. If things went sour, I’d just jettison the e-mail address. (I decided not to unsubscribe any of my primary e-mail accounts — the ones that get hundreds of spams every day for everything from fake watches to Hydrocodone without a prescription.)

A few days later, an e-mail arrived from Casper. He said I’d make “a valuable addition to the team.” His message included information about how to log in to my account at BlackMarketMoney.com, and he gave me his AOL Instant Messenger (AIM) screen name in case I had any questions.

When I signed on to BlackMarketMoney.com for the first time, I saw a page where my sales stats would be displayed. A preferences section included a form where I could specify account numbers for my commission payments. There were also pages with suggested ad copy and graphics files, as well as an updated list of the various domains we affiliates were supposed to advertise in our spams.

But what really caught my eye was a note at the site that insisted all affiliate spams include an “unsubscribe link.” Two huge archives were also available for download, containing lists of “remove” addresses. The October list held around 202,000 e-mails, while the November list had over 282,000 addresses. Sales affiliates were instructed to scrub their mailing lists to remove these names.

To my amazement, a quick search revealed that my e-mail address had successfully made it onto the November remove list. But nearly 10 days had passed since I had asked to be unsubscribed, and the fake-Rolex spams were still rolling in. Obviously, my fellow affiliates couldn’t be bothered to clean their rolls of my e-mail address.

As I scanned the remove lists, I was startled at some of the other e-mails. Hundreds of people with dot-gov, dot-mil, and dot-edu addresses had asked for the Royal-Replicas.com spam to stop. (I’d always been told that spammers filter out these domains reflexively, because they generate way more complaints than sales.)

Other addresses jumped out at me. Lots of people from high-tech companies, including Intel, Hewlett-Packard and Microsoft, had tried to unsubscribe. Dozens of people using ACM.org and IEEE.org addresses (professional engineering and computer science organizations) were also on the remove lists.

These people were supposed to be geeks — why were they bothering to unsubscribe? Surely they knew the conventional wisdom: You don’t negotiate with terrorists, and you don’t unsubscribe from spam lists.

Scrolling through the addresses, I realized someone had tried to sabotage the Royal-Replicas.com remove lists. Nonexistent addresses — ending in netscape.gov and pooper.gov, for example — were mixed in with real ones. The lists also included many “celebrity” unsubscribe requests, including ones from arlen_specter@specter.senate.gov, barbara.bush@whitehouse.gov, condaliza.rice@whitehouse.gov, and conrad_burns@burns.senate.gov.

While I understood the rage that led someone to submit phony addresses, I was also a bit ticked off at the perpetrator. Wouldn’t all this junk on the remove lists make spamming affiliates reluctant to use them?

BlackMarketMoney.com also offered a smaller “domain” filter list. Affiliates were supposed to configure their list-processing software to remove all e-mail addresses that included special keywords or domains. Among the 825 filter words were obvious ones such as “abuse” and “admin,” but there were also some head-scratchers: “beavis,” “douche” and “orgy.”

The domain filter list also included sites of well-known anti-spammers, including spews.org, chickenboner.com, scconsult.com and barbieslapp.com. Other notable domains on the filter list were kuro5hin.org, salonmagazine.com and, inexplicably, womenbehindbars.com.

I decided to try contacting some of the people on the remove lists. I’d remind them that clicking spammers’ unsubscribe links has been known to install Trojan horse software on your computer. What’s more, you can’t even trust some mainstream companies. A recent study found that Amazon and other high-profile firms are sometimes embarrassingly lax in honoring remove requests.

What were these people thinking when they handed over their addresses to the fake-Rolex spammers?

A private investigator in Florida whose e-mail address was on the October remove list didn’t return my phone calls or e-mails. I got a similar lack of response from a professor of computer science at Rensselaer Polytechnic Institute. Then Bill Hartman phoned me in response to my e-mail to his ACM.org account.

“I’m not sure why I do it. I know you’re not supposed to,” said Hartman, chief technology officer for Finite Services, a California software firm.

Hartman reported that he receives around 50 spams per day. If the messages make unsubscribing convenient — by including remove links, for example — he attempts to get off the spammer’s list. But Hartman admitted the strategy hasn’t reduced his overall junk e-mail inflows. As proof, he forwarded several copies of spams advertising Royal-Replicas.com — including some sent in early December.

Richard Stuart, an engineer with Infineon Technologies based in Maryland, had seen similarly lackluster results from his efforts to unsubscribe from spammer lists.

“Sometimes they stop. Other times, I’m pretty sure they just sell my address to another spammer,” said Stuart, who has served on International Telecommunications Union committees drafting standards for modems and DSL equipment. Stuart said he nonetheless planned to stick with the unsubscribing tactic.

“I get so much spam, I can’t keep track of it all,” said Becky Poor, director of education for a church in Baton Rouge, La. She told me by phone, with some distress, that she received about 200 spams per day. Poor had simply been deleting them until a few months ago, when a co-worker showed her how to unsubscribe. For a while, she dutifully clicked remove links, among them one that was supposed to take her off the Royal-Replicas.com mailing list.

But Poor said she has since given up unsubscribing. The spam just keeps coming, including recent messages from the fake-Rolex spammers.

At that point, I was really no closer to understanding why nearly half a million people — many of whom should know better — had tempted fate. Perhaps the same gullibility that compels consumers to buy from junk e-mailers also makes them willing to suspend disbelief about spam remove lists. Or maybe it was simply an act of desperation. Nothing else seems to stop spam, why not try a radical approach?

These people would surely be disappointed by a recent decision from the U.S. Federal Trade Commission. Earlier this year, the FTC gathered advice from experts about whether to implement a national Do Not Spam registry, akin to the Do Not Call list that has worked to silence unwanted telemarketing calls. In June, the agency announced it was nixing the spam registry idea on the grounds that it would likely backfire and make problems worse.

“Spammers would use such a registry as a directory of valid e-mail addresses. It ultimately would become the National Do Spam List,” concluded the agency in a June press release.

I had expected to produce evidence corroborating this conclusion during my brief stint as an underperforming spam affiliate. But I am somewhat shocked to report that, on Dec. 2, I stopped receiving any Royal-Replicas.com spam at my unsubscribed e-mail address. The unthinkable had happened: I had asked a spammer to remove me, and it worked!

I know that my fellow BlackMarketMoney.com affiliates are still spamming away — my other e-mail accounts are still taking in over half a dozen fake-Rolex spams each per day. But the replica spam suddenly dried up at the removed address. (Now it’s just the damned “Cialis soft tabs” ads.)

So should everybody relax, and just click on every “remove me” link they see? I still don’t think so, even if these watch spammers gave me what I asked for. For one thing, I don’t know why my remove request got results, while those of Hartman, Stuart and Poor haven’t been honored. The fact is, rogue affiliates could neglect to scrub their lists. Or worse, they could take the BlackMarketMoney.com remove lists and turn them into a spam list. For all I know, this could just be the calm before a spam storm.

Then I remembered Casper Jones. Perhaps the leader of BlackMarketMoney.com had some worldly opinions to share on the issue. I approached him over AIM using my real name. Could he answer a journalist’s questions about remove lists?

Casper didn’t respond. A minute later, he signed off. I haven’t spotted him online since.

Brian McWilliams is a freelance business and technology reporter based in Durham, NH.

More Related Stories

Featured Slide Shows

  • Share on Twitter
  • Share on Facebook
  • 1 of 11
  • Close
  • Fullscreen
  • Thumbnails
    jkrebs04, DesignCrowd.com

    Cities without landmarks

    Slide 1

    Niagara Falls, U.S./Canada

    akvarog, DesignCrowd.com

    Cities without landmarks

    Slide 2

    Sydney Opera House, Sydney, Australia

    iMAGICations, DesignCrowd.com

    Cities without landmarks

    Slide 3

    Mount Rushmore, South Dakota, U.S.

    jhgraphicsusa, DesignCrowd.com

    Cities without landmarks

    Slide 4

    Eiffel Tower, Paris, France

    Robert R., DesignCrowd.com

    Cities without landmarks

    Slide 5

    Colosseum, Rome, Italy

    Anythingoes, DesignCrowd.com

    Cities without landmarks

    Slide 6

    Taj Mahal, Agra, India

    Sergio Coelho, DesignCrowd.com

    Cities without landmarks

    Slide 7

    Siena Cathedral, Siena, Italy

    Anythingoes, DesignCrowd.com

    Cities without landmarks

    Slide 8

    Christ the Redeemer, Rio de Janeiro, Brazil

    iMAGICations,DesignCrowd.com

    Cities without landmarks

    Slide 9

    Arc de Triomphe, Paris, France

    iMAGICations, DesignCrowd.com

    Cities without landmarks

    Slide 10

    Lost City of Petra, Jordan

  • Recent Slide Shows

Comments

0 Comments

Comment Preview

Your name will appear as username ( settings | log out )

You may use these HTML tags and attributes: <a href=""> <b> <em> <strong> <i> <blockquote>