An interesting drama played out last week at the Word to the Wise Web site. It started as a jibe about a sloppy spam email–the kind all of us have received from time to time–and ballooned into a revealing investigation into how AARP marketing dollars are used to subsidize spammers.
Laura Atkins, the founding partner of the anti-spam consultancy and software firm that sponsors the Web site, got the ball rolling when she heaped derision on a spam message she received from the senior citizen organization.
“Oh, of course they didn’t send me spam,” she wrote, “they hired someone who probably hired someone who contracted with an affiliate marketer to send mail.”
“I’m not surprised,” she continued. “A lot of legitimate and responsible and well-known groups hire spammers. They’ll argue they prohibit spam in contracts with affiliates, but the verbiage in the contract only means anything if they choose to enforce the no-spamming clause. Many of them don’t.”
Her remarks spurred a typical ad hominem attack from a commenter called Chilli, who had a spammer’s mastery of spelling and grammar. “Do you also believe that all those spam messages for Rolex watches are somehow from Rolex too?” he asked. “This isn’t from AARP this is a SPAM that’s been going around for years now. Did you bother looking into the source code to see where it sends you? My guess is it aint [sic] AARP…Do you know what your [sic] talking about?”
As bloggers are wont to do once a commenter throws down the gauntlet, Atkins returned fire with both barrels blazing. First, she revealed that the commenter’s point of origin was suspiciously from an IP address allocated to the AARP. (Her colleague, Steve Atkins, later maintained that Chilli was one of AARP’s interactive advertising managers.)
Next, Atkins explained how the links in the spam message led her through a maze of Internet paths to a Web page that looked as if it was on the AARP Web site. Even the URL had an AARP address. The real address, though, was hiding by an <encodedlink> statement. “If you pull off the encoded end of the link and just go to aarpmembership.com,” Atkins explained, “then you get a 403 forbidden message.”
“That’s what spammers do,” she added, “put up partial Web sites to collect information. They don’t bother mirroring the customer’s whole Web site, they just put up a form to collect information.”
Atkins’ retort, though, wasn’t swallowed by all her readers. Justin Coffey did some research of his own and found that aarpmembership.org was registered to a company called sendtec.com. According to the Tampa Bay Business Journal, SendTec is a direct response marketing company located in St. Petersburg, Fla. The whois information on the aarpmembership.org site points to Texas, Coffey explained, while the whois information for AARP’s domain–aarp.org–points to Washington, D.C
“I think there is a fair amount of evidence that suggest these two companies have nothing to do with each other and five minutes of detective work on your part would have helped you figure that out,” Coffey wrote to Atkins. “I think perhaps a mea culpa is order.”
No mea culpa was forthcoming. Instead, Atkins’ partner Steve laid out the long tail of culpability that led to AARP. He explained how the organization hired SureClick to generate “qualified leads.” “They pay affiliates to drive traffic to their AARP membership signup page,” he wrote. “I’m not sure exactly how much they’re paying for each signup, but it must be more than $12 as that’s how much SureClick’s affiliates are, in turn, offering to pay their affilliates.”
One of those affiliates was OfferWeb. But the trail doesn’t stop there. OfferWeb hires its own affiliates to drive traffic to its landing page. One of them was the hard core spammer that sent the original message that fired the discussion on the Word to the Wise blog. “This guy,” Steve Atkins declared, “apparently based in Utah but spamming from a machine hosted in Pennsylvania, is doing everything he can to avoid his spam being recognised and blocked, using dozens of domains and IP addresses and sending messages stuffed full of hashbusters that have hardly any text, just images, to try and hide from spam filters.”
So the spammer does his thing. When he gets a guppy to respond to his email, he passes them to OfferWeb, who passes them to SureClick, who passes them to AARP. Then money travels in the opposite direction.
“It’s the advertising budget at AARP, and hundreds of companies like them, that makes this sort of spamming worthwhile,” Steve Atkins concluded.