« Stupid Google Trick #872: “(company name) sucks”
What Happened In Peidmont? Viral Marketing Killed Everyone. »

Jangomail’s Reverse Spam

So I signed up for Eyespot the other day, just to try it out. Eyespot is an online video editor, and it’s really spiffy (although I like Jumpcut a bit more). But, online video editing is not what this post is about; rather, this is about how a legitimate email newsletter from Eyespot, in an ironic twist, managed to disguise itself as spam so well that it took a bit of detective work indeed to discover that it wasn’t so.

Pretty much the entire message body is available at http://shootmixshare.blogspot.com/2008/04/build-your-own-site-w-eyespot.html, which is a decent warning sign in itself. There were a few noteworthy differences, however.

Bizarro Spam

In a world where hot black snow falls up, spam would look like the email I recieved from eyespot; completely legitimate info with what seems like deliberate touches to make it look like spam, to me and to gmail alike. First off, all the links were rewritten. Here’s an example:

http://x.jngo1.net/y.z?l=http%3A%2F%2Feyespot.com%2Fmixables%2FThieveryCorporation&e=1055&j=103500431

The domain of that link, x.jngo1.net, is a huge red flag. At this point, I was fairly convinced it was some sort of phishing attempt, and I was gearing up to write an angry email to eyespot for handing over my email address. However, since I am young and foolhardy and also using a Linux machine, I went ahead and clicked it anyway - and it brought me to the Eyespot site.

I looked all around for evidence of foul play, but nothing came up. So I did a whois in jngo1.net, and a company called Silicomm.com came up. Curious, I went to their site, and was presented with a link to Jangomail.com. Jangomail? That sequence of consonants and an ‘o’ sounds familiar. And sure enough, jangomail.com is a newsletter app that is apparently used by Eyespot to send highly ignored newsletters. Evidently the url rewriting is nothing more nefarious than some tracking code.

So what did we learn?

We learned that GMail registers weird urls as spam, or is possibly blocking this jangomail domain for non-Eyespot-related spams, or is blocking all mail with recieved-from jangomail.com headers (mine was magellen@jangomail.com). It’s hard to blame jangomail.com for this. They seem to be a legitimate company, and having worked for a company that does email newsletters I can tell you that it’s not easy to keep your domains off the blacklist, or to keep your users legitimate. x.jngo1.net is probably just something they though was obscure enough that google wouldn’t block it.

What could Eyespot learn from this? Maybe tracking your clicks isn’t worth your emails getting dumped in the bin. As for Jangomail, I have no real advice; better, more profit-motivated minds than mine have wrestled with this problem before. However, maybe they could take a trick or two from Freshview’s Campaign Monitor, they seem to be doing ok. In fact, I know one Matthew Patterson from Freshview has stumbled across this blog before in his technorati-fuelled meanderings, so maybe he has some insight on this. To comment on. Because I’m actually really curious now.

This entry was posted on Wednesday, April 16th, 2008 at 11:12 pm and is filed under design. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

4 Responses to “Jangomail’s Reverse Spam”

  1. Mathew Patterson Says:
    April 17th, 2008 at 12:52 am

    Hey Adam,

    Thanks for the call out - I feel a bit like Batman seeing the sign in the sky! Tracking link clicks, which is very valuable information indeed for making sure you are sending useful stuff to your subscribers, does mean using a different URL from the original.

    That way the click is recorded, then redirected. There certainly are blacklists out there that contain lists of dodgy URLs and this one may have ended up on a list.

    With Campaign Monitor, we monitor blacklists to ensure we are not listed, and if problems do occur we can pull them offline automatically until it is sorted out. We’re also always working on ways to make the links not look at all suspicious, which can be a problem.

  2. Adam Says:
    April 17th, 2008 at 1:34 am

    Thanks Mathew. I guess there’s only so much that can be done.

    I promise not to do this too often.

  3. Ajay Goel Says:
    April 18th, 2008 at 7:44 am

    Hi Adam,

    My name’s Ajay, and I’m the president of JangoMail. The x.jngo1.net domain is our default tracking domain for JangoMail and shows up in a customer’s email campaign in the unsubscribe link, in the open-tracking mechanism, in the forward-to-friend link, and in any URLs that are being click-tracked. For a period of a few hours yesterday, the domain ended up on http://www.uribl.com. As soon as we discovered this, we put in a delisting request with uribl, and the request was honored within an hour. Unfortunately uribl doesn’t show the reason the domain was added, so I suspect it may have been added erroneously.

    I can’t be certain that this is the reason GMail intercepted the Eyespot email as spam, but it’s likely because we’ve been testing our deliverability to GMail since, and everything is fine now. Our open rates to GMail are quite high.

    JangoMail also allows customers to use their own tracking domain by putting in a DNS record. For example, Eyespot could setup tracking.eyespot.com and then this would be used in place of x.jngo1.net in their e-mail campaigns.

    -Ajay

  4. Adam Says:
    April 21st, 2008 at 7:44 pm

    Changing the tracking url would be a much better solution. Thanks Ajay, and sorry for ragging on you guys - I know how hard it is to stay clear of spam. And, good answer!

Leave a Reply