Archive for the 'spam' Category

Spam – NEVER Unsubscribe! NEVER Reply!

We bloggers want to put an email address out there on our blogs for people to contact us with. The spammers have “data mining” software, which grabs those email addresses off the internet and loads them into their spam email programs. So how can you protect yourself from this deluge of unwanted email?

Never Unsubscribe – Never Reply

I got an email this morning from a friend of mine, who mentioned receiving a spam email from Romania. This one was actually personally addressed to their email address, which often tricks people into thinking they had actually subscribed to receive these emails.

The bottom line is, spammers send these emails out in the hope that people will unsubscribe – or reply to the email asking them not to email again. Can you figure the logic in people who reply to scammers and spammers saying “Don’t email me again, ever.” – You never asked them to email you and asking them not to email you makes no sense at all. Like they’re going to do anything you ask them to do!!!

Once they have confirmed there is a real human being reading emails at that email address, they can sell it on to other spammers and make big money out of it. So set yourself a policy of never reply, never unsubscribe.

Is It Possible To Not Get Spam Emails?

Yes it is. You just have to keep your email address completely private. As in, you don’t give it to anyone, anywhere. Of course, that defeats the purpose of having an email address! You want people to be able to get in touch with you – you just don’t want spammers and scammers getting in touch.

What Can I Do?

There is a mail service known as Trust My Mail. I found out about this service a couple of years ago when scam victims were asking me – how can I make sure scammers can’t email me?

How Does It Work?

You get to choose a question which people have to answer before their email is put into your inbox. When someone sends you an email, they will receive the following message in return – click for a bigger image – When the person who sent you email clicks on the link within the email they were sent (or copies and pastes it into their browser, which is always the wiser thing to do on the internet) they will see this screen – Once they have answered it correctly the first time, that person is then always able to send you mail. You can put the answer to the question right below your email address on your website, and spammers and scammers will never find it – remember they do not visit your site to get your email address, they harvest it using data mining programs.

What If People Don’t Respond?

You can see pending messages, and if you recognise the address or know the person sending you mail, you can approve them yourself as well. I recommend you check your pending messages once every 24 hours.

Even better, you can now ask Trust My Mail (thanks to their new mail forwarding service) to forward messages on to another email address – and to send messages like you normally would, quite simply. This means you can keep your real email address 100% private on the internet, protecting you from spammers and scammers – and family members who forward every email you send to every man and his dog – and often to scammers and spammers as well!

It’s all free, by the way. And there’s no ads. No this is not a sponsored post, I just referred a lot of scam victims to Trust My Mail and always found people were happy with it – and it was easy for them to use, which is important..

I Don’t Like That Idea – Options?

There are a couple of other options which are relatively simple that may not stop the spammers and scammers completely, but at least makes it harder for them.

Make Your Email Address An Image -

You may have seen this kind of image around the place – note this email address I don’t use anymore so don’t ya’all email me at it! This is easily generated online thanks to this wonderful website – Email Icon Generator.

The only trouble with this is, your email address needs to be simple enough that people can work it out from the image. Try to use letters only because numbers will be confusing. You will find some people will get the address wrong or simply not bother, though. It is almost as bad as those Captcha word generator things for comments.

Put An Extra Word Into Your Email Address –

Then tell people underneath which word to remove. For example (this is not a real email address) emailmePOOP@mail.com <--- take out the Poop to reach me. The only trouble with this is people find it annoying and troublesome and might not email you at all. People used to use NOSPAM as the word to take out - don't use that word anymore, the scammers and spammers have worked that trick out. They're not complete nitwits, ya'all! ;)
Use One Email For The Net –

This is the solution I have chosen for myself. Make an email address which is for the web only and which receives email only – never use it for subscribing to things or personal emails or responding to anything. Be very aware that emails which arrive in there can potentially be spams and scams, and never unsubscribe to anything sent to that address – because you never USED that address to subscribe.

Make another email address for personal correspondance and keep that one to yourself and friends only. There’s no limit on how many email addresses you can have.

I use 5 different email addresses for this blog. One here for people to contact me with, one which receives all the comments people post on my blog, one which I use to email people back with, one which I use for things I have signed up for which are blog related, and one which I use when I reply to comments.

Stumble It –

I hope this might be useful information and helpful to everyone out there on the net, if you found it to be useful please stumble it. ;)

Over To You!

What are you doing to protect yourself from spam and scammers? Do you receive a lot of scam or spam emails?

Spam, Spiders And Do Follow, Oh My!

Today on Think Tank Tuesday I’m taking a look at No Follow and Do Follow and how these relate to blogs and spam, and Sephy is going to let you know how to turn no follow off on Blogger, WordPress, and various other kinds of blogs. It is a lot easier than you think, you’ll be glad to know!

So what is NoFollow All About?

Most blogs come with no follow installed on the comments section automatically. This was originally done to prevent link spammers gaining anything from their spammy efforts. Unfortunately nofollow does not work – nofollow blogs still get spam comments.

That means anytime someone comments on your blog their link is not followed by the search engines. The commentor does not receive a link back on either Technorati or Google or Yahoo or any of the other search engines.

Is It Fair To Your Commentors?

By making a link no follow, you’re effectively saying to the search engines – I don’t trust this link. Given that most of us do actually trust the links of our commentors, this is not a Good Thing.

Choose Not To Give Link Juice -

When you have a blog, you can choose to make certain things no follow. For example, if I wanted to link to someone in a post but I did not want the search engines to see that link, I would put in a bit of code that turns the link into a no follow link. Why would I want to do that?

Link Bait -

Sometimes bloggers post controversial things in order to get links back to their blog. I can name a few who do this regularly. If you feel a blogger is link baiting but you still want to discuss their post there is an easy way you can make the link no follow.

Sephy has shown you how you can do this in his post on this topic – Say No To NoFollow, it is simple and easy to do.

You will still be giving their blog traffic if anyone clicks on the link, but it is better to do that than leave your readers wondering what the heck you’re talking about – and much better than giving the blogger what they are looking for by being controversial, which is backlinks to their blog. Don’t reward them by giving them link juice.

Links Mean $$$ To Some -

Why do bloggers link bait? To some bloggers, backlinks can mean money. The more back links your blog has, the higher ranking you get on Technorati, the higher your page rank, the higher price you can charge advertisers.

What Is Do Follow?

The Do Follow movement is basically people who have decided they want their commentors links to be followed by the search engines. These Do Follow bloggers have taken the time to remove no follow from their comments sections. Depending on what kind of blog they have this can be an easy task or a difficult one.

Sephy has explained how to make your blog do follow with instructions for Blogger, WordPress, Typepad, Movable Type and some others.in his companion post to this one, make sure to read it. Here is the link again if you have not already opened it in a new window or tab – Say No To NoFollow

Will This Increase Spam?

In a word, no. I was getting spammed before I became do follow, and I have been spammed since. What will add to your chances of being spammed more often is by joining one of the Do Follow link lists that exist on the internet. These are targeted often by spammers looking for a way to build backlinks fast.

The Bumpzee Community -

There is a No Nofollow | I Follow | DoFollow Community at Bumpzee. Being a member of this community is worthwhile if you are a do follow blog because your posts go out on the RSS feed for other do follow readers to view. It has meant more traffic to my blog.

I believe three times since I joined the community, which was some months ago now, I have been spammed by people who came directly here from the Bumpzee community. These are the paid commentors. Their comments are easy to spot and easily deleted. So as far as I am concerned the issue of being spammed by people who know you are do follow is not much of a problem for me.

What If I Get Spammed?

You can easily turn no follow back on – but that won’t stop the spam. Spam is a problem we all have to deal with here on the internet. We just have to be adults about it, set a comments policy for ourselves, and then follow it.

Since I put in a comments policy on the page where people leave a comment, I have only been spammed once. The paid comments people seem to have got the message – it is a waste of their time to comment here and they won’t get paid for the comment because I delete it quickly. If you can do the same thing, you can keep your blog spam free.

How Can I Tell When It’s Spam?

The number one give away is the link they are using. When I see a comment that is possibly spam, the first thing I do is copy the link and take the link over to Technorati. For example, this is one of the comment spammers that has been here recently – on Technorati and another one – and as soon as you search for the URL you can see they have a lot of recent reactions with different names – Tom Paine, Lais Edwards, Richard Andrews, Clebsch Gordon, etc.

Why It Works -

Looking at the backlinks, some of the bloggers I most respect got caught out by these spammers. There’s a lot of familiar names and blogs there. I didn’t have the time to email or comment on all the posts, otherwise I would have.

The two blogs mentioned above now have medium level authorities on Technorati – (one has an authority of 51) (two has an authority of 65). You’ll note I am not linking to the blogs themselves, only to Technorati. I do not want to give them any link juice.

Team Up With Fellow Bloggers -

The major mistake these spammers made was – they visited Sephy’s blog not long after visiting mine, and left similar comments. Sephy and I discussed them on Skype and figured out it was spam, and then deleted them.

Don’t be afraid to contact a fellow blogger who has received a comment you suspect is spam and ask what their thoughts are on it. Sephy posted about it here – Paid Comments Not Allowed

Search The Name or URL-

Lucia spotted what was going on and wrote a post about it here – Jimmy Spam (& SEO Tip)! and many bloggers have been finding out it was spam via the search engines because of this post.

Post About It Yourself -

If spam has become an issue on your blog, it could be worthwhile posting about it so that other bloggers can be aware of it. When they google the names you keep seeing as spam, they will find your post and then they can delete the spam as well – and if they read your post, when those names turn up on their blog they can hit delete fast.

Just make sure not to give any link juice to the spammers – you can make individual links no follow easily (See Sephy’s Post for info on how) so please do so when referring to the links spammers leave, or use the name only, don’t put a link in, like Lucia did.

Moderation?

From time to time all bloggers find themselves switching to moderated comments. I’ve had to do it here, when trolls have arrived. Using moderation takes all the fun out of it for them. You usually don’t have to leave it on for too long before they give up and go somewhere else to troll.

You can also use moderation to combat spam and this is a tactic some bloggers are trying out recently. If you are available most of the time to moderate comments, you may wish to try this but be aware – it tends to stifle discussion. And what happens when you sleep? Comments stay unmoderated for hours at a time. ;(

Moderation After The Fact -

I tend to stick with a moderation afterwards policy here. If I spot a comment which is inappropriate, unacceptable or spam, it is quickly deleted. Sometimes not quickly enough because the search spiders are here fairly often. So they may get a some link juice if I’m not on the ball.

Trusted People -

If you have a couple of people you really trust who live in different timezones to you, you may choose to make them an administrator on your blog. This gives them the power to moderate comments. You discuss with them what is unacceptable, and they keep an eye out, deleting anything which would be against your policy, or anything which is clearly spam.

What About Captcha?

Blogger users will be familiar with Captcha word verification, it looks like this – The reason it is exists is to stop spam bots posting comments on your blog. However it could be stopping regular human people from posting on your blog. You only need to turn word verification on when you’re being targeted by a spam bot – as in you’ll be getting a boatload of comments in a very short amount of time – and this will stop the spam bot from posting more comments. May I recommend you turn it off in the meantime?

Julie Pippert recently posted about Captcha and if you read her post you will see you might be missing out on comments if you’re using it. I have turned word verification off here for now, we’ll see how it goes..

The Bottom Line -

Spam is an issue for all of us. We get it in our email. We get spammed in our comments section. Unless you are being targeted in a major way and receiving hundreds of spam comments a day, it’s not that big a deal to hit delete. Have a good comments policy, make sure it is visible on the screen where people leave comments (blogger users – find out how to display your comments policy) and be vigilant in deleting anything you suspect of being spam.

Further Reading -

13 Reasons Why NoFollow Tags Suck I agree with the points, especially points 2, 3 and 5.

Ultimate List of DoFollow & Nofollow Plugins – Banish Nofollow From Comments and Trackbacks – Andy is the manager of the No No Follow community on Bumpzee. This post has a lot of fantastic info, worth a read.

Here’s Why You Should Add Dofollow To Your Blog Design David Airey expresses why he has chosen to become do follow and I can’t put it any better than he did in this article – especially this direct quote – “I want to give you every reward I can for your valued comments”.

Give a little link love say no to nofollow remove the link condoms Rob, I love the concept of link condoms! ;) This post contains some very interesting quotes from people at Google and Yahoo – worth reading.

I Follow Randa Clay created the Do Follow logos that you see around the place, here you can get them in different colors to suit your blog.

Bumpzee No Nofollow | I Follow | DoFollow Community – You can join the Bumpzee Do Follow community here if you are a do follow blogger.

I Reply, I Follow, I STALK!! Very interesting thoughts on both I Reply and I Follow.

Over To You -

If you liked this post, give it a stumble so other readers can find it. ;)

What are your thoughts on spam? Have you been spammed on your blog? Are you a Do Follow blog, and if not will you become one after reading this? Feel free to leave any comments – as long as they’re not spam!

Bumpzee members please take note -

The 419 scammers have found Bumpzee and looks like they intend to make use of the private messaging function.. Please report any such messages to Bumpzee via the report abuse option found below the message. If you’re not sure about a message you receive and want advice before you report it, email or PM me, I’ll check it out for you. If the email message you receive has an email address for the scammer I’d love to have the address, we scambaiters will bait them and keep them busy. ;)

If we stamp on these guys fast and hard, they will give up and go elsewhere.

Bumpzee Hot Dating Spam?! This is a new example of what they’re sending on Bumpzee. Sadly, no gorgeous women are coming to ya’all as a surprise via Bumpzee private messaging..

MyBlogLog and scammers & spammers

Eric from MyBlogLog dropped by and left a comment, which I would like to respond to here.

Thanks for dropping by, Eric. I’d like to show you the bigger picture. You seem to be seeing one tree in the forest. There’s a lot of trees to be seen, and here are some things you might want to consider.

You think that a 419 scammer can’t set up a blog and make it interesting enough that people will join their communities? These guys are not stupid. They create fake banking websites constantly and some of them are good enough that the *banks* wonder how they’re doing it. They would probably steal content from lesser known bloggers, but how would any of us ever know that they were scammers until they sent us the scam email?

Plenty of people would not even know they were scammers once they GOT the scam email. The situation with education on this topic is not good. New people join the internet every day, many of them elderly people with life savings in the bank.

You think the scammers speak a different language and it would give them away? Incorrect. When you receive a scam letter with terrible spelling and grammar – that is actually TACTICS on their part, because they want the great white hope to think they are less educated and easy to manipulate. They can write just as well as you or I.

You forget that SCAMMING PEOPLE IS THEIR FULL TIME JOB. They get up in the morning and go to the internet cafe. Email isn’t working too well for them these days, and they are always looking for new ways of contacting the “maga” – their word for scam victim. They’re already using social networks. Tagged is their current favourite, it seems, but they are always looking for the next big thing. They work in large gangs, and they have “lower down” scammers doing all the grunt work. Those guys are constantly thinking up new ways to scam people in order to get higher up the chain.

If someone joins your community, most people join theirs in return. I’ve done it myself. I’m sure others have too. That’s the way these social networking things work. So if a scammer signs up and goes around joining communities, its likely they would get a lot of members fairly quickly, who they can then spam.

If you don’t think it is possible, you’re wrong. These guys will use any chance they can. Ask Ebay and Paypal. The next thing you know they’ll be sending out phishing emails to get blogger logins – yes, that is one way they will be able to spam people, by stealing the accounts of established bloggers. They’ll target the bloggers signed up to a lot of communities. Have you organised an education drive on a phishing scam, ever? People fall for it so easily, and they will fall for it just as easily on this occasion. You ready to deal with the fall out of bloggers having their passwords stolen?

Ebay can’t manage to get the message through to people. Paypal can’t manage to get the message through to people. Banks and ISP’s can’t manage to get the message through to people. We scambaiters can’t get the message through to people and trust me, we’re not resting on our laurels. The Anti Phishing Working Group can’t get that message through to people and look at all the influential members they have to help them out. Thousands of online email, banking, Ebay, paypal and ISP accounts are compromised daily. Do you think you’ll be an exception and able to get the message through to all 180,000 members of MyBlogLog?

Even Yahoo has problems with this – the scammers send out emails which look like this - You probably look at it and think – who would fall for that? People fall for these phishing tricks all the time. I’m not kidding. If MyBlogLog people got a message that said – we’re spring cleaning, please log in to show us you wish to remain a member – and it linked to a fake site the scammers set up which looked exactly like MyBlogLog and it asked people to log in..

These guys got game. Some of them have teamed up with the Vlads – scammers from Romania and Russia, in order to do these phishing scams and fake sites. You want to take them all on and make yourself and every member of MyBlogLog a target? Ask Ebay how well that worked out for them. They never took this problem seriously and now it is such a huge problem for them, it’s given them a very bad name, and frankly they will never overcome it. New auction sites setting up know about this problem and take steps to avoid it.

Having a private messaging system is bad enough – the scammers will turn up at some point. I have already received 419 scams via Bumpzee private messaging. But you give them a mechanism to get their 419 messages out en masse to a large group of people, and all they have to do is join a bunch of communities? Sold! That’s a lot easier than messaging people one on one. But if you offer them messaging one on one, they’ll take that. I would recommend you get rid of the private messages as well, in order to keep them off MyBlogLog.

Now you can say ok, we’ll ban all Nigerian IP addresses. That won’t work, the scammers are all over the world – the US, UK, Europe, Middle East, even here in Australia. Canada has a huge group of check scammers working there, sending out fake checks, take a look at some of their work (checks they sent to me) here. There are large scammer contingents in Houston, Atlanta, Amsterdam, London, Abu Dhabi, Romania, Johannesburg and Delhi. This is a global problem without anyone working on a global solution.

There is so much more to this issue than the one tree in the forest that you are seeing. That’s why people are so angry and upset about it – they LIVE with the spam and scams, and they do not want you to offer another mechanism for them to receive that. It won’t go away by your saying “We’re keeping this system, thanks for your feedback” – no, what will happen then is you will lose a lot of your members. Maybe that’s not important to you now you’ve sold out to Yahoo.

You’ve grabbed a tiger by the tail here. How about letting it go and listening to your members? If you don’t believe me or the other outspoken ones, put in a poll and see for yourself – I personally feel the majority of people on MyBlogLog do not want this community messaging system. Many of them will just quietly leave, or stop using MyBlogLog.

Other people who have written about this topic –

MyBlogLog Community Mass Message SPAM Controversy – Alex (new)
Mybloglog messaging system and why I think it sucks – Yack Yack
MyBlogLog Mass Messaging – Swallow Spam or Die – Avinash
MyBlogLog New Features – The Abusive and the Incomplete – Andy Beard
Think Twice Before You Launch A New Service – MyBlogLog – Jon
Community Messages on MyBlogLog – Meg

My Commitment Not To Spam Via MyBlogLog

For those users of the internet who wish to continue using MyBlogLog but want to show their users that they will never spam them using the Community Messages system, I have good news for you.

Jon from Smart Wealthy Rich created a little image you can put in your sidebar, probably under your MyBlogLog widget, to let people know you won’t be spamming them anytime soon. He also made a commitment, and I’d like to make my own commitment to readers of my blog here and now -

My Commitment –

I will not use the community message service, and you will not receive any mass message from me on MyBlogLog. I may use the private message system to reply to you if you message me, or if I have something specific to say to you personally, though usually I would just send you an email or contact you via your blog.

It’s nothing personal.

If you did send out a message to your community, don’t take this like a slap in the face. You probably thought it was a great new feature and a good way to get in touch with everyone at once. But that’s what your *blog* is for. ;) You can make your own commitment if you also feel strongly about this, and display the image on your own blog.

Communities are great, I have gained a lot from being a part of them, but I’m reading your blog daily in google reader and if you have a message to send to members of your community your blog is the place to do it, not via a mass message to all people in your community on MyBlogLog.

Please note, I am not talking about private messaging. Sending one message to someone is not spam. In my opinion, people should not be able to send more than one message at a time. If they want to sit there and message every member of their community individually that is fine, I have no issue with that. It’s when they are able to type one message and instantly send it to hundreds of people that it becomes spam – and a potential problem for every member of MyBlogLog.

It’s a real shame because MyBlogLog has such potential but the moment you allow a system where spam like this can happen and be easily done, you are just opening up a can of worms – the *real* spammers and scammers will be along in no time. I get enough “Enlarge your penis” mail (especially for someone who doesn’t OWN a penis, being female!) through my normal email addresses, thanks very much.

The Nigerian 419 lads will really love this system and I say that because I know them very well and they already abuse similar systems on dating sites and other community sites, and they’ll be along before you can blink, joining OUR communities in order to send US mails intending to SCAM us out of our hard earned money. Worst of all, they WILL get money from people who don’t know anything about those scams. I do not think MyBlogLog really wants to provide a service for scammers – they want to provide a service for bloggers.

The solution is to quickly get rid of this community messaging system. However from what I am reading on the MyBlogLog blog, they seem to want to keep this or wait until people give them feedback. I think that’s a mistake. People will leave, and there’s other sites out there providing the same service, but without the spam.

Also, I don’t belong to a lot of communities yet, but I do read on average 200+ blogs a day. One of the blog communities I read on the RSS feed has over 200 blogs posting to it. In point number 4 of Eric’s blog post – “I’ll leave it for other people to debate why someone would join 5,000 communities” – it sounds like a judgment of people who belong to a lot of communities and that people who belong to less communities won’t have an issue.

At this time I think I belong to less than 5 communities, NOBODY has spammed me, not ONE person, yet I have a problem with this because I can see the potential for disaster and because I know scammers well.. If you have an issue with people belonging to a certain amount of communities, put in a limit. Don’t use this to justify the community messaging system.

I was about to sign up for the MyBlogLog Pro service because they do offer a lot of great features, especially the stats, they are some of the best I have seen on the web but I’ll take a raincheck for now until I see how this plays out. :(

Meg from Dipping into the Blogpond posted on this topic here, so go and read it if you’re not aware of the situation. Other posts I found are here -

Mybloglog messaging system and why I think it sucks – Yack Yack
MyBlogLog Mass Messaging – Swallow Spam or Die – Avinash
MyBlogLog New Features – The Abusive and the Incomplete – Andy Beard
Think Twice Before You Launch A New Service – MyBlogLog – Jon

Internet Safety Part 4 – Use BCC

From yesterday’s post, Em had a question –

What is your opinion of spam filters. My gmail one seems to work quite well and the spam doesn’t bother me because I don’t see it…

I’ve got about 40 gmail accounts actually. ;) Being a scambaiter, you tend to have a lot of email addresses. The spam stuff, like viagra and cialis and people trying to sell you stuff, gmail does reasonably well with. However, they do NOT do as well with the *scam* emails, and also phishing gets through on a regular basis.

You might not be getting much in the way of spam as yet, but if you have an email address which is anywhere out there on the internet, it will be coming to you as a surprise some time in the future. Here’s a screenshot from one of my email accounts which is on a scam blog. The people emailing it do not know it is on a scam blog because they use an email extractor program to get the addresses.

The emails you see there arrived over the space of less than an hour. That account regularly receives around 40 emails per hour. That’s 960 emails a day. Can you imagine how this would mess up your inbox? ;)

For most people, a single gmail account with a spam filter might work just fine – until someone gives out your email address somewhere. It’ll start out being 3-4 spam emails a day, and keep going upwards until you want to throw things at people you’re getting so much of it. If you have one email account which you use for everything, it’s a real nightmare when that happens. And you would be surprised at whom is doing what with your email address as we speak.

I’ve done a lot of email warnings to scam victims over the years, and many times some of these people have decided I am their friend and added me to their forwards list. They then send me any “joke” or “inspirational” email that they stumble across during their interweb travels. The trouble is, they add all the email addresses as “cc” – carbon copy, which means me and everyone else who got the mail can see who it was sent to! That means, if a scammer or spammer gets their hands on it, they have a bunch of new targets to email.

So there’s the lesson for today – use BCC when you want to email to more than one person. *Blind* carbon copy – it means nobody else can see who you sent that mail to.

The reason I am suggesting the email plan rather than just one gmail account is because if you break it down into groups it is much less of a hassle when that account is compromised. I say when because it is highly likely to happen. :( Spam and Scam is getting worse, and there really isn’t much that can be done to stop it, so it is much better to be prepared. ;)

I hope that answers the question. :)