Skip to content

Category: Spam

TrueCar.com Violates the CAN-SPAM Act

Update 4.23.15: I received a promotional email (spam) from TrueCar.com today, even after I was assured that they had unsubscribed me! I let them know by responding to their tweet from 3.31. They asked me to DM them about it, and they requested me to forward the email I received so that they could investigate an apparent “bug” in their system. The person on the other end of the twitterator said they I was indeed unsubscribed, so they weren’t sure what was going on. I’ll keep you all posted!

Update 3.31.15: TrueCar tweeted me today, saying that the issue I describe below is a display issue of some sort. They assured me that I was in fact unsubscribed from their email communications.

Thanks for looking into the matter, TrueCar.com!

—————

I run across this sort of thing all the time: companies that violate the rules of the US CAN-SPAM act, the law that is intended to protect consumers from unwanted email. If I have time, I stop to email companies I find violating the law to kindly point out what they are doing wrong. Call it some sort of self-satisfaction, Robin Hood vigilantism, or pure geekish annoyance, but I can’t help myself sometimes. Here’s one I sent today to TrueCar.com.

To: [email protected]
Subject: True Care website feedback

Hi, I noticed that when I go to “Subscriptions” in my profile, there is an issue with unsubscribing from emails.

If I uncheck all subscription options, then check “Unsubscribe from all,” then click the Save Changes button, it says my options have been saved.
However, if I go to another page and return to “Subscriptions,” the “In-stock offers from your dealers” button is checked again. How is that “Unsubscribing from all?”
You guys might want to fix that, as it violates the US CAN-SPAM act.
Thanks,
Will
Sneakily re-subscribing me to a category of emails, after I have specifically opted not to be a part of it anymore, is blatantly in violation of the CAN-SPAM act. Particularly, the part that says, “You may create a menu to allow a recipient to opt out of certain types of messages, but you must include the option to stop all commercial messages from you.”
Yes, they include that option, but it doesn’t seem to fully work.
I will let y’all know if I hear anything back.

Bellsouth Rejects Email

For two years, I have battled with this issue of Bellsouth.net (and AT&T in general) blocking email from any domain hosted on my web server.  I set up all kinds of security precautions, set up SPF records, and ran all sorts of tests in order to subdue the fears that somehow my server was being used as an open relay for spam.

I was so sure that it was all correct, and was so frustrated that the problem wouldn’t go away.  It only appeared to happen with Bellsouth addresses.

I used the AT&T Unblock request twice, which helped for a short time, but I would soon find email being blocked again and many of my hosted clients complaining.

But today, scouring through the CPanel user forums, I discovered the cause and solution!

I had a hosted client who wanted me to forward all of her email to her Bellsouth account a couple of years ago.  I did this, and then she soon complained that she wasn’t receiving any email. I never stopped to consider the fact that the forward itself was the cause of the problem, and that Bellsouth thought that there was spam being relayed from my server!

So, I have removed that forwarded email account (got her to set up a GMail account), have re-filed a request with Bellsouth to unblock my server, and all should be good again.

I hope this helps someone out there!

Captchas. No, I didn’t sneeze.

Are captchas annoying to you?  They are to me.  I probably fail at solving them about 15% of the time, which is far too often for my liking.  They get annoying, and as spammers find ways to automate solving them, the captchas continue to get more difficult to read.

Someone who knows a lot about combating spam, and has done a pretty darned good job at it, Matt Mullenweg, suggests in a recent Guardian article that “…Captchas are useless for spam because they’re designed to tell you if someone is ‘human’ or not, but not whether something is spam or not.”  I would have to agree.

There are many efforts to improve upon Catpchas, such as the 3-D Captcha.  In my opinion, this is just making things more complicated than necessary, and would be difficult to implement easily on a typical blog or contact form.

I run about 6 to 8 blogs (depending on my mood from week to week), and have been reluctant to use Captchas on any of them, partly out of usability concerns, but also because they are so easy to fail.  Instead, for my blog comments, I rely upon Mullenweg’s own Kismet spam system.  This feature is built into WordPress blogs, which makes it a breeze to set up, and I am constantly amazed at the loads of spam comments that it stops.

As Mullenweg suggests, focusing on the content rather than the submitter, is the way to go in the long term, and Kismet is great at doing that.

However, I also rely on a simpler test to determine if someone is a human or not mainly because it’s not as annoying as a Captcha, and it prevents a lot of spam comments from making it through in the first place.  It’s easy to add a basic question to a form which must be answered correctly in order for the form to be submitted succesfully.  Questions could be as simple as:

  • What color is an orange?
  • What is 3 plus 3?
  • How many wheels does a car have?

There is a great WordPress plugin which provides this capability and is relatively easy to set up called the Secure and Accessible PHP Contact Form.  If you run any WordPress blogs, I recommend you try it out.

By having a list of simple questions that are randomly selected to appear on your forms, you can stop automated scripts from filling out your forms quite easily.  This, combined with Kismet, a content-based filter of what gets submitted, will pretty much stop spammers in their tracks without creating a hassle for your visitors.