The Story of "Nadine" -- A Tale of Mailing Lists

Years have Passed... 2018

Harris Polls

When I joined the staff at GreenArrow in 2014, I was surprised to discover that one of my new deliverability consulting clients was one of the old villains in this adventure, Harris Polls. In addition to spamming Nadine, they had sued my employer at the time (2000), which operated a spam blocking service that had made things difficult.

Harris had undergone a number of changes in their business model and mailing practices and had also been acquired by Nielsen in the process. 

Rather than spamming purchased lists, they have adopted a very different recruiting strategy for poll participants,  They are now so thorough in checking and verifying registrants that my attempts to enter a seed (test) account there were flagged as fraudulent by their security system, and eventually my own IP address was locked out of their system as a likely fraudulent signup source.

Suffice it to say that Nadine hasn't heard from them in a long time.

"Snowshoe" Spammers

The new vogue for advertisers of relatively legitimate products and services is "snowshoe" spamming, in which the sender frequently changes domains and network addresses to avoid having their traffic classified as spam because of filters, blacklists and block lists.  They have to step lively -- over 85% of the snowshoe spam Nadine receives is marked by the server as spammaceous.  On a few occasions, my check revealed that, had the message arrived a mere two minutes later, it would have been tagged as snowshoe spam.

That notwithstanding, Nadine has her pick of walk-in tubs, medical plans, rain gutter protection, woodworking plans, training in the medical billing field, cruises, and of course viagra.

One entertaining sender is the "Try My Solutions" group that claims to have a physical address somewhere along E. Josephine Street in San Antonio, Texas.  It apparently dawned on them that including a distinctive email address ( for unsubscribing presented a juicy target for spam filter writers, so now they use a link to the domain-of-the-hour.  Alas, they failed to notice a couple of other things that make their stuff instantly identifiable. Another problem they have is that the lists they bought also include spam trap addresses such as, which means that most of their sending IPs (in the Netherlands, Germany, Turkey, California and Texas) wind up instantly added to the local server's penalty bin for anywhere from 1 day to 12 days.

Zombies, Always Zombies -- Scams and Phishes

On this date (05 Dec 2018) Nadine has just received the fifth announcement this week that her account has been hacked, and her PC's camera activated to make recordings of her personal activities when visiting porn sites. Absent a Bitcoin payment (the going rate varies from US$250 to $996) these videos and her browser history will be forwarded to everybody in her email address book.

A dire threat to a woman who would now be in her late seventies if she hadn't died a few years back.

This latest piece was delivered by a compromised personal computer in Laos.  The previous two came from Brazil and Viet-Nam. 

By this time, you would think that all those intrusive hackers would have noticed each other and started duking it out over who gets to take home the bitbux.

Most of the Lonely Russian Girls looking for a quick intercontinental sexual encounter arrive from zombies, to nobody's surprise.

Advanced Fee ("419") Fraud

This is still a major industry, with many more alleged players beyond widows of politicians and defalcating Nigerian bank officials.  A significant portion of these now come through major freemail services (Yahoo!, Gmail etc) but some of the senders appear to get their money's worth buying botnet bandwidth.

Dictionary Attacks

Nadine has recently attempted to log in to her account from at least 41 countries; in one recent episode, in a single day, she attempted a beyond-the-grave authentication from over 350 different compromised computers worldwide.