Subscribe to RSS News Feed
About Spamhaus  |  Press Office  |  FAQs   
The DMA kicks spam up a notch

2013-10-27 06:24:33 UTC, by Steve Linford
Recent News Articles

Network Hijacking on the Rise

Subscription Bombing: COI, CAPTCHA, and the Next Generation of Mail Bombs

More Domain Stats: The 10 Most Abused Registrars

SBL/ZEN DNS lookups to return DROP/eDROP status

Spamhaus Presents: The World's Worst Top Level Domains

Verizon Routing Millions of IP Addresses for Cybercrime Gangs

Brazilian internet users suffer SoftLayer's security fail

Network under attack? You might be surprised where that's coming from!

Older News Articles:
Spamhaus News INDEX

Spamming is always bad, but it is just plain foolish to spam addresses at While Spamhaus SBL listings are based on much wider views of spam than our own mailboxes, our mailboxes can tell us what we should look for. So when over the weekend the U.S. Direct Marketing Association (DMA) decided to spam, it would have been wiser to leave Spamhaus founder Steve Linford's email address off the list.                                                                                                                                    

Below is copy of the email headers from this spam:

Return-Path: <>
Delivered-To: <{Personal.Address}>
Received: by with SMTP id w4so2931323qcr.26
        for <{Personal.Address}>; Sat, 26 Oct 2013 09:18:10 
-0700 (PDT)
X-Received: by with SMTP id o6mr18353639qcj.2.1382804290687;
        Sat, 26 Oct 2013 09:18:10 -0700 (PDT)
X-Received: by with SMTP id o6mr18353611qcj.2.1382804290249;
        Sat, 26 Oct 2013 09:18:10 -0700 (PDT)
Received: from ( 
        by with ESMTP id di8si5827468qeb.48.2013.
        for <{Personal.Address}>;
        Sat, 26 Oct 2013 09:18:10 -0700 (PDT)
Received-SPF: pass ( domain of designates as permitted sender) client-ip=;
       spf=pass ( domain of designates as permitted sender);
       dmarc=pass (p=NONE dis=NONE)
DKIM-Signature: v=1; a=rsa-sha1;; s=ym1024; c=relaxed/simple;
	q=dns/txt;; t=1382803973;
DomainKey-Signature: q=dns; a=rsa-sha1; c=nofws;
Date: Sat, 26 Oct 2013 09:12:52 PDT
From: "DMA Career Center" <>
Subject: Kick It Up A Notch With The DMA Career Center
To: {Personal.Address}
X-Header-CompanyDBUserName: dmamarketing
List-Unsubscribe: <>
Message-ID: <>
X-Vitals: 1.115863.735214.1504285.11.45ce
X-Header-MasterId: 1504285
MIME-Version: 1.0
Content-Type: multipart/alternative; 

Once we saw that spam and knew to look, Spamhaus investigators were quickly able to identify many other spamtrap addresses which also received the same spam, both spamtraps that belong to Spamhaus and spamtraps that belong to independent researchers on multiple networks. We also heard from from several prominent anti-spam researchers, who also received this same spam at their personal email addresses. Given the number and diversity of the spamtraps that received this spam, we are 100% confident that the DMA also spammed a very large number of active user mailboxes.

In response to the DMA spam, we created these SBL listings:

Kick it up a notch indeed!

If you know how to read email headers, you can verify the source of the DMA spam from the headers posted above, or (quite possibly with this spam) from the copy that you received at your own email address. The DMA sent this spam through Yesmail, a large email service provider (ESP) which, like any ESP, sometimes has customers that import a purchased or email appended list. Yesmail followed many ESP best practices to send this email. It registered domains to be used strictly to send bulk marketing email, and properly identified both the domains ( and and the sending IP addresses ( in the headers, and appropriate DMARC records in DNS. In other words, Yesmail took responsibility for its network. We have no doubt that Yesmail will have some robust conversations with the DMA regarding their list, which was probably recently acquired because any previous attempts to send email to that list would most certainly have drawn our attention.

Although the spam was sent from Yesmail IP addresses and uses Yesmail-registered domains, it is clear that the decision to spam was made not by Yesmail but by the DMA. First, the spam advertises the DMA Career Center. Second, embedded in the HMTL of the spam message are URLs for images ("creatives", in marketing terms) that are hosted on and, which (as the following Whois records show) belong not to Yesmail but to the DMA:

Domain Name:THEDMA.ORG
Created On:16-Dec-1998 05:00:00 UTC
Last Updated On:23-Oct-2013 20:15:14 UTC
Expiration Date:15-Dec-2014 05:00:00 UTC
Sponsoring Registrar:Network Solutions, LLC (R63-LROR)
Registrant ID:19732466-NSI
Registrant Name:Direct Marketing Association
Registrant Organization:Direct Marketing Association
Registrant Street1:1120 Ave of the Americas
Registrant City:New York
Registrant State/Province:NY
Registrant Postal Code:10036
Registrant Country:US


Domain Name:THE-DMA.ORG
Created On:29-Aug-1995 04:00:00 UTC
Last Updated On:02-Jul-2013 18:37:36 UTC
Expiration Date:28-Aug-2015 04:00:00 UTC
Sponsoring Registrar:Network Solutions, LLC (R63-LROR)
Registrant ID:19732466-NSI
Registrant Name:Direct Marketing Association
Registrant Organization:Direct Marketing Association
Registrant Street1:1120 Ave of the Americas
Registrant City:New York
Registrant State/Province:NY

Adding the pink icing to the spam cake, the DMA's "CAN-SPAM compliant" identification at the foot of the message contains the following remarkably non-transparent blob of code that requires the spam victim to click a tagged URL to read the DMA's privacy statement:

color="#000000" face="Arial, Helvetica, sans-serif" size="1" style="
font-size:10px;line-height:12px;"><b><a href=
DMA</a> </b><font color="#888888">|</font> 
1120 Avenue of the Americas, NY, NY 10036
<b><font color="#888888"> | </font></b>
<font color=3D"#888888"><b> 
<a href="" 
style="text-decoration:none;color:#30A9DE;">Privacy Statement

In other words, the DMA requires that the spam victim confirm that they read the spam email just so that they can find out what the DMA's policy is on the use of their personal information. Of course, no knowledgeable and careful spam victim clicks tagged links in email that they did not ask to receive.

While the CAN-SPAM link attempts to conform to American laws, the spam was also sent to users in many other countries where tracking of users without each user's consent is strictly forbidden. Included in the HTML of the spam are tagged URLs: URLs that are different for each email address that was spammed. A user whose email program fetches and renders images when email is opened will also automatically confirm that they received and opened the DMA's spam message without any notification to the user. Some of the images are single-pixel images, often called a "web bugs," and others have long strings which appear to be unique identifiers, another form of identifier that is usually called a web beacon. The use of web bugs, web beacons, or other techniques that confirm receipt of a message without the recipient's active consent and participation is illegal in the European Union. The nine-year-old European Commission privacy document contains all the basic rules for sending bulk email to users in the E.U.. This document states that use of purchased lists of email addresses is illegal, discusses the implications of European data privacy laws for bulk email, and covers other useful topics.

As we have said for years in our Marketing FAQ:

"Unfortunately the US Direct Marketing Association wrongly advises DMA members that the sending of unsolicited bulk email (AKA spam) is an 'acceptable marketing practice'. This extremely bad advice by the DMA has tricked many DMA members into spamming and consequently damaged the communications and reputations of companies who believed they were following correct advice."

Only the U.S. DMA gives this particular (poor) advice; other DMAs in other countries are wiser:

"It must be stressed that this bad and irresponsible advice is given out only by the American DMA and is contrary to the correct advice of other international DMA organizations including the Australian, Canadian and European DMAs, all of which endorse opt-in policies only."

Had the DMA adopted the "opt-in only" position of its international partners, it would never have created the unnecessary Email Marketing Preference Service (e-MPS). This service and others like it ask email recipients to opt-out if they do not want to receive unsolicited bulk email. Such services are ill-advised, usually poorly executed, in many cases outright fraudulent, and utterly ineffective at preventing spam and abuse. For more on this subject, see our page on Spam "Unsubscribe" Services.

Earlier this year we had a Q&A exchange with the Magill Report. One of the questions was, "Could [Spamhaus] imagine cooperating with the DMA, and if so, what would that look like?" To that we replied (in part), "When the DMA accepts that unsolicited bulk email is a plague and stands solidly behind anti-spam best practices, then we'll be in cooperation." We trust that this goes without saying but -- just to be clear -- we would expect the DMA to practice what it preached in that case, and to completely stop promoting or using opt-out lists and opt-out email practices.

Isn't it high time that the U.S. DMA joined the rest of the world's DMA organizations, and the rest of the civilized Internet, in renouncing Unsolicited Bulk Email (UBE)?

Spamhaus Information

Press Office
Spamhaus News Index
Spamhaus in the media
About Spamhaus
Spamhaus Official Statements
Article Information

Permanent link to this news article:
The DMA kicks spam up a notch

Subscribe to RSS News Feed
Spamhaus News Quotes

Permission to quote from or reproduce Spamhaus News articles is granted automatically providing you state the source as Spamhaus and link to the news record.
© 1998-2016 The Spamhaus Project Ltd. All rights reserved.
Legal  |  Privacy