This author has spent many years chronicling the exploits of black hat spammers who use hacked computers to relay junk email. But I’ve dedicated comparatively little time delving into ways of email marketers who technically follow U.S. anti-spam laws yet nevertheless engage in spammy practices. The latter is able to ply their trade because there are thousands of Internet hosting companies operating on thin profit margins that are happy to host spammy but lucrative clients. This is the story of how one hosting company heroically kicked out all of its email marketing customers at great expense and ended up building a stronger, more profitable company in the process.
A serial entrepreneur as a young teenager, Peter Holden founded several online companies by the time he turned 20 and started Tulsa, Okla.-based hosting firm HostWinds. The company grew modestly but steadily — relying on more than two dozen servers and bringing in revenues of about $15,000 per month.
That is, until Holden got his first email marketing client who offered to double HostWind’s monthly income in one day.
“I remember driving down from Tulsa to Oklahoma City to visit this client,” said Holden, now 25. “It was July 2012, and it was super hot in the car because I didn’t have air conditioning. But I remember thinking it was really cool to have a client who was local and interested in using our services.”
That one client’s business would not only double HostWind’s income, but it gave the company much-needed funds to invest in building out the firm’s technical infrastructure. Good thing, too, because the email marketing client soon referred more e-mailers to HostWinds, which was forced to petition the American Registry for Internet Numbers (ARIN) for thousands of additional Internet addresses to accommodate its new clientele.
“Fast forward about two years, and we now have a lot of mailers on our network,” Holden said. “Throughout all of this, one client introduced me to another client, and another.”
All of them swore up and down that they were following U.S. anti-spam laws to the letter. The CAN-SPAM Act was intended to make it more expensive and difficult for email marketers and spammers to send unsolicited junk email, but critics say it is essentially toothless and rarely enforced. Under CAN-SPAM, commercial emails can’t be spoofed (i.e., the address in the “from;” field can’t be faked or obfuscated), and the messages must give recipients a simple way to opt-out of receiving future missives.
“Legally speaking, we didn’t have any client on our network who broke the law. My dad was a lawyer and we’d routinely terminate anyone who violated our policies,” Holden said. “Ultimately, I think the fact that these clients were able to pay their bills on time — and their bills were massive — gave them some sort of air of legitimacy.”
HOW MANY SPAMS CAN A SPAMMER SPAM IF A SPAMMER CAN-SPAM SPAMS?
From the perspective of anti-spam groups, the main problem with the CAN-SPAM act is that it doesn’t require marketers to get opt-in approval from people before spamming them. Also, many large-scale junk email operations are not too dissimilar from spam campaigns run by cybercrooks — except instead of routing the mail through PCs that have been seeded with malware, commercial emailers send email from huge numbers of distinct Internet addresses that they rent from a vast network of hosting companies.
Eventually, large tracts of HostWinds’s Internet addresses wound up listed by The Spamhaus Project, an anti-spam service used by many ISPs. Networks that find themselves listed on Spamhaus’s various blacklists or “blocklists” soon discover their customers are unable to deliver email reliably. That’s because hundreds of ISPs route or deny email traffic based in part on Spamhaus’s blacklists of known, cybercrime-friendly hosts.
After HostWinds attracted the attention of Spamhaus, Holden said he and his team began taking a much closer look at the company’s email marketing clients.
“We started terminating customers who were pretty blatant spammers, where we’d take a look at the messages they were sending and say, ‘Wow, I wouldn’t want to receive this,'” Holden recalled.
Most of the marketers HostsWinds terminated were sending messages for marketing programs that try to sign customers up for various products or services that bill monthly and can be very difficult for consumers to cancel.
The Spamhaus listings were bad enough, but soon AOL began wholesale blocking email from HostWinds Internet addresses.
“That was really the turning point, because none of these email marketers wanted to be with us if they couldn’t reach AOL users,” Holden said. “We started getting listed massively by Spamhaus at that point, and we went to the anti-spam community and said, ‘Why are you guys picking on us?’ They said, ‘We’re not picking on you: You’re harboring an army of spammers.'”
CUTTING OFF A LIMB TO SAVE THE BODY
Holden said he remembers exactly what he was doing when he made the difficult decision to remove virtually all email marketers from his company’s network, a costly choice that he likened to cutting off a limb or two to save a patient from a lethal gangrenous infection.
“I was in Dallas to visit our data center, and was in my hotel room doing planning in a notebook, and decided this was unsustainable,” he recalled. “The only [mailers] who were left were those with zero abuse complaints, and most of these were just doing regular newsletters. We gave up or lost about $150,000 in monthly revenue from that decision, a huge portion of our business.”
As painful as it was monetarily, the company reinvented itself over 2014 and 2015, and is now more profitable and sustainable than ever, Holden said. HostWinds now terminates mailers after a single abuse complaint, and Holden said he can now spot an email marketer from a mile away.
“We rebuilt the business focusing on core infrastructure, hosting enterprise Web sites and keeping them online,” he said. “We now have a sustainable business that is not going to blow up in our faces in two to three years.”
Holden said these days the only spammers who host malware or blast junk email out of his networks are those that do so for only a very short time before they’re found out and terminated. Holden said there are some very persistent phishing gangs from Egypt that try using stolen credit cards to register new host services to set up phishing scams. Other scammers will set up a new hosting arrangement using stolen cards and then blast as much spam as they can until they’re shut down.
To combat the latter problem, HostWinds is now working with MailChannels, a Canadian anti-spam firm that scours customer networks for outgoing spam, and then helps the customer quickly identify and terminate spammy accounts.
MailChannels co-founder Ken Simpson said Holden’s turnaround story is rare but encouraging.
“It seems like there’s two different kinds of hosting companies,” Simpson said. “Those who are redeemable and those that are just support services for spammers. If you decide you want to be the latter, you can make decent money for a while, but at the end of the day you’ll wind up with this burning husk of a company with all this [Internet address] space that is completely blacklisted by everyone and useless.”
> HostWinds now terminates mailers after a single abuse complaint
I hope that pendulum didn’t swing that far. There are faux-abuse complainers too. How about “single verified abuse complaint?
I was thinking the same thing.
I suppose if I were running such a company, I would have a sort of sliding scale of tolerance for complaints—which would start at zero tolerance when an emailer first signed up, and slowly adjust to a maximum of very very little tolerance after like a year’s good behavior. 😉 But I would still run on verified complaints.
true, blacklist/blocklist organizations may have a point, but they often go too far. I’m not going to ever support the likes of StopHaus, but you have to admit that there is a somewhat valid point deep down in the rest of the mess (bulletproof hosting aside, but HostWinds isn’t BP and never was), that draconian, drastic measures are excessive and unnecessary – even often undeserved or a pr0fit-killer. They got what they want, but this sounds like the kind of report system that occurs with DMCA: terminate now, determine if it’s valid after that or not at all. I mean, GoDaddy is blacklisted plenty of places, but realistically speaking, it’s HARDLY “crime-friendly.” The crass over-generalizations are what get to me; if it weren’t for that, I’d stand by the likes of SpamHaus. But these groups need to get their heads in the game in an appropriate amount, not just emotion without any other consideration. Another example of such abuse is the blacklisting of dynamic IP spaces by SORBS, even where there has not even been any abuse – simply because it’s dynamic. One other blacklist blacklists the whole entire world wide web. That needs to stop.
Good grief, that’s what I was thinking. We do email marketing for our companies, and while we’re fastidious about our address collection practices (>90% are collected *in person* for crying out loud) we still get the occasional person screaming their head off that they never heard of us and hate us and we’re the most evil people on earth for sending them an email. It could be that an address gets mistranscribed, or somebody gives us their email address out of “politeness” and then forgets about it, or somebody maliciously gives us the wrong address as a goof. Maintaining 0% complaints has got to be impossible at any reasonable scale.
Yeah, because nobody’s ever given out a fake email address when someone’s asked for it. They’re probably screaming their heads off because you got their email address instead of the other individual’s email address.
That’s why you need to use an opt-in system, that involves sending a confirmation message to the address, which requires the receiver to click a link in that confirmation message before any further email gets sent to them.
A couple employers ago the marketing department built a list using addresses that were voluntarily entered by drunks playing games in bars. They swore up and down that there’s no way those addresses could be invalid, the people gave them to us. I mean, who knew that drunks would intentionally enter false data? Surely bobsucksdong@longtime.edu must be a valid email address.
Turns out a good 50% of the addresses entered were either completely invalid or someone else’s address. After being placed on the umteenth blacklist and not being able to send any email company-wide, they started using offsite email hosts… rather than actually admit that they were doing something wrong.
We just want to clarify, that we do have a process that we follow in regards to complaints
1) Verify the complaint is valid
2) Verify that the client was conscious of sending out the emails (was not hacked etc)
3) We also have our own internal criteria for determining if a client is a dedicated email marketer, or simply a website owner who is sending out a newsletter to their contact list. There is a big difference between the two, and it is pretty easy to tell.
+1
Thanks for clarifying that. We have people who have been active subscribers to our 100% opt-in newsletter for years and then one day mark us as spam because, I assume, it’s just easier than hitting the clearly marked “unsubscribe” link in every email we send. Our spam complaint rate is very, very low, but I still take each one personally…
OT:
Detekt version 2.0 is out (Jul 28, 2015)
http://slexy.org/view/s21TU0OLrQ
It’s good to hear a good success story once in a while.
So what do we unsophisticated dummies do when our email inbox is filled with spam on a daily basis? It seems to me that the only answer (and temporary at best) is to set up a new email address and retire the old.
Doesn’t your ISP provide spam blocking service?
I have both gmail.com and yahoo.com addresses and I rarely see spam in my in-box.
Not only that, I practically never see good email in my spam folder.
Also, if you decide to create a new email account, don’t use a name that can be easily synthesized. Some of the spammers generate their email lists on-the-fly by simply creating the addresses, asmith@foo.com, bsmith@foo.com, csmith@foo.com, etc., every combination you can think of, without bothering to check whether there’s really a mailbox for each one. They just accept that many spams will not be delivered; they’re sending millions of emails and enough hit true mailboxes to make it worthwhile.
If your first or last name can be found in a phone book and you just tack on letters or numbers at either end, eventually they’ll guess it and you’re on their list.
I wish I had followed this advice years ago when I established my main email address which I don’t want to change now. (Even so, my ISP, Earthlink, filters all but one or two spam messages a month. They do a very good job).
I have an old gmail address like that (from back when you had to get an invitation), and I don’t just get mail from spammers, I get mail that’s being sent to people who apparently don’t know what their actual email address is. Everything from overdue library book notices to a match.com registration, always with my last name and somebody else’s first name in the message.
My wife has a generic gmail address like that. It’s an address like caltechGirl. She gets ethnic dating site emails, cell phone bills and online order receipts. It’s amazing to see how people don’t know their own email address.
+1; *sigh*
If you have a MSN live email account, you can set your filter to exclusive, and I might get a spam mail once every six months! Even before I set it that high, I hardly ever got them, even in my junk box!
Back when Microsoft was trying to improve their filters, I used to mark every single spam as junk, and it didn’t take long to keep my inbox squeaky clean. I only occasionally check for false blocking, but I can’t even remember when the last time I got one that wasn’t a new contact. I always know when I’m about to get a new contact and simply click “add contact” from the junk folder to get them on my exclusive list.
Back before web based email got so good at this, I was forced to use server based email from my ISP and buy an anti-spam service called postini – it wasn’t very good but better than nothing. About a year later I got so tired of bad retail AV products I downloaded Avast, and WHOA! It had one of the BEST server based email filters for Outlook I’d ever seen!
Those were the old days – now I leave my old ISP mail on the server, and even they cleaned up their act. Spam is not a problem for me, no matter which email I use.
@John, one of the best ways to keep spam out of your main email account is to create several ‘junk’ accounts that you do not normally use on a regular basis.
Then when you go to a site that requires an email address for you to download their software or use their site and you don’t want to correspond with them, you use the ‘junk’ email address.
Get you a couple of Yahoo, GMail or other junk addresses and use those instead of your main account.
Sites will sell their email lists to marketers all the time and that is one of the reasons why the junk email start piling up.
Another possibility is to get the Blur plugin for Firefox.
https://dnt.abine.com/
Now if only telephone companies would do this with phone scams. The way they get around the “do not call” list is ringing once and hanging up, hoping the victim will call back.
When I get a spam call/number, I try to track down the hosting telephone company and notify them. Some are great and terminate the account. Others basically say, ” We just sell the numbers and have no control what they use it for”.
I think now I will go one step further and send them a link to this article AND post a review about the company and their response.
I never get a spam telephone call that is not completely spoofed. Blocking that will do nothing. Fortunately my ISP handles my telemarketer blocking, and I don’t get spam calls anymore.
I do something similar with phone calls. Except I also call the phone company’s representative and tell them that as of this call they are complicit in the harassment I’m experiencing and I want a name and address to send the court papers to. This usually results in a couple of free blocking of the offending number.
Sadly “Rachel from Card Services” has found a way around that by calling from a different spoofed number every time. I was hopeful, now that she’s been convicted by the Feds, that her calls would stop, but I’m getting just as many as before.
My family complains about her, but I haven’t noticed her in my Google Voice mailbox….
http://consumersunion.org/2015/01/good-news-for-victims-of-rachel-from-cardholder-services-scam/
The FTC created two contests to help consumers deal with Robo calls.
http://www.nomorobo.com relies on call splitting to let your calls be screened by a system that recognizes spammers– when it recognizes the caller is a spammer, it answers the call (and then hangs up on it). All you have to do is wait for the second ring, if there’s no second ring, the caller was probably a spammer.
I registered my, my children’s and my mother’s cell and wireline numbers here:
https://donotcall.gov/
We never receive marketing calls. None.
I think you have to re-register every 2 years, but it seems to work very well and the site provides a way to report violations.
“That was really the turning point, because none of these email marketers wanted to be with us if they couldn’t reach AOL users,” Holden said.
Wait…were people really still using AOL in 2012/13???
Plenty of people still have AOL email addresses. Most have had them for years and just don’t see the need to change them. After all, they are free and the mail still gets delivered. Not all that hard to comprehend.
The really strange thing is, I actually have a few clients who still use AOL software. Now, THAT’S crazy, IMO.
It costs nothing to have/keep an AOL email. It is just as free as Yahoo or Gmail. Not that I don’t advocate for AOL, but let’s keep the facts straight.
It is true (at least in my experience) that some high-worth folks pay AOL for something they don’t need or use–and don’t notice it. First thing I do for them is get them off the payment plan—if I can. Unfortunately, some of these older folks are still locked into the AOL software. Still, in most cases, I can get their bill reduced to the minimum.
I find it more than a bit despicable that some techies think that people who are tech ignorant deserve to be exploited. I like to think of EVERY client as my sister, mother, grandmother (and the same for the male line). Nobody deserves to be exploited!
Only the gullible ones who are most likely to respond to spam emails.
Yes!!! Millions of people are still paying for AOL in 2015, and allegedly a lot of them are high net worth (they probably don’t even notice the charge, or just want to keep that email address). Pretty crazy.
Real-world data from live systems I have access to indicate ~6% of users still have @aol.com addresses. (subject to the biases of demographics particular to these systems of course)
@Roger – yes. I had a business professor who also had a business. He said he had thousands of addresses in his AOL address book. He had his own domain for his business and tried to use that for all correspondence, but many people who knew him back when might still want to contact him, so he keeps the AOL, and still gets some traffic on it.
Until the Internet has forwarding like the Postal Service, computer competent people will keep their AOL addresses. And the US Postal Service only forwards for a year.
I used to pay the minimum, just for email when I moved out of my ISP service area, and would remote in and download my server based email. (dial up days). Fortunately they put it up in the cloud where everybody can get it now, and I moved back in time to keep my address.
Keeping those old email addresses is actually pretty critical, as many an acquaintance has gone away, and can’t contact me any other way. Even though I used to say over and over again that friends don’t let friends do @hOL; I can see why folks keep the old geezer around.
I won’t do business with any company that has an AOL email address. It’s unprofessional and chances are they don’t have a phrackin clue what they are doing.
@Roger – I’m with you. That was the “WTF” moment for me in the article. 🙂
This story demonstrates the profitability of morality. In the short-term, the scumbags will always opt for what brings in the most buck$, but Mr. Holden was taking a longer-term perspective. He had the guts to take the revenue hit, but his company has an actual future now. Integrity pays. Always.
I would question the integrity of Mr. Holden. Either he was so naive that he didn’t realize he was becoming a spam king, or chose to look the other way when the money started rolling in. He only changed course when his business model became obsolete.
I vote for naïve. It looks like he was 22 at the time.
“Integrity pays. Always.”
Now reconcile that statement with, for example, the fate of the banks who were complicit in the US housing and mortgage market meltdowns a few years ago.
This one example doesn’t prove that integrity pays.
All this example shows is that if the payback of integrity is better than lack of integrity, commerce will operate with integrity; if not, it may or may not operate with integrity.
Great article, gives me hope for the rest of the ISP’s.
Now if only AT&T would respond to abuse complaints then maybe we could get some traction on all the internet abusers. My latest response from them was pretty crappy. Just exactly how do you send logs embedded in email with proof of abuse when the idiots won’t accept them? They do not allow attachments either.
From ATT:
You have attempted to send us an email over 1 megabyte in size (1 MB). We do not accept any emails (including attachments) which are over this size limit. Please resend your email with this size constraint in mind.
If we can be of further service, feel free to contact us at this email address:
abuse@worldnet.att.net
Thank you — AT&T WorldNet Customer Satisfaction Team
There’s a reason AT&T’s logo resembles the Death Star.
Yeah! Didn’t they get fined $1,000,000 dollars for shorting people’s air time the other day?
I HATE AT&T !!!! >:(
A link to the log files in Pastebin would be one way to get the logs to them. Whether they’d actually click the link or not is debatable.
Nice story Brian. I wish it was true. Unfortunately, while HostWinds has made some progress, they are still one of the worst hosting companies in the world for providing services to spammers. In July 2014 they were the second worst in the world as measured by Cloudmark Global Threat Network, and we were blacklisting 63% of their IP address allocation. By July 2015 they were down to number four, and we were blacklisting 48% of their IP addresses (about 140,000 in total). Currently about 75% of all email originating from HostWinds is spam, mostly aimed at Brazilian users. Spam is an international problem, and it is not enough for HostWinds to claim victory simply because they have stopped spam to US users.
If anyone from HostWinds would care to contact Cloudmark, we’d be happy to provide a full report, and even help them set up outbound spam filtering that actually works. We can also provide more details to you Brian, if you’d like to do a follow up article with some actual statistics.
Hey Andrew,
I would love to talk to you more about this. I can be reached at: Peter (at)hostwinds.com
Please shoot me an email, if you can provide specific ranges of IP’s where you are seeing issues, that would be very helpful in finding the Spam problems. We are dedicated to eliminating all spam, and not just that aimed at american users.
Thanks so much
–Peter
Thanks for the response Peter, will do.
Thanks for the response, Peter, I’ll be in touch.
An account I actively used only twice (to send out party invitations about 10 years ago) gets the most spam of any of my email accounts. In fact, somebody in Pennsylvania used it to sign up for two auto dealerships and two political officeholder newsletters. If it weren’t for the car dealerships, I’d think somebody was using my address as a fake address. I unsubscribed from all four lists and haven’t received another email from any of them.
How many people have unsubscribed from a mailing list yet the emails from the unsubscribed sender keep pouring in?
I think this has been long known to be true. We have been advised for years not to respond to the “unsubscribe” links because that just verifies to them that the address is one that works. Attempting to get off lists in this manner has generally not been very successful for me.
Oh yeah! All clicking “unsubscribe” gets you is one big confirmation that the spammers got your email address correctly, and you get bombed out of your inbox!!
You have to be careful to whom you reply. “Legit” companies will, indeed, remove you. The scum will not. I have found is isn’t that hard to tell who is who. But as a rule, I no longer get more than, maybe, a spam email or two, every day or so.
Ehh, sometimes the “legit” companies will promptly unsubscribe, sometimes they won’t. It all depends on the responsiveness of whoever or whatever maintains the list.
I’ve been trying for over a year to unsubscribe from a mailing list of a large US-based international business machine company because I no longer use the software the mailing list pertains to.
I’ve unsubscribed using the link on every one of the emails coming from this list to no avail.
Well, Hostwinds is one of the top advertisers on Blackhatworld – a forum that attracts huge lot of email marketers. I don’t see how Hostwinds is denying service to email marketers if their advertising openly invites them.
HostWinds still harbors spammers and ignores complaints. They openly allow SEO tools: http://www.blackhatworld.com/blackhat-seo/hosting/683927-hostwinds-windows-vpss-1gb-ram-starting-8-77-1-gbps-24-7-support-35-off-approved.html
And they go hard at promoting on blackhat forums.
I’d be awfully surprised if anyone at BHW actually paid for the trademarked images from “Man of Steel” in one of their rotating ads.
I guess you should probably know that plenty of SEO tools have legit purposes/uses. SEO doesn’t have to be blackhat. Even the ones that are largely used for that, such as Hrefer or Scrapebox, can be used legally.
Indeed, yet you fail to see that the forum their main advertising is focused on is called Blackhatworld. You’d be surprised to see how many blackhats it attracts. Not only email marketers – even though the forum is advertised as “SEO forum”, you get all sorts of people there – people who ask to hack girlfriend’s Facebook, people who pretend to have lost password to “their” PayPal account and desperately need to get it back, and most of all – people who spam their sites everywhere to get their affiliate commissions for ClickBank, CJ, etc. As for SEO tools themselves – yes, they can have legitimate uses, but the percentage they get used legitimately is low compared to illegitimate usage.
I note that the blackhatworld forum post was from 06-23-2014; could that have been from the period prior to HostWinds conversion?
From the perspective of Spamhaus, HostWinds presently has a single /25 listed as a snowshoe range (http://www.spamhaus.org/sbl/listings/hostwinds.com). Presumably this is being cleaned up as I write this comment.
I had a similar problem with a 24,000-person mailing list. SendGrid solved the problem. I use with with MacMailer software in my remotely-hosted MacMini that is in a rack someplace in data center with fat pipes to several Internet backbones. It has proven to be very reliable and the total monthly cost is much cheaper than the unreliable service I used previously.
I suggest you look at http://www.Sendgrid.com
Hostwinds Autonomous System Number 54290 is on my list of 2200 ASNs in the US (about 10% of all US registered networks) from which all email is bounced, no questions asked. Block all non-US ASNs.
Have a reverse-DNS white-list of about 400 mail relays that are ok (some live in bad ASNs). Despite their strenuous efforts, Google is a major source of spam and so unknown GMail senders are greylisted for 24 hours, giving me time to decide if it’s a spammer or a real person and whether or not to add a hard-bounce rule for them or white-list them.
Anything else is soft bounced and usually converted into a hard bounce after I see the address is garbage.
I receive zero spam, but at the cost of a manually maintained white-list only configuration. Is a sad state of affairs, especially considering how it looked back in 1995 when email really took off.
What I really want is a sender-escrow payment system based on Bitcoin to show up and turn email back into the excellent form of communication it once was. People who know me or who have a reasonable reason to contact me will pay nothing. Spammers can pay me $10 for my time if they can stomach the cost–but I know that not a single one can.
I’ve been on all three sides of this issue. (1) I was in charge of all technical aspects of sending out large amounts of legitimate, opt-in, commercial eMail for an ad agency. (2) I have my own private eMail server at home. (3) I am an individual eMail recipient who hates spam and has been actively involved in anti-spam work.
(1) As someone who sent legit commercial eMail I am appalled at the arrogance of some large ISPs (notably Microsoft and Google) and how they treat the eMail their costomers have requested. On one particularly fine day Microsoft blocked our ad for Lexmark printer ink while allowing real printer ink spam to come into our test email addresses. Etc, etc, etc, etc. At least Microsoft would talk to us sometimes. Google flat out told us that they would decide what is and is not spam, so there was no need to talk with them, and that was that. I am glad I am out of that business now.
(2) As someone who runs his own eMail server I find that many recipient servers block my server (which NEVER sends spam and is on no anti-spam list) simply because its address is in a block of Internet addresses assigned to residential customers.
Of course it is! It’s in my closet in my residence!
(3) As an eMail recipient and anti-spammer I get really tired of ISPs who think it’s OK to filter eMail coming too me. In one particularly ironic case I had ordered airline tickets to go to an anti-spam conference and my ISP blocked them because they were commercial eMail. What?! Fortunately I could fire that ISP and I did.
There is a lot of eStupidity out there.
“Cutting Off a Limb to Save the Body” —
Is that like pulling off a Band-Aid fast? 😉
re: Jeff B: > There is a lot of eStupidity out there.
Here here on that. I’ve had customers who called me because somebody hijacked their email server. After cleaning up the mess and sending requests to all the blacklist services, try dealing with GMail. It’s an exercise in pounding my head against jello. I’m told that Google has thousands of employees. Apparently, none of them have phones. Just try getting off a Google blacklist. There’s nothing you can do about their automated reputation algorithm.
Try explaining that to Gmail email recipients waiting for a critical email that Google refuses to deliver. Very frustrating.
And a shameless book plug – here’s a security book you’ll love featuring email based social engineering as part of a scam to steal millions of credit cards from customers of a fictional Minneapolis retailer named Bullseye Stores. The book website is:
http://www.bullseyebreach.com
And a bonus – a short story on how a spammer gets started:
http://www.bullseyebreach.com/frank-urbino/
– Greg Scott
Ironically, the Canadian address for reporting spam, spam@fightspam.gc.ca , has a spam filter on it.