Legend:  new window    outside link    tools page  glossary link   

Classic Spam: Welcome back, Napster —
now, go away again!

The bottom line: This Napster come-on, like my ad from Frederick’s of Hollywood, is a prime example of “know-nothing” affiliate spamming — in which high-profile companies use “affiliates” to do the dirty work of unsolicited bulk e-mail advertising (these “mainstream” companies thereby earn the sobriquet “mainsleaze”). In both cases. the firms promoted in the ads disclaimed any knowledge of, or responsibllity for, the spam. This sort of spam has greatly decreased in frequency (at least in my case) over the past couple of years, and may be one positive effect of the federal CAN-SPAM law.

For the benefit of those of you who think that “file sharing” is what happens when the manicurist runs short of supplies, here’s a review of recent internet legal history. A few years back, an operation called Napster was the most famous (or infamous) of so-called peer-to-peer file sharing networks; relying on Napster’s centralized database of who-had-what, thousands of Napster users copied terabytes of copyrighted music files directly from each other’s computers for free, bypassing legally-vulnerable central servers (and, not coincidentally, both local record stores and online sales houses).

Napster got so big so fast that even the bloated and complacent music recording industry was forced to sit up and take notice. And so, just as Napster was poised to become the largest music outlet on the planet, it was crushed to death under the weight of a huge legal settlement with the music biz (which, having been awakened from hibernation like a mad grizzly bear, is now lumbering over the landscape and mauling the innocent and the guilty alike).

Jump forward to 2003; after a cooling-off period the Napster name and earphoned-cat logo are back, but this time fronting an innovative but legally- and commercially-acceptable for-pay music downloading service (http://www.napster.com/) started by software publisher (of Toast, Jam, etc) Roxio (http://www.roxio.com/). There’s a lot of anti-establishment ’tude in evidence at the new site, but there isn’t much left of the original Napster model: no peer-to-peer sharing (at least none that Napster management would condone), and you can select only music that Napster is able to (or sees fit to) make available. I wouldn’t know what music that might be, since they didn’t list a catalog and you can’t get Napster for MacOS (guess I’ll have to rely on ITunes for my sonic codswallop). But, these are rants best left for someone else to screech; we’re here to talk about spam.

Any new business, even one with such a famous name as Napster’s, must do three things to develop a clientele: (1) promote, (2) promote some more, and (3) keep on promoting. To this end, Napster has set up an affiliate marketing program with Commission Junction (http://www.cj.com/) whereby interested folks (called “publishers”) can put links on their websites (and, of course, in their e-mails) to send their visitors to Napster; the links contain affiliate codes to identify the publisher, so that if the visitor bites onto the service, the publisher will collect what Napster somewhat alarmingly calls a “bounty” (I thought a bounty was what you got for turning in dead wolverines or bail jumpers). Napster’s affiliate info page (http://www.napster.com/join_network.html) is oddly silent on the subject of spam, although CJ’s publisher policy (https://www.cj.com/pub_agreement.jsp) explicitly forbids its use. That didn’t stop Affiliate #88, however, as we see in the message below (one of two I got on two consecutive days):

Return-Path: hidden
Delivered-To:
hidden
Received: from dsl-olugw5kfd.dial.inet.fi ([206.46.170.26])
   by mta016.verizon.net
   (InterMail vM.5.01.06.06 201-253-122-130-106-20030910) with ESMTP
   id <20031120075028.FHBQ2881.mta016.verizon.net@dsl-
   olugw5kfd.dial.inet.fi>;
Thu, 20 Nov 2003 01:50:28 -0600
Received: from dsl-olugw5kfd.dial.inet.fi (80.223.202.253) by
  sc016pub.verizon.net (MailPass SMTP server v1.0.6 - 111103224510JY)
   with SMTP id <4-5415-219-5415-20636-1-1069314601> for
   mta016.verizon.net; Thu, 20 Nov 2003 01:50:29 -0600
Received: from [74.202.45.158] by dsl-olugw5kfd.dial.inet.fi
   id <6972803-18448> for
hidden; Thu, 20 Nov 2003 03:47:34 -0400
Message-ID: <t-$3-n6$8l-m21$-80-$l@niv0we2w>
From: "Mike"
hidden
Reply-To: "Mike"
hidden
To:
hidden
Subject: It's Back! fxxkuuji dyeum f
Date: Thu, 20 Nov 03 03:47:34 GMT
X-Mailer: Microsoft Outlook Express 5.50.4133.2400
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary=".FE_EE__1.CC."
X-Priority: 3
X-MSMail-Priority: Normal
X-Spam-Checker-Version: SpamAssassin 2.60 (1.212-2003-09-23-exp) on blade4
X-Spam-Level: **********************
X-Spam-Status: hits=22.1 tests=DATE_IN_PAST_03_06,DATE_SPAMWARE_Y2K,
FORGED_MUA_OUTLOOK,FORGED_OUTLOOK_HTML,FORGED_OUTLOOK_TAGS,
HTML_IMAGE_ONLY_02,HTML_MESSAGE,HTML_MIME_NO_HTML_TAG,
HTTP_ESCAPED_HOST,HTTP_EXCESSIVE_ESCAPES,MIME_HTML_NO_CHARSET,
MIME_HTML_ONLY,MIME_HTML_ONLY_MULTI,MISSING_MIMEOLE,USERPASS
version=2.60
X-SpamCop-Checked: 192.168.1.101 206.46.170.220 206.46.170.26 5.1.6.6 80.223.202.253
X-SpamCop-Disposition: Blocked bl.spamcop.net


--.FE_EE__1.CC.
Content-Type: text/html;
Content-Transfer-Encoding: quoted-printable

<BODY BGCOLOR=3D"2c6b96" LINK=3D"ffffff" ALINK=3D"ffffff" VLINK=3D"ffffff"=
MARGINWIDTH=3D"0" MARGINHEIGHT=3D"0" TOPMARGIN=3D"0" LEFTMARGIN=3D"0">
<TABLE BORDER=3D"0" CELLPADDING=3D"0" CELLSPACING=3D"0" WIDTH=3D"100=
%" HEIGHT=3D"100%">
<TR>
<TD ALIGN=3D"Center" VALIGN=3D"Middle">
<TABLE BORDER=3D"0" CELLPADDING=3D"0" CELLSPACING=3D"0">
<TR>
<TD ALIGN=3D"Center"><A HREF=3D"http://www.arclength.com@=
%73%6D%73%2Enap%73t%65%72.%63%6Fm/download.html?affiliate_id=3D88
&referral=_id=3DCJ"><IMG SRC=3D"http://www.clarity.com@%77%77%77%2En=
%61%70%73%74er%2E%63%6Fm/%69%6Dag%65%73/hdr_homepg_top.gif" BORDER=3D"0"><=
/A></TD>
</TR>
<TR>
<TD>
<TABLE BORDER=3D"0" CELLPADDING=3D"0" CELLSPACING=3D"0">
<TR>
<TD><A HREF=3D"http://www.dreadnought.com@%73%6D%73=
%2Enap%73t%65%72.%63%6Fm/download.html?affiliate_id=3D88
&referral_id=3DCJ"><IMG SRC=3D"http://www.audition.com@%77%77%77%2En%61%70%73=
%74er%2E%63%6Fm/%69%6Dag%65%73/gfc_homepg_lftofcat.gif" BORDER=3D"0"></A><=
/TD>
<TD><A HREF=3D"http://www.zachary.com@%73%6D%73=
%2Enap%73t%65%72.%63%6Fm/download.html?affiliate_id=3D88
&referral_id=3DCJ"><IMG SRC=3D"http://www.sidecar.com@%77%77%77%2En%61%70%73=
%74er%2E%63%6Fm/%69%6Dag%65%73/gfc_homepg_cathead.gif" BORDER=3D"0"></A></=
TD>
<TD><A HREF=3D"http://www.concern.com@%73%6D%73=
%2Enap%73t%65%72.%63%6Fm/download.html?affiliate_id=3D88
&referral_id=3DCJ"><IMG SRC=3D"http://www.lid.com@%77%77%77%2En%61%70%73=
%74er%2E%63%6Fm/%69%6Dag%65%73/gfc_homepg_rtofcat.gif" BORDER=3D"0"></A></=
TD>
</TR>
</TABLE>
</TD>
</TR>
<TR>
<TD><A HREF=3D"http://www.flair.com@%73%6D%73%2Enap=
%73t%65%72.%63%6Fm/download.html?affiliate_id=3D88
&referral_id=3DCJ"><IMG SRC=3D"http://www.nne.com@%77%77%77%2En%61%70%73%74er=
%2E%63%6Fm/%69%6Dag%65%73/hdr_homepg_discvrandbuy.gif" BORDER=3D"0"></A></=
TD>
</TR>
<TR>
<TD ALIGN=3D"Center"><A HREF=3D"http://www.woolworth.com@=
%73%6D%73%2Enap%73t%65%72.%63%6Fm/download.html?affiliate_id=3D88
&referral_id="><IMG SRC=3D"http://www.yaqui.com@%77%77%77%2En=
%61%70%73%74er%2E%63%6Fm/%69%6Dag%65%73/btn_cnsmrHMpg_installnap2.gif" BOR=
DER=3D"0"></A></TD>
</TR>
</TABLE>
</TD>
</TR>
</TABLE>
</BODY>ssswhp vrshp gm
nverdarvvhogdrxmoo
cv
j vflg zgpao wqa pfuouglqahb cm
exg

--.FE_EE__1.CC.--

The header provides an early example of Verizon’s rather confusing treatment of incoming mail; the top header line amounts to an internal relay and should be disregarded (since it otherwise doesn’t maintain the “chain” of from-hosts to by-hosts). The message was received from a host identifying itself (possibly incorrectly) as dsl-olugw5kfd.dial.inet.fi (206.46.170.26). The third received-line is a forgery.

The body is an exercise in unnecessary crypticness. The only real content here is a selection of images taken directly from Napster’s website. The spammer has used the HTTP user-id trick to plant what look like web host names (“www.arclength.com,” “www.clarity.com,” “ www.dreadnought.com,” etc.) some of which actually exist but have nothing to do with Napster, while the actual napster.com hostname is obfuscated using URI encoding (%73%6D%73%2Enap%73t%65%72.%63%6Fm” = “sms.napster.com”). You’ll also see spammy’s affiliate code (88) and referral ID (CJ) in every link.

What, precisely, is affiliate 88’s point here? Why disguise the sms.napster.com hostname? After all, if you’re given a page advertising Napster, don’t you expect to get sent to napster.com if you click a link? Sheesh.

Complaints filed with Napster.com yielded only pro-forma responses; a further complaint to Commission Junction got an automated case-file response, but the CJ rep did not (or would not) recognize CJ’s involvement with Napster, and pretty-effectively bit-bucketed my complaint (by telling me they would close the ticket unless I responded within 24 hours -- and this over a long national holiday weekend). I guess I know now how far I can rely upon Commission Junction’s probity.

You know, I think I liked Napster better back when they were inconveniencing the record companies instead of me.



 home | legal stuff | glossary | blog | search

 Legend:  new window    outside link    tools page  glossary link   


(c) 2003-2007, Richard C. Conner ( )

07708 hits since March 27 2009

Updated: Sat, 18 Aug 2007