Below is a copy of the email from Cvent and my response with some minor
redaction so as to keep who I'm in discussion with private unless they
want to take the discussion public.
regards,
KAM
Sorry for the delay on this response but I wanted to give it some
serious attention especially as the chair of the SpamAssasin project.
As part of that project, I have an onus to the foundation to maintain
transparency and discuss this on the mailing list (See
http://theapacheway.com/ for more about this.) For now, I've cc'd the
project management committee and will forward a copy of the email
removing your name but welcome this discussion to continue on the User's
forum for SpamAssassin. I think if you can show you are working in good
faith to fix the issues, you will see the anti-spam community rally
behind you.
First off, I have removed your current RBL entry from the list in
discussion based solely on the fact that you have reached out in good
faith on a dialogue about the issue. Thank you for taking the time to
do that. I look very much forward to your response and will keep an
open mind.
Second, I will give you a portion of the evidence I have. However, to
me, this is less about fixing specific issues of spam and instead fixing
either the culture or architecture that is allowing this systemic abuse.
For example, I can see some abuse by one of your customers:
vette:Aug 21 10:51:40 2013 (15216) TheBoard post from
webin...@crowdcompass.com held,
message-id=<0eb40c9d-3fbf-41e9-bba0-b6affc1a9af4-x...@cventinvite.com>:
Post by non-member to a members-only list
vette:Aug 28 10:53:36 2013 (15216) TheBoard post from
webin...@crowdcompass.com held,
message-id=<4ca68d68-c5ad-4c87-a0a3-854f5afe38c8-x...@cventinvite.com>:
Post by non-member to a members-only list
vette:Sep 03 10:51:55 2013 (15216) TheBoard post from
webin...@crowdcompass.com held,
message-id=<79c0efae-c209-492c-ac2d-48ada0b3bebd-x...@cventinvite.com>:
Post by non-member to a members-only list
This is something where sometimes your only recourse is canceling the
customers account or limiting their email abilities.
However, I've also seen cases where companies have 'free trials' or poor
credit card fraud procedures which lead to signing up for accounts they
plan to run the wheels off. In these cases, we need to see a systemic
change in that procedure.
In other cases, we've seen companies blame everything on partners who
receive commissions and therefore they aren't responsible for the
activities of the partner. Well from our perspective they are
responsible. We follow one definition of spam from Chris Santere which
is "Spam is about Consent not Content". If the consent is there, it's
not spam. And I am a capitalist and believe things like someone
purchasing from your firm is a de facto consent to send necessary
documents (receipts, terms of service, follow-up pings, etc.) UNTIL that
customer asks to be removed or you haven't contacted them in a
protracted period of time.
Unfortunately, in the next two examples, I have received unsolicited
emails from *Darrell Gehrt*purporting to be the Division Head, Web
Surveys at your firm. Checking linkedin and your firm's blog concur.
And I also have unsolicited emails from *Meg Stensrud*purporting to be a
Regional Sales Manager at your firm. Again, linkedin appears to confirm
this information and the latter is the one that appears to have used
scraped whois data tied to an address where they have incorrectly tied
me to springvalley law group. Two example headers are available at
http://pastebin.com/Q0knc6ei
Interestingly, http://washington.oneyellow.com/ID/1277768 shows
"springvalley law group" at 5335 Wisconsin Ave NW , # 400, Washington,
DC 20015 Local Phone: (202)895-1648 Fax: (202)966-6455.
That address USED to be Luse Lehman Gorman Pomerenk and Schick which I
have been associated with in whois records but this shows scraping and
cross-database use that points to a foundational issue and misuse of
database mining in marketing campaigns at your firm. I should also
mention that email address hasn't been used actively in over 10 years
which shows a very protracted length of time for legitimate business.
But perhaps you can defend this with some provenance on the email
addresses. But I'm sure you won't be able to show anything with
Springvalley Law Group. In the end, I won't be shocked at all if the
best you can find out is you have some people in your marketing
department doing some very shady marketing.
The real question is what you can do to fix the issue. If we continue
to see unwanted email, we may list them again. We rely on your
proactive monitoring of your customers (and
employees/agents/contracts/etc.) to ensure that this won't happen; the
onus should not be on us to report spam to you.
regards,
KAM
On 10/7/2013 2:45 PM, XXX wrote:
Hello Kevin McGrail,
Your posting today on the SpamAssassin users list was brought to my
attention. Let me introduce myself, my name is XXX with Cvent. I am
reaching out to you about the concerns you raised in your posting and
asking to work with you to investigate. Cvent does not tolerate
scraping of email address either by our customers or internally.
Please send me the header information for what you received. We will
investigate and get back to you quickly.
Cvent, Inc. is a publicly traded, global event management solutions
company founded in 1999. Our services are used by 187,000 event
planners and hoteliers worldwide. If you follow Alexa traffic
rankings, our website popularity is 1,545 USA and 5,569 Global.
My team has been tracking the recent and sporadic issue with cvent.com
appearing on the URIBL blacklist to determine the offending customer
and terminate per the Cvent Terms of Use.
Thank you for your understanding and cooperation,
**