Page Updated Feb. 12, 2003
Front Page
About Us
Spamdemic Map
Listings
Help / FAQ
Info for the:
   Blocklist Admin
   Mailer/Marketer
   Email User
List Management
Articles
Graphics — NEW!
Spamdemic Store
Links
Glossary
Contact Us

 

About Clueless Mailers
Affiliations � Are you affiliated with a marketing company?
CM Motivations � Hey, webmaster— what's in it for you?

Supporting CluelessMailers.org
Linking � Can I link to your site?
Donations � Can I donate money to help keep the site up?
Helping � Can I help maintain your site's pages/database?

Blacklist and Spamdemic Map Criteria
Why Listed � Why have you listed our company/domain on your Blacklist?
Just Unsub � Why don't you just give us your email address so we can remove you?
Why confirm � Why use a closed-loop confirmed opt-in system for my mailing list?
Criteria � What are your criteria for listing a company or domain?
Delisting � How do we get our company's name / domain off your Blacklist?
Downloadable / DNSBL � Where's the downloadable plain text/XML/IP address version of the Blacklist?
Not Listed � Why isn't example.com or Example Spammerz, Inc. listed on the Clueless Mailers Blacklist?
Nominations � Why don't you accept nominations of spammers for the Blacklist or the Spamdemic Map?

Doing Email Marketing Right
Managing a Mailing List � How do I make sure the addressees on my mailing list have really given their permission?
Finding a Clean List/Mailer/Marketer � Why don't you have a list of a "clean" listbrokers/mailers/marketers?

General Spam-Fighting Info
Please Help � How can I filter out spam from...? / Where did the spammer get my address? / Etc....

Stopping mail from spammers / Stopping mail from CluelessMailers.org
Remove Me! � Could you please remove me from the spammers' lists? / Could you please stop spamming me?

Clueless Merchandise
Swag � Where can I buy a poster or T-shirt of that amazing SpamdemicSM Map?

Creating The Spamdemic Map
Map Software � What software do you use to create the Spamdemic Map?
Process Time � How long did it take you to create the Spamdemic Map?
Research � How do you do your research / find all those connections?
Colors Used � Why do you use those stupid colors? I can't tell what's what!
GIF Color Reduction � Can't you reduce the number of colors to two and not antialias the GIF?
File Formats � Why not use a different file format like PNG or SVG?
PNG Tools � Why are you using the worst possible tool to create your PNG?

More Information:
for Blocking Lists and Admins  |  for Mailers & Marketers  |  for Email Users  |
About CluelessMailers.org

Q: Are you affiliated with a marketing company?

A: Nope. No conflict of interest here. The Clueless Mailers site is all about educating mailers, marketers and users, in order to help stop the unauthorized spread of email addresses, and help stop the spam.


Q: Hey, webmaster� what's in it for you?

A: Not a cent, if that's what you mean. All we want is to do is to enlighten mailers, marketers, advertisers and email users about the best practices for mailing list management... and the problems that result when permission isn't proven. Besides, it would also be nice to have an inbox that doesn't get dozens of spams a day... without having to enter into negotiations with unknown, untrusted parties. There's a possibility that we may have to sell some merchandise or sell some ad space to pay for bandwidth, but the CluelessMailers.org concept is definitely not-for-profit... as painful as that sometimes might be.

Supporting CluelessMailers.org

Q: Can I link to your site?

A: Absolutely.


Q: Can I donate money to help keep the site up?

A: Many thanks, but at this time, we're not accepting donations. That may change in the future, though� once we gather enough courage to look at our bank balance!

On the other hand, if you'd still like to support us, you might want to check out The Clueless Mailers Spamdemic Store, where you can buy a poster of the Spamdemic Map... and where you'll soon be able to score other Clueless Swag. Just click here to buy, and help fund our hosting costs!


Q: Can I help maintain your site's pages/database?

A: We're always amazed by the generosity of those who understand the issues... and what it takes to get the word out!

For the moment, the site is being served as static pages created by hand, but we're hoping to build a database solution soon. After we get the first rev of that in place, we may be able to use some maintenance help... but for now, we've just got to muscle it out on our own. Thanks for offering... keep us in mind!

Blacklist and Spamdemic Map Criteria

Q: Why have you listed our company/domain on your Blacklist?

A: All references on the site originate with unsolicited commercial email that's received at two email accounts that are monitored by the CM webmaster. If you have spammed us, or you have provided services to someone who's spammed us, and the abuse continues after repeated abuse reports have been filed, then you may appear on the Blacklist.

But the fundamental reason why your company or domain is on the Blacklist is that you or your clients are consistently sending unsolicited commercial email. Even though your email mail contain a line that says something like "This email is never sent unsolicited," if the recipient didn't ask for it, it's UCE. And the only way to know that the recipient is the one who asked for your email is to use a closed-loop confirmed opt-in subscription system.

If you're not using closed-loop confirmed opt-in, your list isn't "permission-based" � it's "submission-based."

See also "What are your criteria for listing a company or domain?"


Q: Why don't you just give us your email address so we can remove you?

A: Several reasons:

+ The burden of proof of permission rests solely on the shoulders of the sender... not the recipient. If you can't positively prove that an address owner asked to be on your list, you don't have a right to send them email in the first place. Because of this, the only responsible way to manage a mailing list is closed-loop confirmed opt-in.

+ "Spam Extortion Syndrome": "Either you reveal your email address to us, or we'll keep spamming you." If you want to make your company look bad, this is a perfect way to go about it. Again: The burden of proof of permission rests solely on the shoulders of the sender... not the recipient. Remember, the recipient has absolutely no obligation � and probably no will � to surrender their identity or address to an entity that has already begun to abuse their trust through the sending of unsolicited email. With complete closed-loop confirmed opt-in subscription records, you have actual proof of subscription. No more going round and round with users who don't want to � and shouldn't have to � surrender their email address.

+ "Listwashing" doesn't work. Those who file abuse reports against you are generally the people who know how and where to send abuse reports. If you remove the "complainers", that leaves an unknown number of spam victims on your list who may be new to the Internet, and who may have no idea how to deal with the problem. So, all listwashing does is to cover up the problem... Not eliminate it. The solution is to make sure that every recipient actually asked for your email... before you send it. That's simple to do if you use a closed-loop confirmed opt-in system.


Q: Why should I use a closed-loop confirmed opt-in system for my mailing list?

A: Lots of great reasons... Take a look at our page on the Best Practices for Mailing List Management.

Q: What are your criteria for listing a company or domain?

A: Clueless Mailers is interested in examining and educating the rapidly-growing number of spamming mailers and marketers that hide in plain sight... that claim to be legitimate... some of which even serve some Fortune 100 companies. These mailers/marketers say they are "permission-based" but they are in reality "submission-based" since they can provide absolutely no proof that the spammed recipient actually asked for their email. These companies are starting to convince larger and larger advertisers that mailing to "single opt-in" lists is a legitimate marketing tactic (it isn't), and that all of the addresses on their lists are there with the permission of the address owners (many aren't). We'd like these companies to know that in the long term, their policies aren't practical, and aren't definitely aren't ethical. CM doesn't cover spammers that hijack relays and forge headers and such. If it's an underground spammer, they're just too small, and we throw 'em back.

Each of the entities listed on the Clueless Mailers Blacklist has met one or more of these criteria:

1) The entity markets directly to unconfirmed email addresses. Regardless of what a list broker may claim, the mere presence of an email address in a database or on a list proves nothing when it comes to permission. Only the presence of closed-loop opt-in confirmation data directly associated with each address can prove that the addressee truly asked to be placed on a mailing list.

2) The entity provides mailing services to clients whose lists contain unconfirmed email addresses. Mailing services that do not fully vet their clients' lists are allowing spam to be sent through their systems. As mentioned in 1) above, only a closed-loop confirmed opt-in audit trail provides proof of permission.

3) The entity refuses to terminate repeat senders of UCE. Some large "legitimate" ISPs, hosts and mailing services have recently begun allowing senders of unsolicited commercial email to operate from their systems. In many cases, this is likely due to the downturn in the economy, and in the Internet sector in particular. Most of these companies have not acknowledged that they now allow UCE... instead, they have simply stopped enforcing their abuse policies. A service that refuses to terminate spammers also often...

4) The entity provides "list-washing" services to senders of UCE. Instead of terminating those who send unsolicited commercial email through their services, some ISPs, hosts and mailing services now demand that the spam victim surrender their email address in order to stop the abuse. Since the burden of proof of permission rests solely on the shoulders of the sender, and it is widely known that ackowledging your email address to a spammer can sometimes increase the amount of spam received at that address — or can even provide a target for a spammer's retaliatory attacks — the spam victim has absolutely no obligation to surrender their email address. Companies that would have immediately terminated these clients six months ago are now no longer enforcing their abuse policies, and are instead providing a service to the spammer by removing those who understand how to properly report the abuse. This means that educated recipients are removed from the mailings, while countless others who are new to the Internet and/or do not know how to report the abuse continue to be victimized.

And last but not least, every blacklisted company or domain has been involved in UCE that has been repeatedly sent to one or more of the email accounts belonging to the owner of this website. This includes companies that have commissioned the sending of the spam, have provided mailing lists or list management services to the spammer, have allowed spam to be sent via their service, or have provided some other direct support in the sending of or the gathering of responses to spam sent to the CM webmaster's email accounts. Blacklisted entities may also include companies which take no apparent action against their "affiliates," "partners," "resellers," etc. who repeatedly spam and advertise the company's goods or services. These companies benefit directly from spamming, and refuse to terminate relationships with their spamming partners.

After several attempts to enlighten a spam-involved company are ignored or are rebuffed with refusals to perform due diligence in the use of closed-loop opt-in subscription systems, and/or refusals to terminate spamming customers, these domains and companies are added to the blacklist as a last resort. All this means is that all email originating from or advertising these companies or domains is routed straight to /dev/null (oblivion) on the servers administered by the owner of this website.

Each of the entities shown on the Clueless Mailers Spamdemic Map has met one or more of these criteria:

1) The entity has repeatedly sent unsolicited commercial email to one or more of the CM webmaster's email accounts. Note that not every company on the Spamdemic Map has spammed the owner of this website. Read on for more about this.

2) The entity has done business with or does business with any company that is already on the Spamdemic Map This means that there are many entities on the Spamdemic Map that have never been involved in spam sent to the email accounts of this website's owner.

Why is a company on the Map if they're not spamming? Because the purpose of the Map is simply to show the widespread interconnectivity of mailing services and marketing companies, to illustrate the potential for abuse. Due to the fact that many of these companies accept unconfirmed addresses into their databases, and the fact that so many companies have address-sharing "partnership" agreements with so many other companies, once an unauthorized submittor injects an email address into this macro-network of companies and their databases, it is fully possible that the address will never again be free of spam.

The Spamdemic Map hopefully serves as a wake-up call for email users and list managers alike: know who you're doing business with, know their policies and practices, and remember that permission must be granted and documented, not just assumed.

NOTE: The Spamdemic Map always provides a clear system to differentiate between companies that have been involved in spam sent to the owner of this site, and those which have not.



Q: How do we get our company's name / domain off your Blacklist?

A: That's an easy one: stop spamming us or supporting someone who spams us. The way to do that is to remove all email addresses from your database for which you do not have closed-loop opt-in confirmation data.

On the other hand, CluelessMailers.org is totally committed to accurate reportage. We actively solicit comments from marketers, mailers and others about the information on the site. So, if there's some information on the site that you think should be corrected or clarified, please get in touch with us.


Q: Where's the downloadable plain text/XML/IP address version of the Blacklist?

A: The current focus of the Clueless Mailers website is education, not punishment.

We mention particular companies to provide accurate criticism and to encourage these companies to implement the best practices for mailing list management by adopting a closed-loop confirmed opt-in subscription system. Sometimes called "double opt-in", this system is the only due-diligence method for proving and documenting permission. We encourage UCE recipients and mailing clients alike to make a good-faith effort to explain to CM-mentioned companies the importance of � and the practical reasons for � the decades-old Internet standard prohibiting the sending of UCE. And to take the time to explain the tenets and simplicity of using a closed-loop confirmed opt-in subscription system.

Another reason why we don't maintain the list as a DNSBL is that the CM list isn't "live", plus removal is manual, and is subject to the webmaster's demanding day-job schedule. Since it's possible that one or more of the entities listed might start using closed-loop confirmed opt-in, it wouldn't be fair to those reformed spammers if we encouraged admins to download and use a somewhat-static list. (We do encourage all concerned to contact us if any information on the site should be corrected.)

So, to help us maintain our focus, and in the interest of fairness, the Clueless Mailers Blacklist will � for now, at least � remain in its present form.


Q: Why isn't example.com or Example Spammerz, Inc. listed on the Clueless Mailers Blacklist?

A: That could be due to any combination of several reasons:

1) All references on the site originate with spam that's received at a very few email addresses that are monitored by the CM webmaster. In other words, if they haven't spammed us, and they haven't provided services to someone who's spammed us, then they won't be on the blacklist. See also Why don't you accept spammer nominations?

2) If a company or domain that's spammed us deals with spam issues after abuse reports are filed, and there aren't consistent or numerous recurrances, they won't be on the Blacklist.

3) If it's an underground spammer, they're just too small, and we throw 'em back. Seriously... CM doesn't cover spammers that hijack relays and forge headers and such.

4) And since the CM webmaster's addresses get hit with an average of 90 to 120 pieces of spam every day, there's a lot of data and research to deal with in the webmaster's so-called "spare time" (had to look up that term... we heard it on TV once).

See also "What are your criteria for listing a company or domain?"


Q: Why don't you accept nominations of spammers for the Blacklist or the Spamdemic Map?

A: Because the info here isn't meant to be encyclopaedic (but we do love that word). The site's focus is on the spam received by one person, and the connections that create a potential for massively-increased abuse. We think that the fact that all of this abuse and potential abuse is/could be aimed at a single user � in fact, any individual user... well, that makes the case more clearly and dramatically than if we mixed our experience with others'. Not to mention the fact that the CM webmaster is already up to his eyeballs in spew to research. But... we reserve the right to change our minds about nominations in the future. We're nothing if not flexible.
Doing Email Marketing Right

Q: How do I make sure the addressees on my mailing list have really given their permission?

A: For info how to ensure permission, see our guidelines on Best Practices for List Management.

Q: Why don't you publish a list of a "clean" listbrokers/mailers/marketers?

A: We don't provide any "positive" listings for several reasons:

First is a perceived conflict of interest. Many members of the spam-fighting community would never believe that a legitimate anti-spam website would ever endorse or even positively characterize any email marketer or list broker without having some sort of financial interest at stake.

Second, a list of "white hat" list brokers may well be impossible to compile, since virtually all companies that provide lists that use true confirmed opt-in (sometimes called "double opt-in", or "DOI") also provide lists that are single opt-in ("SOI"). SOI lists are compiled without securing proof of permission, and those lists are often dirty.

In short, it's virtually impossible to find a rentable/buyable SOI mailing list that can be 100% safely and responsibly used. On the other hand, if you can find a high-end company that provides rental of DOI lists, and that company has a very long history and a very clean reputation, you might consider using them. Do your homework. Google a lot. Search the anti-spam discussion groups.

However, the cleaner the list, the more expensive it is, and a small-business person should not expect to find anything eminently affordable.

Remember, though, that there probably does not exist a list broker/marketer that has not been reported for spamming, rightly or wrongly.

List brokers and marketers constantly buy, sell and trade email addresses. Many of those entities are buying and selling addresses for which they have zero proof of permission — buyers have simply taken the word of the list seller that everyone on the list wants to get commercial email. These buyers resell those addresses, and so on.

This means that the overall mailing list pool is utterly polluted with unethically gathered addresses. Because of this, we strongly recommend that you re-think your marketing, and find an avenue of contact/promotion that does not include renting or buying mailing lists of any kind.

Remember: the vast majority of businesses in existence � and the vast majority of Internet-based businesses � do not use direct email marketing that uses rented or purchased address lists. These businesses � including some of the most successful anywhere � know that the risks are too great.

To illustrate... Clueless Mailers monitors two "catch-all" email accounts at two domains. These accounts receive between 250 and 300 pieces of spam per day, sent to real, harvested addresses and generics like "info@" or "webmaster@". The vast majority of these spams are from so-called "legitimate" sources that have supposedly acquired their addresses via some permission-based process. Some even claim some sort of "verification" of permission. The truth is that these "light-of-day" spammers have bought or rented so-called "single opt-in" mailing lists which are filled with addresses harvested from Web pages, Usenet newsgroups, discussion boards, etc. It's also very possible that many of the addresses were injected into the address pool via "co-registration" schemes in which a scammers buy a "Millions" CD of harvested addresses and submit address after address to the co-reg network, collecting a cash bounty for each one.

The only safe way to acquire addresses is by building the address list yourself, using closed-loop confirmed opt-in, either through submissions via your own website, or by using a unique-token system to confirm any address list you may have gathered via real-world contacts like trade shows, email sent in response to magazine ads, etc.

If, however, you feel that without direct email marketing, your business will collapse, many peoples' financial lives will be ruined and the result will be the end of western civilization... then insist on using a closed-loop confirmed opt-in / DOI list from a list broker with a sterling reputation. Insist on auditing the database for proof of permission... and that means more than just an IP number, a timestamp, and a webform URL.

For more info on closed-loop confirmed opt-in and how to ensure permission, see our guidelines on Best Practices for List Management.

General Spam-Fighting Info

Q: How can I filter out spam from...? / Where did the spammer get my address? / Etc....

A: The Clueless Mailers site is focused on a few particular problems, and can't really provide general support. We do offer some suggestions for keeping your address out of the hands of spammers, but for general spam-fighting subjects, there are other sites, message boards and newsgroups that are more approriate forums for questions (we hope to have some links soon...). We (I) also don't have the time or resources to answer general spam-fighting questions... So we apologize for not answering those sorts of questions submitted to the CM site.

Stopping Mail from Spammers /
Stopping Mail from CluelessMailers.org

Q: Could you please stop the spam?? / Could you please stop spamming me??

A: We aren't spamming you, and we can't remove you from anything. CluelessMailers.org is an anti-spam website. Either you found us after a web search for the name of a spammer, or some spammer has disguised their spam to make it look as though it came from us. Since we didn't spam you, we can't remove you fom any mailing list, so please don't send us a "remove" request. We also strongly recommend that you DO NOT contact a spammer and ask for removal. For more on that, click here.

Clueless Merchandise

Q: Where can I buy a poster or T-shirt of that amazing SpamdemicSM Map?

A: We're glad you asked! After lots of requests, we've finally produced a poster version of the Spamdemic Map, and we've made it available at The Clueless Mailers Spamdemic Store! Just click here to buy.

Unfortunately, T-Shirts of the Spamdemic Map would be impractical, since the text would be much too small to read. But we're currently developing T's and other items with various Clueless Mailers / Spamdemic / anti-spam themes. So stay tuned!

Because the CM site is non-commercial, and traffic to and from it is increasing, your purchase of Clueless Swag will help us to pay for our hosting and extra bandwidth.

Creating The Spamdemic Map

Q: What software do you use to create the Spamdemic Map?

A: Nope, it's not Visio, it's not output from some exotic visual database... It's good old Adobe Illustrator, a heck of a lot of anal-retentive fiddling time, and way too much Dr Pepper.


Q: How long did it take you to create the Spamdemic Map?

A: Oh, who knows. Way too long. Never tracked the hours. And if we had written them down somewhere, we'd probably never show them to anyone, lest the friendly young men in the clean white coats be sent our way.


Q: How do you do your research / find all those connections?

A: It all starts with one piece of unsolicited commercial email... Then another, and another. Using domains and IP numbers found in the headers, determine the mailing service. With text from the body of the message, we determine who the advertisers and/or marketers are who commissioned the mailing; we also take apart the response links or even click on them (when it's privacy-safe) to find out who some anonymous advertisers and marketers are. Using the response links, we connect the advertisers and marketers with with the services that process responses. After we come up with the companies involved, we just read each one's website and learn who their partners are. We also love to Google. There's no proprietary information on the Clueless Mailers website. All of the info here is from published sources available to the public via the Web, via traceroute, and via WHOIS... or the information is taken directly from the spams received at the inboxes that CM monitors. All of this information is then poured directly into Clueless Mailers' exclusive Spamdemic Cross-Referencing Unsolicited Nuisance Connection Heuristics Engine Reloader(TM) (SCRUNCHER), where it is combined with a few hundred Dr Peppers and a lotta love, baby... Resulting in the frightening circuit-board-like diagram that is the Spamdemic Map.


Q: Why do you use those stupid colors? I can't tell what's what!

A: Well, the Map didn't start out to be a monstrous 800+K file with hundreds of names, and the .GIF format worked great back then. And we wanted to use as few colors as possible to keep the images size down. Having done information design for a while, we figured that black should be the most-frequently used color. Since the entity shapes � and their labels � make up most of the Map, and most of those have been involved in UCE, those became black. Basic connection lines were initially made black to associate them with UCE activities (and to keep the number of colors down), but the types of connection lines have increased and changed since then, and they do need a little differentiation. At the moment, we're kinda painted into a corner by the scale of the image, so we're going to either have to make a 90-degree turn into some sort of visual database system, or use Flash and Generator or something... or just keep using good old Adobe Illustrator. But if we're going to move an interactive version soon, we're just too lazy to make radical changes to the Illustrator version if they're going to get trashed. Hey... even we need a life!


Q: Can't you reduce the number of colors to two and not antialias the GIF?

A: Believe us� we've tried all sorts of color levels. Reducing the number of colors to two makes the green ownership lines look like everything else; non-spammers look just like spammers; and the type is � how you say � unreadable. (Details, details.) Plus, future versions of the Map will probably need more colors, not less, since there will be more types of info presented.

Not to mention the fact that black and white just don't make Spammy the Clown(TM) look very attractive. (He's a real whiner, so we don't want to give him any excuses to call his agent.)


Q: Why not use a different file format like PNG or SVG?

A: PNG? Good idea! Thanks! We've replaced the 874K GIF with a 684K PNG already. As for other formats, SVG is a possibility. But we may end up implementing a fully interactive Flash (or other visual tool) version that's generated from a live database, with a display that resizes and crops itself at the viewer's command, and which rearranges itself automatically as the data changes.

Well... in a perfect world, at least.

Thing is, the Map currently only holds a fraction of the information that it eventually will. It's going to take some novel tactics and a lot of Dr Peppers to keep it up-to-date and usable at the same time.

In truth, we just figured a few hard-core anti-spammers would wander by the site once in a while. We never expected to get SlashDotted (or, as CM's FutureQuest.net admin said when he called us, "Nobody expects the Spanish Inquisition.")


Q: Why are you using the worst possible tool to create your PNG?

A: Photoshop is on our machine, and we use it every day. Okay, yes, the PNG isn't optimized. Give us a break. It's our first PNG. We may investigate tools for making the PNG smaller... but it may be more efficient to implement a totally interactive system based on something other than bitmapped graphics. Don'tcha think?