Hi,

So this afternoon I got an e-mail claiming:


We think you may be missing some of your EAA membership benefits!

We want to make sure that you are receiving our emails into your Gmail inbox, as these give you information updated on things in and around EAA, and in general aviation.

It only takes a few seconds to find out!
Follow these 3 easy steps to find out . . .

Well it turns out the e-mail headers were forged from "icpbounce.com", a notorious SPAM house. One can go nuts trying to figure out how these jerks got or figured out I'm an EAA member. Regardless, the little pile showed up and is now flagged as SPAM to gmail.

For those curious as to how to decipher the header, I've replaced the "<" with "*" to denature any rendering effects:


Delivered-To: bwilson4web@gmail.com
Received: by 10.14.129.3 with SMTP id g3csp135685eei;
Tue, 16 Apr 2013 13:51:56 -0700 (PDT)
X-Received: by 10.49.131.133 with SMTP id om5mr4836566qeb.7.1366145515826;
Tue, 16 Apr 2013 13:51:55 -0700 (PDT)
Return-Path: *bounces+1170417.48547813.184522@icpbounce.com>
Received: from drone054.ral.icpbounce.com (drone054.ral.icpbounce.com. [66.162.193.235])
by mx.google.com with ESMTP id hg9si3145238qab.14.2013.04.16.13.51.55;
Tue, 16 Apr 2013 13:51:55 -0700 (PDT)
Received-SPF: pass (google.com: domain of bounces+1170417.48547813.184522@icpbounce.com designates 66.162.193.235 as permitted sender) client-ip=66.162.193.235;
Authentication-Results: mx.google.com;
spf=pass (google.com: domain of bounces+1170417.48547813.184522@icpbounce.com designates 66.162.193.235 as permitted sender) smtp.mail=bounces+1170417.48547813.184522@icpbounc e.com;
dkim=pass header.i=@icontact.com
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; s=default; d=icontact.com;
h=Mime-Version:From:To:Date:Subject:List-Unsubscribe:Content-Type:Message-ID;
bh=XWU/oOYb7gw6WXl0JP1qsTWYU94=;
b=ffj7S6Z3eFSSCx+Kvbjtb2JhGrGo/yU5IZrHMh6kqxTH6HDnDpkcU5jnteu87Ga64lLbGp+zJz+t
lI0va24z6Lcd3XQVsAs4GQh/LEXAgiLdqw4Ji8X675OA9u4twen6BrMB3xAwESyyV7PIqEdpTN 4e
1qSD4lrmBfa3Qc1cjhE=
Mime-Version: 1.0
From: "EAA" *membership@eaa.org>
To: *bwilson4web@gmail.com>
Date: Tue, 16 Apr 2013 16:50:53 -0400
Subject: Gmail Notice - Please Check Your Settings Today
. . .




The key triggers:



[*=left]Email that tries to get you to do something with a browser or the email client! Legitimate e-mail does not carry a payload or request asking that you 'do something' like this.
[*=left]"icpbounce.com" - has nothing to do with the EAA domain.
[*=left][66.162.193.235] - probably someone's computer that has become a 'robot' for the SPAMers
[*=left]"From: ..." - easily forged by the SPAMer to give credibility to the e-mail. But the e-mail headers do not match.



It is always so disappointing to see such nonsense but I learned years ago that SPAMers are sociopaths. They really do not care what you think as long as they can deliver their nonsense.

I'm not sure how to communicate with official EAA about this. When 'search' didn't find any other postings, I figured to share it with the community.

GOOD LUCK!
Bob Wilson

Disregard my previous post - this is NOT spam, but a legitimate message from EAA via our email provider.

I'll be back in the office tomorrow after several days off and will posture clarification then. In the meantime - false alarm.

Hal, I recognize the format of the above posted email, please don't be telling us you guys are using the same "spam" email marketing people as AOPA & NRA. (Which could explain why I never saw anything like the above email as I blocked them a long time ago) (Yea, AOPA & NRA were using the same email marketing provider, no I don't remember their name, I had my guy block them)

Well at least we know. I've already blocked it . . . too many 'warning signs'. The worst was seeing a non-EAA domain sourcing the message.

I understand outsourcing but would suggest this could be done with a little more skill. There are way too many SPAMhaus out there.

Bob Wilson

Is there a way to get even with spammers? I know of the trick of holding the cursor over the reply to address to see where it actually goes, at least for a PC and Thunderbird.

Mike, I don't know off the top of my head what vendor the NRA and AOPA use or used, but can reconfirm that this email was legitimate. This was something we'd sent to a number of members with Gmail accounts because we were getting reports that an unusually high percentage of of our newsletter subscribers that use Gmail weren't getting them because they'd been marked as spam for one reason or another.

If anyone is curious, here's the original email:

http://www.eaa.org/newsletters/1301_gmail.html

In addition, I want to be clear that we didn't hire a "spam marketing company" to communicate with our members. We use this particular vendor for all of our large scale emails, including e-Hotline, which goes to something like 110,000 subscribers each week. In addition, every email is composed, designed, created, etc., in-house by EAA staff. You're not getting things with our name on it just because some marketer at some outside company thought it was a good idea.

We use a vendor for a number of reasons - I'm not the expert (clearly!) but I know that two of them are A) because we don't have the server capacity to send things like e-Hotline ourselves and B) using a service like iContact let's us see some basic analytics data, like what percentage of e-Hotline subscribers, for instance, actually open the mail. That's extremely important for us as it's one of the only ways we can tell if we're doing a good job or not, beyond the handful of people who write or call with feedback. If we were to publish a newsletter and a bunch of people subscribed to it but only a small percentage actually opened it, clearly we're doing something wrong.

Apologies again for the initial confusion caused by my "on the go" response last night.

Ok. Just curious, Hal. What percentage of the 110,000 eHotline recipients DO open it? I'd like to think it would be a high number.

OK, Hal, I misunderstood. This sentence "We think you may be missing some of your EAA membership benefits!" is exactly how the spam emails start out that I was getting from other organizations trying to trick you into buying third party items from insurance companies, lifelock, etc.

Ok. Just curious, Hal. What percentage of the 110,000 eHotline recipients DO open it? I'd like to think it would be a high number.

Carl, my colleague Sara is the one who tracks those numbers and she's out of the office today, so I'll have to get back to you. I want to say that the average was somewhere north of 60%, but that's a vague memory. I do know that it's well, well above the industry average - in other words, it's always a number we're very happy with. :)


OK, Hal, I misunderstood. This sentence "We think you may be missing some of your EAA membership benefits!" is exactly how the spam emails start out that I was getting from other organizations trying to trick you into buying third party items from insurance companies, lifelock, etc.

Mike, I see your point - this is great feedback! If we need to send out an email like this again, we'll revisit that language and see what we come up with.