Where's Your E-mail Going?

[Teli]

It started a while ago, but I didn't pay much attention. Then one day I received a sale notification for an affiliate program I didn't think I signed up with. Curious, I went to the site to see if I had signed up and forgotten, but none of my standard affiliate e-mail addresses worked. Something nudged me to check the e-mail headers to see if maybe it was a stray e-mail, phishing attempt, or simple cyber-error and amazingly, it was legitimately addressed to someone who was having all of their e-mail forwarded to my Gmail account.

In light of this, I began paying closer attention to the e-mail I thought was spam, and I was amazed at what I found - in a few words, had I been an unscrupulous person, I could ruin this person's affiliate marketing business. Contacting the affiliate programs did little good because it's the affiliate's responsibility to make sure his information is correct and current. The only thing I can do in the meantime is filter his e-mail into my trash and look for alternate ways to contact him.

Let there be a lesson in this:

• Always sign up with your legitimate contact information when signing up with affiliate programs.
• Double check to make sure your e-mail forwarders are set up properly. Chances are, this person mistyped a letter or forgot an underscore.
• Keep tabs on your e-mail. If you're not receiving messages you know you should be, track down the problem.

I've already blogged about it, Double Check Your E-mail Forwarders, and felt I should pop over and leave a note here as well.

~ Teli

 

[Linda Buquet]

Wow, Teli glad you told us. Good lesson to learn.

FYI different situation - but a few months ago I was getting welcome emails for programs I didn't join. It was a huge affiliate fraud ring from China joining progrms pretending to be ME. They were using all my whois info pretending they were Linda from 5 Star. They were even using one of my email addresses that I didn't think people knew about.

Then of course they would change the payto address right before the check was due. A few accounts they forgot to change and I got commission for programs I never had even heard of. I sent back the checks and alerted all the companies. There were hundreds of affiliate programs and networks involved and these guys were signing up with lots of other peoples names not just mine.

I also tried to get the FBI invloved but got nowhere. Ther REALLY bad thing was that some merchants that don't know who I am thought it was really ME making the fraudulent sales. It was a huge mess.

 

[ausgold]

I agree, strange things happen with email.

I have had several welcome emails from different programs I didn't join. I eventually gave up clicking the unsubscribe link and sent them to the trash instead.

I simply assumed it was some overzealous person signing me up into their group.

Something a lot more worrying was when I received a couple of emails from myself. No kidding, they were addressed from my own email address to the same email address. When I checked the headers, I saw that they must have originated from some other country. What bothers me, is that others must have received emails "apparently" from me, which puts me squarely in the firing line to be accused of spam.

How can this happen?

 

[Teli]

Linda,
That is terrible. What did these people do, sign up for an affiliate account using your name them make purchases with stolen credit cards, receive the commission, and left the innocent victims (you included) to clean up the mess afterwards? Or did they simply sign up with your name so they wouldn't have to pay taxes or something?

It's incredible how these things can happen. Certainly makes me take a good look at how I share my personal information and it's the main reason I don't input any personal information if the sign up form isn't on an SSL server.

One time, I was about to sign up for an affiliate program, but it wouldn't allow me to sign up unless I provided my social security number. I e-mailed their support to ask why they are asking for such information on an unsecured server. They didn't know what I was talking about, so I actually had to show them a picture of what a secured address looks like (i.e. https:// as opposed to http://) and you know what they said? Well, you don't have to sign up for the affiliate program. ROFL.

Sometimes, I think that these merchants should take the necessary precautions to protect their affiliates. With such a large name as yours, they should have been wary of your signing up and contacted you about it.

~ Teli

 

[Teli]

ausgold,
What happened to you is called e-mail spoofing. It's actually very simple to do if a server has PHP with the mail() function enabled. Most e-mail a friend scripts send out e-mails that look like they were coming from one e-mail address, but really it comes from a server.

In all honesty, I wouldn't worry about it. Most services know to actually check the headers which will reveal that the message didn't come from your website if, truly, it didn't.

~ Teli

 

[ausgold]

Well thanks for that Teli.

I didn't think of the email a friend thing. I have seen that on different sites, but have been reluctant to use it. I know I hate getting unwanted emails. We get enough spam as it is.

~~~~~~~~

 

[Linda Buquet]

teli I think part of the reason these guys sign up pretending to be legit US sites is that they know lots of networks and programs wont accept affiliates from China precisely due to the fraud. So tehey think if they sing up pretending to be 5 Star or Shawn Collins (yep its happened to him too) or BizRate or other well know sites they'll get approved without question by managers that will be so thrilled to accept them.

This particular fraud ring had mail boxes all over the US that forwarded to them in China. Don't know how they committed the fraud to make all the sales, assume it was lots of fraudulent credit cards.