Feb 28, 2008

Prankster Pollutes Obama’s E-mail List

Ken Magill has a story over at DIRECT about how Barack Obama’s email list has been tainted by pranksters. Basically, some pranksters signed up to Obama’s list using some prominent anti-spammers’ email addresses. It’s an example of how a very high profile email list is at risk if you don’t employ the double opt-in (or "confirmed" opt-in) method.

We’ve seen similar cases here at MailChimp. A very high profile radio host (who I listen to almost every day after work) once signed up for an account on our system, and his first campaign got some furious complaints from a group of prominent anti-spammers that I also hold in high regard. There’s no way this radio host is an evil spammer who’d harvest or buy email lists (doesn’t need to), and there’s no way this normally calm, very experienced anti-spam group would get so mad about a little opt-in prank (happens to them all the time), so I did some investigating…


It turns out it was an opt-in prank, magnified by sloppy list management practices, overly harsh ESP policies, and paranoia.

At his first ESP (email service provider), the prank signups seemed to happen to the radio host’s list on a regular basis, like clockwork. It was the same group of anti-spammers that a prankster signed up every 3 months or so. From what I was able to piece together, the first time, the anti-spammers figured it was a stupid prank and asked him and the ESP to clean his list, then switch to double opt-in. The 2nd time it happened, they got angry at the guy for not cleaning his list as requested, and for not employing double opt-in. The 3rd time, they got angry at the guy, and the ESP.

In response, his ESP told the guy to re-confirm his entire list, which I think is a bit harsh for a handful of recurring prank signups (just clean the prank addresses off, then switch the list to double opt-in to lock out the pranksters).  He refused to re-confirm his entire list (rightfully so) but he also refused to switch to double opt-in (wrong move). So he was ultimately booted by that ESP’s abuse desk.

At this point, he started to form a conspiracy theory that this anti-spam group was basically a sort of Internet mafia, that controlled ESPs and ISPs. He got on their bad side, and now he was being "singled out" by them.  Any advice they gave he swiftly ignored.

So he moves to a 2nd ESP. He claimed he just didn’t like that ESP’s interface so he left them. But who knows—the pranks might have followed him there too, and got him booted.

Finally, he switched to MailChimp. At MailChimp, we only offer the double opt-in method. Maybe he finally saw the light, and recognized the value of double opt-in. Maybe we were just his last resort. So he imported his list. Problem was, he imported his entire old list, not the "cleaned" version. So it included all the old bounces, unsubs, and complainers. Bad, bad, bad move. You know what happens next. He sends his campaign, gets the same group of anti-spammers mad, but also gets a stupendous amount of bounces, unsubscribes, and feedback loop complaints from people who had previously unsubscribed. Red flags popped up all over the place, and we shut his account down immediately.

Maybe his first ESP doesn’t provide an "Export clean version of this list" feature (that would be pretty evil). Maybe he was just being stupid, and thought it would be a good opportunity to reclaim old addresses. Whatever the case, he’s somewhere out there looking for his 4th ESP.

Lessons Learned:

  • Double opt-in can help prevent prank email signups
  • Double opt-in can help typo and accidental email signups, too
  • Sloppy list management practices really do affect your reputation, and can follow you from ESP to ESP.