Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: InfoSec Handlers Diary Blog - Security people shouldn?t pay the "spam support system" for email lists to send SPAM InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Security people shouldn?t pay the "spam support system" for email lists to send SPAM

Published: 2010-05-25
Last Updated: 2010-05-25 16:51:09 UTC
by donald smith (Version: 1)
4 comment(s)

Yes this is a pet peeve of mine. I am not going to out the various security companies that do this but when I get SPAM from a “security company” I often report them to their ISP for AUP violation and attempt to educate the SPAMMER who sent the SPAM.

I recently replied to one of the many such SPAMs I received.

They were advertising a Security & Risk Management Summit taking place in Washington, DC.
I asked how they got my email address and was told they buy their lists from various sources.  I explained that by buying those lists they were feeding the spam support system. They didn’t respond to that comment so either they already knew and don’t care or felt it was justifiable.

I recommended that they ONLY use doubly opted-in lists. (Ones that you opt-in to and get an verification email sent to you to ensure someone else didn’t opt you in).

They did provide an opt-out option and when confronted stated that they were can-spam compliant. If you’re a security company and you send me SPAM expect me to respond and request termination of your service for AUP violation!


 

Keywords:
4 comment(s)
Diary Archives