Newsletter distributor seeks source of spam attacks

Computerworld - Never before had customers of e-mail newsletter distributor SparkList.com been hit by widespread spam attacks that clogged their readers' in-boxes with ads for pornography and other undesired offers.
But that changed in early August, when about five major customers, including newsletter publisher MarketingSherpa Inc., notified SparkList that thousands of its newsletter readers were complaining that their private e-mail addresses had suddenly become magnets for offensive spam.
Mysteriously, the problem began on the weekend before an Aug. 1 announcement that SparkList was being acquired by newsletter distribution software maker Lyris Technologies Inc.
Only three of some 25 former SparkList employees were retained by Lyris after the purchase, leading some observers to suggest the possibility that the sudden spam attacks were the work of disgruntled ex-employees.
Other possibilities for how the spamming began include an attack by hackers who could have launched the mailings or automated "dictionary" attacks by bulk e-mail distributors that send spam to computer-generated e-mail address combinations from A to Z.
"The acquisition is still warm, so that's one of the challenges that we're trying to understand -- what exactly happened," said Steven Brown, a spokesman for Berkeley, Calif.-based Lyris.
"I wouldn't want to speculate on exactly what happened," Brown said. He hopes to have more answers next week after outside consultants hired to investigate the incidents finish tracking likely scenarios for what transpired.
"Obviously this is very important to people," he said. "We're taking it very seriously."
Alexis Gutzman, the technology editor for Washington-based MarketingSherpa.com's electronic newsletters, said her company learned of the problem when newsletter readers began complaining that the spam could be sent only by someone who knew their private e-mail addresses. The addresses, which customers use only to receive mailings from MarketingSherpa.com, are made up of random numbers and letters that couldn't have been guessed by computer-generated dictionary spam mailings, according to the letter writers.
Lyris bought SparkList so it could move from only selling its software and expand its small presence in the closely related e-mail distribution and hosting business.
Now, said Gutzman, that strategy has turned out to be a public relations nightmare for the company, whose software looks at newsletter subscriber databases and sends a unique e-mail to each reader. "Lyris is in a terrible position," she said.
One thing in Lyris' favor is that the problem likely didn't come from within Lyris, she said. "This was something they inherited" through the SparkList purchase.
The incident is a good example, Gutzman said, of the need for software that would protect e-mail recipients