KNTV's Scott Budman reports on "tracking a spam" in a joint MSNBC.com-KNTV investigation.
By Bob Sullivan Technology correspondent
msnbc.com

There wouldn’t be spam if there wasn’t money in spam. So to understand what primes the spam economy, MSNBC.com answered a single unsolicited commercial e-mail. Following this one spam trail led us from Alabama to Argentina, from a tiny Birmingham-based firm and someone named “Erp” past a notorious spammer named Super-Zonda — and right through big-name companies like Ameriquest, Quicken Loans, and LoanWeb. And that’s just the beginning. The truth about spam is this: While the dirty work is done by secretive, faceless computer jockeys who are constantly evading authorities, lots of companies with names you know profit, at least tangentially, from their efforts.

“Don't miss the lowest mortgage rates in history!” screamed the e-mail, which urged recipients to visit a Web site to ask for more information on a new home loan. It claimed to be from “Gay Helms,” but the e-mail address looked fishy — m58ycxx@yahoo.ca. Its e-mail headers revealed the note started its life, not in Canada, as the e-mail address suggests, but in Argentina, sent from telecom.net.ar. That’s a sure sign of spam. And, for good measure, it included an infographic on mortgage rates stolen from MSNBC.com.

Later, with the help of spam-fighting firm Message Labs Inc., we would learn that e-mail headers in the note indicate it was sent from an IP address range known to be used by Juan Garavaglia, also known as “Super-Zonda.” Garavaglia is believed to send out some 30 to 40 million spam each day.

But we started with just one.

We clicked on the link and were transported to a Web page at LWSMortgage.com, where we filled out the form with traceable, fake information and waited to see what happened to our data.

Four days later, four companies sent us an e-mail indicating they knew we were looking for a new mortgage: Ameriquest, Quicken Loans, LoanWeb, and Ivy Mortgage, a small mortgage broker based in North Huntingdon, Penn.

But none of those companies sent the spam. So how did they get our information?

One of two ways: They either bought it through third party companies called “lead generators,” or paid third-party contractors called “affiliates.”

Lead generators 
Lead generators are behind-the-scenes Internet companies that get lists of consumers they say are interested in a new mortgage. For each neat package of data provided to a mortgage company, which includes name, phone number, address, amount of loan desired, current home value, and other information, lead generators earn about $20. That’s a small price to pay for a potential $1,000 profit off a new loan, said Ivy Mortgage branch office manager Brian Jolen, who couldn’t track our data precisely, but said his company does buy from lead generators. “Actually, it does work.”

And it works for spammers, too, who basically split the profits with lead generation companies. It’s the ideal spam business, said one former spammer who requested that his name be withheld. Retail sales through spam, like hawking Viagra and getting tiny per-purchase payments, are hard work. But convincing a consumer to simply fill out a form is much easier.

“What always seems to sell well and will always, I know it sounds stupid, are loan leads. People respond to that. They say, ‘What the hell,’ ” the former spammer said. “I got $10 to $12 per lead. That’s good.”

The process also creates plenty of distance between the mortgage companies and the spammers. In their initial e-mails, all four mortgage firms were generally vague about how they got our information.

“I was notified by one of our vendors, probably off the Web, that you would like information regarding a home loan,” wrote an Ameriquest representative.

Quicken Loans was more specific, but inaccurate.

“Thank you for requesting more information from Quicken Loans through our Web site,” the firm’s note said.

Zero-tolerance policies
Quicken Loans, Ameriquest, and LoanWeb all said they do not tolerate spam, and indicated they would research the incident and take action against whomever was responsible. But only Quicken Loans revealed exactly where it had purchased our information.

It came from Mleads.com, a mortgage lead generation company.

Mleads attorney Derek Newman said the firm doesn’t tolerate spam, and is “careful about policing affiliates.” Indeed, after a little research, Newman was able to fill out the picture of our spam’s history, and he said the offending affiliate was immediately canned.

Newman said the initial mortgage lead was generated by an affiliate of an affiliate of Mleads, a Birmingham, Ala., company named IC Marketing and a man who goes by the name “Erp.”

After IC Marketing received our data, it sold our information to a firm named Infoclear Marketing in Dallas, which then sold it to Mleads, which in turn sold it to Quicken Loans, according to Newman.

Infoclear immediately terminated its contract with IC Marketing when it heard about the spam offense, said Patrick Thurmond, who identified himself as a founder of Infoclear. Thurmond says such multiple layers of resale are common in the lead business.

Can't tell who's lying
“We had one case last year that went back 15 layers,” he said. “You don’t know who’s lying to you and who’s not.”

“Erp” — who refused to provide his real name — said he didn’t sell our information directly to Infoclear. Instead, he actually sold our data to a man named Rich Nolan, who operates Yourleadsource.com in Colorado Springs, and Nolan sold it to Infoclear. Nolan confirmed the assertion in an interview.

But Erp said he wasn’t responsible for the original e-mail, either. He said he bought it from someone else, who in turn bought it from someone else, who in turn bought it from an e-mailer based in China. He didn’t provide contact information for those layers.

IC Marketing doesn’t send out spam, Erp insisted — his firm merely resells mortgage leads, gleaning 25 cent or 50 cent profits for each lead sent up the food chain.

Such is the messy world of affiliate marketing. Jeff Hain, director of marketing for LoanWeb, blamed his firm’s involvement in the spam on an affiliate who acted outside the company’s policies. The Internet is full of such arrangements, first popularized by Amazon.com years ago. Small Web sites that push traffic and business toward a larger firm get a small slice of the profits. It is often tempting for affiliates to send out spam to create such profitable traffic.

“We have thousands of affiliates out there,” Hain said. “When we get complaints, we ask the list owner to provide us with an audit trail,” including the date and time the e-mail recipient signed up with an opt-in list.

System relies on complaints
But a system that relies on complaints only works when consumers doggedly hunt down spammers — and their beneficiaries. Few consumers would go to the trouble of creating a fake persona to track down the true benefactor of a spam message. Barring that, the affiliate can get away with it.

In fact, despite all the noise about spam, actual consumer complaints are rare, says Jim Gregory, who managed spam abuse issues for Internet service provider Slingshot.com.

“We had one guy sending out 1 or 2 million spam a day, and we’d only get 40 or 50 complaints,” he said. And that’s just a complaint about the spam e-mail itself — which would never make it to the legitimate commercial company like LoanWeb, the ultimate beneficiary.

Mortgage companies are hardly alone in the murky world of the spam economy. Such out-of-control affiliates are frequently used to deflect criticism against all kinds of unsolicited e-mails.

Blame the consumer 
Another popular deflection tactic — blame the e-mail consumer.

When e-mail recipients call a retailer to complain, the usual reply is, “you must have joined a mailing list for one of our partners at some point.” Again, dogged patience is required to insist that the firm provide an “audit trail,” which shows exactly when that e-mail address was subscribed to a list.

That was MSNBC.com’s experience with Kraft’s Gevalia Kaffe, one of the most popular retail e-mail commercials in circulation today. Gevalia is subscription-based coffee product sold by Kraft on a Web site, Gevalia.com. Spam abuse mailing lists are full of complaints about e-mails urging people to try the luxury European coffee, which includes an offer for a free coffee maker.

The e-mail offers arrive many times each day at MSNBC.com. After about a month’s worth of requests for information, Kraft still hadn’t produced an audit trail for the e-mail. But it did say it works hard to prevent its affiliates from sending out spam.

Through an e-mail interview, company spokesperson Abbe Serphos said, “Gevalia has no tolerance policy regarding SPAM, and we have strict policies in place that govern our e-mail communications to consumers.” Some affiliates have been dropped for breaking those rules, she said, but she wouldn’t elaborate.

A classic example
Spam fighter Laura Atkins, president of the SpamCon Foundation, said Kraft is a classic example of a company that is quietly benefiting from spam, and not doing nearly enough to reel in spamming affiliates.

“They are violating California state law and they don’t care,” she said.

There is only one effective way to stop out-of-control affiliates, said Dan Clements, who once operated an Internet advertising network that had several run-ins with affiliate spammers: Legal action against companies that benefit.

“The way to stop the spam is to subpoena the beneficiary site,” Clements, who now runs credit card fraud prevention site CardCops.com, said. He actually received such a subpoena once, and said when he was forced to give up contact information and bank account information about his affiliates, “They scattered like rats.”

ISPS makes money, too
An entirely separate set of companies also benefits from the spam economy — Internet service providers who carry their traffic.

Well-known spam nemesis Ron Scelson filed for bankruptcy earlier this year, and a review of bankruptcy documents shows he owes Bell South $56,463 for “circuits” and Cable & Wireless another $4,407 as his “Internet provider.” Neither company responded to requests for information about the bills.

But it’s hardly the first time a big-name Internet provider has been caught in a deal with a spammer. In an embarrassing incident for both AT&T and PSINet three years ago, both firms were caught as participants in secret “pink contracts” with spammers. Long suspected in the spam world, the revelations exposed pink contracts as sweetheart deals for the Internet firms, designed to protect spammers. ISPs get premium, well above normal rates, to sell bandwidth to known spammers. In exchange, the ISP agrees to suffer more than normal complaint rates. In PSINet’s contract, revealed on News.com, the firm received an upfront payment of $27,000 from Cajunnet, a marketing firm based in Slidell, La. In exchange, PSINet agreed to permit Cajunnet to send unsolicited email “in mass quantity” through PSINet’s lines.

‘'Many more' out there
No such embarrassing pink contracts have been disclosed since 2000, but many spam experts say they still exist — either formally or informally.

“There are many more rumored to be out there,” said Ray Everett-Church, chief privacy officer for ePrivacy Group. “There are companies that have had more than enough complaints about a current customer to know some are engaged in massive spamming and yet they remain connected for weeks and months at a time. ... It’s evident somebody is either not doing much research before they sign people up, or in the worst case, they are just flat out ignoring complaints.”

But the problem doesn’t have to be that sinister, said Gregory, the former ISP spam hunter. The problem is often just a question of resources, he said — ISPs have a much larger sales staff than network abuse staff. One major ISP often only had one staffer working in the spam complaint department, he said.

“They have to argue for resources all the time,” he said. By default, spammers can get away with it for weeks or months, he said.

The struggling economy, which has hit Internet service providers particularly hard, has tempted some ISPs to take the tainted money, Everett-Church said.

“You’ve got a lot of sales forces being approached by folks willing to pay a little extra for reliable connectivity, and looking the other way on contract provisions enforcing antispam rules to keep getting paid those premiums.”

Gustavo Monserrat, who fights spam at Argentina’s Telecom — the ISP where the mortgage spam cited at the top of this story began its life — admitted as much in a post to the spam abuse Internet newsgroup in May.

Quick return
“Many customers have been unplugged due to spam reasons and due to a system’s issue some have rebought our services under different names/credit cards/phones,” he wrote. In “one case, we actually separated a customer from our network but hours later our money-thirsty salesmen sold him the service again.”

In a follow-up e-mail, Monserrat said his company has new procedures in place to stop spammers from re-upping with his ISP once they are disconnected.

But in a struggling economy, the premiums that spammers will pay can be hard to resist, said Spamhaus.org’s Steve Linford.

“Most of the ISPs are good to their word and are fighting it very, very hard,” he said. “But as you get into the larger ISPs, especially those that are in any form of financial difficulty, the engineers, abuse staff and technicians all want the spammers off the network, but you have the sales staff looking at the money. … The engineers will be fighting internally with the sales managers, but of course the sales managers always win.”

So with money always there to prime the system, spam won’t stop, said one small-time spammer MSNBC.com interviewed. In his mind, there is only one solution: Consumers have to simply stop answering spam, making it finally not worthy anyone’s while to send it.

“The only thing that’s going to make spam go away is if people do not respond,” he said. “When e-mail first started, you could send out 50,000 e-mails a day and make money. Now you have to invest a lot of money and time, you get a return rate of less than one-tenth of one percent. One day it will become so you can’t send enough to make any money. And that’s the only thing that will stop spam.”

MSNBC’s Mike Brunker contributed to this story.

© 2013 msnbc.com Reprints

Discuss:

Discussion comments

,

Most active discussions

  1. votes comments
  2. votes comments
  3. votes comments
  4. votes comments