It’s absolutely possible to fight back against spammers …if you think about what would actually work. Pull up a chair by the fire and I’ll tell a story about how I did it this Christmas week, and turned The Grinch into a reformed marketer.
For context, I tell you this story as the author of the Internet Spam Primer, which began in the This is True newsletter in late 1996. That’s right: 24 years ago! It was clear to me way back then that spam would grow into a terrible problem if it wasn’t addressed properly …and it hasn’t been. It’s estimated that more than 80 percent of all email is spam. That, in my not-so-humble opinion, is a terrible problem.
The Primer later was available by an email autoresponder (if you remember those, you’re an Internet Oldtimer!), and it finally was moved to its own web site in 2002, at the link above.
Two Kinds of Spam: Bad, and Really Bad
The really bad kind of spam is what you get from the criminals: scams like “Collect your lottery winnings!” …from a lottery you didn’t enter. The phishing, the attempts to take over your computer with malware. For me lately, it’s the “YOU DIDN’T RENEW YOUR DOMAIN! ITS GONNA EXPIRE!” scam. “CLICK HERE IMMEDIATELY to renew at this fly-by-night foreign registrar before it’s too late!!!” Never mind that I keep my domains paid up years in advance, but they’re looking for those who react first, and think later (if at all).
The merely bad is when “legitimate” companies send email come-ons from a real email address and, if you reply to complain, will stop sending you their come-ons. There’s even a 50-50 chance that they will apologize. They’re the type that I call the “But MY shit doesn’t stink!” rationalizers: deep down they realize that spamming is immoral and unethical, even illegal under the horribly anemic CAN-SPAM Act of 2003, but “Hey, MY product is really good! People NEED it! SURELY they will appreciate getting an email that’s so HELPFUL!”
Nope: it’s still spam. And if they keep sending you junk after you complain, they move into the Really Bad realm.
Tech to the Rescue
I use Gmail to filter my email, and consider it the most effective anti-spam system available to regular people like us. Still, I frequently check the spam folder there looking for “false positives” — legit email, often from readers, that somehow triggered The Google’s suspicions. Last night when cleaning it out, I was surprised to find a spam pimping a Wordpress plugin.
Wordpress is the most popular publishing platform for web sites, including this one. A plugin is a software extension that adds some sort of capability that’s not built in to the main platform.
In the old days, plugins were written by lone coders who were trying to add a function or solve a problem on their own web sites, and made a gift to the community by posting it for free download by others who have the same need. It was awesome, and some of those wonderful coders still do that.
But for the most part, like the Apple iWhatever Store or the Google Play (shudder: what a stupid name!) Android app store, the Wordpress Plugin Repository is now dominated by commercial operations, even very large companies. Sometimes the extensions they’re making are really big and complex and are “only” really doable by big teams, so I’m not knocking the idea. In fact, whether large or small developers, if the plugin makes my life a lot easier, I pay the (usually) small fee to encourage them to continue developing the plugin, and in return they usually provide expanded functionality.
Getting Specific: Pushing Webpushr
Still, I was a bit surprised to find, in my gmail spam folder, a come-on from the latter sort of developer. That’s really unusual, so I checked the routing headers: is this a company spoofing their competitor to make them look bad? No… it did appear to come from the company. The message was signed with a real name, and linked to their plugin in the Wordpress Repository.
So I clicked it.
Yes, I made sure it really was a link to the Wordpress Repository first, and indeed that’s where I landed — the Webpusher plugin page.
But why use spam? Like just about all of them, this plugin has a free option, but to really get full functionality you have to pay: $19/month for a “Startup” through $149/month for “Pro” …or more if you have a really big site. So yes, this is definitely intended to be a profit-making venture. Heck, they’re even located in California’s Silicon Valley, where developer salaries are only outstripped by the rent for office space.
But after I clicked, something jumped out at me: like the iStore and Goog’s Play, they want reviews. They want lookers to be convinced to try and buy. So sure! I left a review. The title:
I don’t do business with spammers
The main point of the post (the original version is illustrated here): to make it clear that their chosen marketing method shouldn’t be tolerated — by anyone, especially the fairly tight-knit Wordpress community that was built on the altruistic sharing of solutions.
In fact, Wordpress itself is free. They support its development in part by (you guessed it) selling highly capable plugins. They get several hundred bucks a year from my operations.
So to get a “But MY shit doesn’t stink!” sort of spam come-on really sullies that sort of atmosphere.
Spam …is defined as “unsolicited commercial email.” That is, email you didn’t ask to be sent to you that is commercial in nature (e.g., an advertisement) — even if it’s not bulk mail sent to millions of people — and you don’t otherwise have a “prior business relationship” with the sender. —Spam Primer
In the Spam Primer, I say “My most important advice… is never, ever, ever buy anything from someone who sends you unsolicited advertising by email, even if the product is something you want.” Not just because so much of it is pitching fraudulent scams, but because it feeds the machine: spammers spam because it’s profitable. The only way to really kill it is to make it unprofitable.
Then, the Twist!
I posted the review a little after 8:00 p.m. last night. I thought maybe the company would find the review sometime in the next week or more — it’s Christmas Week, after all! So it was really surprising to get a sincere apology just before midnight!
Since I hadn’t replied to the spam, that means the company found the review, figured out the connection (easy enough, since thisistrue and thisistrue.com match well, but they still had to think to look), and took action the same night, well after “business hours.”
I am super sorry for reaching out to you and for attempting to nudge you to try Webpushr Plugin. You will not receive any promotional email from me, again.
…
Again, I am incredibly sorry for my promotional emails.
Nice, but it’s the middle (…) part that took me back a little:
I do humbly request that you please delete your review for Webpushr WordPress plugin. You are punishing an entire product that is used by over 5000+ websites just because I tried to convince you to use Webpushr. Please let me know if you’d be able to remove or delete your review?
But No, I Won’t Retract the Review
And here’s why — and why I’m including Ashley’s name in this (but withholding her surname, since that’s not the point). It’s a bit harder to see since I did some privacy smearing in the graphics, but here’s the important bit: the two emails from Ashley have an important difference!
The original comes from “Ashley Surname <inbox@domain>”, but her apology comes from “Ashley from Webpushr <inbox@domain>” …they’re different. My conclusion is that the second, the one-to-one message, is her regular email app like you or I might have, but the first is from a tool — a program that takes the results of research (say, finding sites that use Wordpress and have an email address on their Contact page), and sending the boilerplate email to those addresses.
And here’s why I’m confident in my conclusion: go back to the two emails’ screenshots and notice that the reason they both went directly to the gmail spam folder is, “Lots of messages from webpushr.com were identified as spam in the past.” — many people have been getting email from them and marking it as spam. This email to me isn’t a one-off; it is, in my opinion as a professional in the email publishing biz for 27-1/2 years, a pattern. Oh, and then there’s Ashley’s reference to “my promotional emails.” — note the plural.
So I replied to Ashley with a screenshot of that and told her no, I wasn’t going to retract the review because of that obvious pattern. But then something happened…!
Everyone Loves a Happy Ending
Since then I’ve received quite a few more emails (and texts! 😡 ) from the company. First, from Ashley again, at 1:12 a.m. my time:
I wanted to let you know that we, as a company, will not be sending any unsolicited (cold) e-mails from now onwards. I am hopeful that you will consider changing your review based on this decision.
…and then another at 1:25 a.m.:
We are pausing all e-mail marketing first thing tomorrow morning. Our approach to e-mail will change. Again, I do apologize for causing you frustration and anger. That was not my intent at all.
I do wish others wouldn’t take it upon themselves to try to assign emotions to me: there’s no “anger” in this. I simply took the opportunity to remind not just them, but all “legitimate” companies that “MY shit doesn’t stink!” is …well… self-deceiving bullshit. Forget spam being “illegal”: more importantly, it’s immoral and unethical, and these companies need to be called out when they do it. Simple as that.
See the screenshot from their official response on the Wordpress Repository, where I’ve highlighted the “MY shit doesn’t stink!” rationalization. Trust the recipients who keep marking your emails as spam: yes, it stinks plenty.
But then… just minutes later they updated their response to include their pledge to stop spamming.
And at 11:28 this morning this arrived by email (emphasis from the original):
My name is Imad Ashfaq and I am the founder and CEO of Webpushr.
I agree and understand your frustration. You are right, we should have never sent out those e-mails. That was a wrong decision and a poor marketing strategy. Thank you for letting us know. I have permanently halted all outbound e-mail marketing efforts. Webpushr will not be sending out any cold or unsolicited e-mails, period.
As a business owner yourself, I am sure you understand how much work goes into creating a business. The last thing any business wants is to be labelled as spammers. As you can imagine, this will hurt us immensely. I am reaching out to you to request that you consider editing your review. I will be indebted to you if you do.
If that’s not a Christmas Miracle, I don’t know what is.
I don’t agree that one bad review will “hurt them immensely.” But it will remind customers that the company listens to feedback and learns from their mistakes. We all make them, and the much greater shame is not learning from the mistakes we’ve made.
So with that, once I hit publish here I’ll be adding to my review in the Repository, and part ways with Webpushr without any “indebtedness” on the books.
At least, as long as Imad stops texting me. 🙂
– – –
Bad link? Broken image? Other problem on this page? Use the Help button lower right, and thanks.
This page is an example of my style of “Thought-Provoking Entertainment”. This is True is an email newsletter that uses “weird news” as a vehicle to explore the human condition in an entertaining way. If that sounds good, click here to open a subscribe form.
To really support This is True, you’re invited to sign up for a subscription to the much-expanded “Premium” edition:
Q: Why would I want to pay more than the minimum rate?
A: To support the publication to help it thrive and stay online: this kind of support means less future need for price increases (and smaller increases when they do happen), which enables more people to upgrade. This option was requested by existing Premium subscribers.
Sorry, but I think you are confusing the open source WordPress project, a non-profit organisation, with the commercial company of one of the software’s founders.
The WordPress project does not sell any plugins, all software is open source and aside from some people working on the software during company hours (sponsored by their employer to do so), most contributors, like me, are unpaid volunteers.
—
I didn’t think it was necessary to explain the corporate structuring, but OK: developer Matt Mullenweg (and probably others) split the company structure in an interesting way: a non-profit that publishes Wordpress, and a now-$3B-valued for-profit company that makes the money, and which gave the Wordpress (if you prefer: WordPress) trademark to the non-profit. Certainly, Automattic (the for-profit) does massive amounts of support of the continued development of, and tech support for users of, Wordpress* the software, and the add-ons it sells to enhance that software. -rc
Fascinating: I spelled that with only the initial letter capitalized — only the one in parentheses also has the P capitalized), and the software is changing what I wrote to match their preference. I have a real problem with that.
Well, I merely tried to point out that presenting the company and the non-profit as one, completely devalues the massive amount of contributions by all the unpaid volunteers.
Also see this post.
I hear you and fully understand. If I remember correctly, adding the function which does that was the last code contribution (years and years ago) by Matt himself.
You can turn it off by adding the below in a custom plugin or your (child) theme’s `functions.php` file:
remove_filter( 'the_title', 'capital_P_dangit', 11 );
remove_filter( 'the_content', 'capital_P_dangit', 11 );
remove_filter( 'comment_text', 'capital_P_dangit', 31 );
—
To be sure, I wasn’t dissing your comment. For a mostly not-techie audience where I thought it best to briefly explain what Wordpress is, I didn’t think it necessary to delve into the organizational details. But since you brought it up, I did a very quick summary. Your link is interesting, and shows (especially the chart “Number of contributions by company”) how Automattic is still very involved in core software updates.
And I’m glad I did …and only then noticed the forced capitalization, because you told me how to change it rather than me researching it. I’m amused by the function name (for the non-geeks, the “capital_P_dangit” part), and appreciate the tweak to disable it — which also Just Happens To Show how easy it is to tweak things on this platform; that’s one reason it’s so popular. As you can tell, I already popped it into the child’s functions. -rc
Thanks. Good to know I am not the only one that has done that. I use other review sites to do that since I do not have my own(or want one). It sure works. It has been years since I have been SPAMMED.
—
YEARS?! W-o-w. -rc
I *love* this story, the Christmas Miracle theme fits it so well. Thank you for reminding us that there are effective ways for individuals to fight back, and I will start looking for such opportunities. Good for Imad Ashfaq for so quickly changing policy and redirecting his employees.
Your “MY shit doesn’t stink” theory is awesome: it explains so much about companies that are otherwise “legitimate” (though that word seems contradictory). They made the conscious decision to spam in the face of its unambiguous ethics. I actually snorted when reading Webpusher’s rationalizations. It certainly does stink, and when anyone shits in my inbox they get marked as spam every time. They need to wake up like Webpusher did.
Sadly, spammers are smarter than you think. It is extremely easy to generate any email address you like for an outgoing email. Read that again — ANY email address you like. It might even be “someone_special@thisistrue.com”. Now, if thousands of emails go out with that address, and thousands of recipients flag the email as spam, guess what? The address gets a bad rep as a source of spam. The spammer only has to change to a different phony address — but the legitimate domain is now flagged a spammer. Automated spam detection filters such as The G’s are hurting legitimate sites without doing anything to reduce spam. Ain’t technology grand?
—
I don’t agree spammers are smarter than anyone thinks. It’s trivial to send mail “from” any address, as you note. However, it’s also trivial for any filtering system to look to see if mail purporting to be from (say) thisistrue.com is actually being sent from there, or from a site authorized to send mail for that domain (e.g., an Email Service Provider). How? By comparing headers to SPF, DKIM, and DMARC records, which I definitely have set up. That is, in large part, why spammers have gone less to spoofing respected addresses and instead use gmail, yahoo, and other free address sources.
My email address is well known, having been posted on the web many times over many years, resulting in hundreds to thousands of spams/day coming in to that address. I do a rough filter on my server, and then gmail does the final check. The result: around one spam a day into my inbox (and probably 2-3 false positives, which is why it’s important to check the spam folder there). That’s a technology-fed boon, not failure, though a lot of spam filtering companies get way too overzealous, doing stupid things like rejecting mail because it has a particular word in it, which is lazy and prone to laughable errors. -rc
I’m curious: did you look at the extended email headers in both messages to see if you could see traces of a spamming program? Believe it or not, some of those spammers are so proud of their non-smelly shit that they actually put a user agent tag in that identifies the software.
—
Well, it’s been a year so I don’t remember. OTOH, I have a copy of the original email (with all headers, of course!) While I don’t see any software signature (not even an x-mailer), I’m amused to see that it has a DKIM signature, so it’s “legit”! 😆 -rc