VisitWicklow.ie: Spammers

I think I just got my first spam from a government body! Specifically, VisitWicklow.ie spam from Wicklow County Tourism. It says:

Wicklow County Tourism is launching its sparkling 2008 Christmas campaign this month, with an extensive festive section on our website www.visitwicklow.ie/xmas . Here you will find all the information you need about what is happening in the Garden County this season including Christmas parties, seasonal events, carol singing, festive markets, Santa visits, great accommodation packages etc.

It was sent to a spamtrap address, scraped from an old mail archive. This address is a dedicated spamtrap; I’ve never used it for non-spam-trapping purposes, nor has it ever opted-in to receive mail. So there was no question that I granted permission to anyone to mail it.

The address delivers mail to my personal account — that’s what I do with my spamtraps, until their volumes get too high. So it still qualifies as a “personal email address”. Here’s the full spam with all headers intact.

It appears the message originated at IP address 87.192.126.62:

inetnum:        87.192.126.32 - 87.192.126.63
netname:        IBIS-PA-NET
descr:          BreezeMax-KilpooleHill-Comm-E 3MB 24:1 (2)
country:        IE
admin-c:        IRA6-RIPE
tech-c:         IRA6-RIPE
status:         Assigned PA
remarks:        Please do NOT send abuse complaints to the contacts listed.
remarks:        Please check remarks on individual inetnum records for abuse contacts, or
remarks:        failing that email abuse reports to [email protected]
mnt-by:         IBIS-MNT
source:         RIPE # Filtered

Kilpoole Hill appears to be south of Wicklow town, just the right spot for a wireless tower used for Irish Broadband access from The Murrough, Wicklow Town (mentioned as the address for Wicklow County Tourism in the mail).

Suggestions? Did anyone else get this? How do I report spam sent by the Wicklow County Tourism Board?

Update: they also hit the Irish Linux User’s Group submission address. I wouldn’t be surprised if they scraped the addresses of other ILUG subscribers, then…

This entry was posted in Uncategorized and tagged , , , . Bookmark the permalink. Both comments and trackbacks are currently closed.

13 Comments

  1. Posted November 17, 2008 at 16:41 | Permalink

    My better half works for a different part of wicklow co co. I’ll ask her to try and track down an IT contact for you, though from the anecdotes I’ve heard, don’t expect any miracles from them…

  2. Posted November 17, 2008 at 17:06 | Permalink

    I’ve a feeling that domain’s familiar so I may have been hit with that. Unfortunately I delete my junk folder regularly and I think it was last week.

  3. Posted November 17, 2008 at 17:44 | Permalink

    Donncha — I think they scraped the ILUG list archives, so yeah, you may have….

  4. Craig Hughes
    Posted November 17, 2008 at 22:06 | Permalink

    They probably didn’t scrape anything themselves. Probably just bought a dodgy list of “Irish email addresses” without asking too many questions… Not that that would make anything better here. Perhaps the local Wicklow newspaper would enjoy a phone call (and/or guest editorial?) from the author of SpamAssassin. I’m picturing an editorial on the evils of spam, generically, with the closing punchline being that Wicklow’s tourist board has broken the law too, most likely through ignorance and misplaced trust.

  5. Posted November 19, 2008 at 08:28 | Permalink

    I got the same mail, to my main address. An address that was, and still is reasonably, well protected. The one obvious exception, or breach of that protection, was when the ILUG web archives were posted without obfuscating the email addresses some time ago (since been rectified, obviously).

    I’ve always used dedicated email addresses in my correspondence, so they certainly didn’t get it from a traditional means anyway. The most likely scenario, in my case, is the ILUG list (and not from a recent post to it, at that; but, rather, from scraping the online archives). Whether they did that themselves, or purchased the list I don’t know, as they haven’t responded to my request.

  6. Posted November 19, 2008 at 12:33 | Permalink

    I reported this on the day via Spamcop to [email protected] I’ve just kicked it up a notch by mailing info at wicklowct.ie asking for an account of how I indicated consent to receive mail at that address, and explaining that sending direct mail without consent is illegal under Irish law. Let’s see if/how they reply…

  7. Posted November 19, 2008 at 12:50 | Permalink

    Dear Jason. Sorry for the email. This is our first promotional mail and as we were keen to promote our new web, we decided to gather as many local emails as possible. I recently purchased the software “Atomic Email Hunter” which basically searches for emails posted on websites under specific keywords. One of the search was conducted under ballymount+industrial+estate and your email came up.

    Wicklow County Tourism is an non for profit organization, with very limited funds, not linked to Failte Ireland nor the local government, who is desperate to help the local tourism trade go through a very difficult time.

    My email search has been conducted under local keywords and we were genuinely hoping it would be of some interest to whomever in the area. I am truly sorry about the email, and want to thank you for pointing out the law to me.

    Please do not hesitate to contact me if you have any further questions.

    Best regards Fred Verdier

    Frederic Verdier Wicklow County Tourism Unit C23, Wicklow Enterprise Park The Murrough, Wicklow Town, Ireland Tel: +353(0)404 20070 Fax: +353(0)404 20072 Email: [email protected] Website: http://www.visitwicklow.ie

  8. Posted November 19, 2008 at 14:29 | Permalink
    I recently purchased the software “Atomic Email Hunter” which basically searches for emails posted on websites under specific keywords. One of the search was conducted under ballymount+industrial+estate and your email came up.

    I sincerely hope the previous comment (Frederic Verdier) is a joke. If not, Wicklow County Tourism need to be exposed for gross incompetence.

  9. Posted November 19, 2008 at 15:46 | Permalink

    I sent a mail to Fred saying the following:

    ‘I suspected it might have been something like that, alright; it’s happened several times before.

    As you now know, it’s a bad idea to use that kind of application, or third-party mailing list providers, to gather email addresses; without consent, you cannot legally use the addresses in this country, and those providers in most cases cannot provide consent — despite what some of them claim. In essence, it’s a legal and PR minefield disguised as a good means of marketing.

    (by the way, it’s worth noting that the app didn’t even manage to find relevant email addresses to that search; I’ve never been near Ballymount Industrial Estate! god only knows why it picked my address for that.)

    Anyway, I hope I’ve convinced you that it’s best to get rid of Atomic Email Hunter. Those things are far more trouble than they’re worth…’

    @Chris: I’m happy enough with Fred’s response. His is not the first organisation to have been misled by unscrupulous software vendors selling spamware applications under false pretences of legality. As long as they keep their nose clean and don’t send another mailshot to that list, I’m prepared to leave the subject at that…

  10. Posted November 19, 2008 at 16:13 | Permalink

    Hi Chris

    they are Irish public servants, of course they are incomepetent … I am actually not surprised at all.

  11. Posted November 19, 2008 at 18:09 | Permalink

    @Justin – You’re being generous (and constructive), while I’m probably mostly professionally aghast: I currently work for a company that provides email marketing services, and am very keenly aware how my employer monitors (and selects) clients. I’ve suspended clients for less than the above.

    First time commenting here, by the way: Thanks for your blog, which I’ve been reading for a while!

  12. Craig Hughes
    Posted November 19, 2008 at 23:29 | Permalink

    My view is essentially similar to Justin’s. Most people simply don’t understand the negative consequences of using some of these products that are marketed as “email marketing” solutions, nor are they in many cases aware of the anti-spam laws, until something like this happens. People make mistakes. The question is, whether they learn from those mistakes and take corrective action, or not.

    Fred’s honesty in explaining what he’d done in this instance to me makes it seem quite clear that he wasn’t aware of the problems with what he was doing, and that now that he knows, he’s unlikely to do it again. Hopefully Irish law provides for a “knowing violation” increased penalty, like our super duper CAN-SPAM act over here.

  13. Posted June 9, 2009 at 12:55 | Permalink

    Believe it or not, the developers of this product spammed this comment form! How’s that for targeting… commenting on an extremely negative blog post with an ad for the product we’re slagging off.

    Here’s what they wrote, with ad URLs removed:

    I tried the trial version of this Atomic Email Hunter and found that it is very easy and fast software to collect email adresses from different websites on the Internet. We have to just enter a valid URL or keyword to get the results. User can restrict those emails ID’s which they donot want to be in the email database using various filtering options.

    Most important thing about Atomic Email Hunter is that when it gets email addresses from search engines the results are very accurate as compared with other email harvesting programs tested by us. After testing 5 such programs including Fast, GSA spider, etc. we made the decision to buy Atomic mainly because it uses search engines very effectively and hence identifies more sites that are actually related to the searched keyword. This generates a targeted email list instead of risking being marked as SPAM.

    For the price, it is must-buy tool for any Email Marketeer. Please donot use the generated databases to send SPAM indiscriminately, try to use the targeted collection methods of this program and then request people to opt-in for your mailer.

    FOR MORE DETAILS VISIT AT: http://[removed]/

    This is of course all bullshit. It sends spam. “Targeting” is a scam.

    I’m closing comments on this post to avoid further noise….