What's the point of Companies and business saying they dutifully follow the CAN SPAM ACT when they do very little (usually nothing) about 'abuse' of said tasteless pink mass. Is it really to do nothing more than pay lip-service to the Act so as to appear like it's an issue Company "X" cares about? It's ironic that the biggest offender of this is Google; do some research into this and it's soon discovered that there's a loophole in GoogleGroups that allows spammers to use the service as a 'send route' through which they can mass-mail their junk to lists that don't appear to be on GoogleGroups or to which recipient is not even subscribed. That's a pretty serious loophole. Apparently Google has been informed about this (and it goes back a few years) but nothing yet has been done about it (there have been abuse and bug reports sent in to Google that illicit, if the author is lucky, of a canned "thanks for getting in touch/we value your comments" response).
"
Don't be Evil". [sarcasm]Right[/sarcasm]
The problem is that whilst this loophole remains active, it makes spamming worse because it's used as a way to 'authenticate' the route through which the mail has been sent; another ironic point here is that the system is supposed to be employed as a means to prevent spam... but it only does that where it relates to 'fake' addresses and send-routes, it's not designed to recognise spam itself, but the infrastructure through which it's sent. So simply 'spoofing' a googlegroups.com or gmail.com address won't always work if the path it's sent from isn't real. So this junk, being sent through and duly authorised by Google's mailing system, is signed off as legitimate (because it originated from Googles services).
This obviously places an additional level of credibility at the feet of the sender - the message now has a Google stamp-of-approval, even though the most persistent of the stuff will also have different 'Header' details; a Gmail "
From:" and "
Message-ID:" address perhaps, a Googlegroups "
Return-Path:" and "
X-BeenThere:", the former with a random token added for extra annoyance; finally a completely different "
Reply-To:" address (usually the client that's actually paid for the use of the spammers network) all of which will somehow bypass most mail and server filters (that random token is especially good at doing that). If there is an "Unsubscribe" link in the received message, one is of course never supposed to click it, that only confirms that address actually exists and typically results in more spam; never mind the fact that any self-respecting spammer will be using a completely unrelated address (see previous!).
Reporting the stuff to service providers more-often-than-not falls on deaf ears, even though, as mentioned above, their anti-spam policies are usually clearly and proudly written up into their Terms of Service "
we hate spam and act quickly"... Bill O'Rly?. The upside, if this can be seen as being one, is that one can always judge the quality of a business by how it handles support and complaints so would it be remiss of us to not call-them out? And not just Google, or indeed Facebook or YouTube to which spammers usually have profiles touting for business, but also the hosting services and domain registrars spammers use to register their actual businesses?
And why is most of this junk coming from Pakistan right now?
There should really be a list of this stuff somewhere.
