David Lewis has a nightmare story up about his experience with Yahoo – thanks to his site, anycoupons.com, getting flagged as a spammer by McAfee’s SiteAdvisor (see their report on anycoupons here.) Because of this, his pay campaigns have been disabled, and his site’s been flagged with a noxious ‘sends spam’ warning message in the Yahoo search results pages.
I strongly doubt Dave would put his core business at risk by selling e-mails for spam – totally counterproductive. So what happened? It’s impossible to tell, but I can guess. McAfee’s got some interesting methodology – they type a unique Site Advisor e-mail address into every e-mail form they can find on your site (potentially clogging up your user database with fake info – how nice of them), and then monitor that e-mail address to see what they get back. The random e-mails in McAfee’s anycoupons.com report are all ‘cash wire’ / ‘cash application pending’ – in other words, this is related to financial lead gen, probably payday loans. How’d that user get flagged as interested in payday loans? I’m guessing a short-form HTML creative that anycoupons.com ran as advertising, maybe something through CJ. The banner ad asked for an e-mail address, the HTML of the banner ad was injected directly into the DOM, and the Site Advisor crawler thought it was just another part of the site. Off went the e-mail, which was probably sold to four different payday loan providers, and one of those in turn sold the worthless ‘lead’ to a spammer for pennies. Ugly but not particularly uncommon.
Of course, this is just a theory – god knows what the real reason is. But if companies like Yahoo are going to trust the results of an automated crawler so closely, I’d be damn careful about any advertising that allowed the user to enter personal information without leaving your site. (And then I’d insist on blocking such crawlers through robots.txt and bot filtering – you have the right to control which users and what applications access your site, and there’s no point letting through – and paying the incremental serving costs for! – some robot that can only harm your business.)
{ 8 comments… read them below or add one }
Excelent theory. I think you are right on the money with it.
I and a bunch of other people in the SEO industry are on top of this and Siteadviser cleared David. Now we need to get Yahoo to correct its flaws.
Greg and Igor-
Thanks for your support and for trying to help McAfee improve its system.
I went looking for the SiteAdvisor e-mail addess. I had looked yesterday for the obvious domains. None appeared. Today Shane from McAfee commented on my blog that there were 4 new tests running. There is only one e-mail address that looks randomish signing up yesterday or today. It was on sbcglobal.net. The rest look like real names. (Igor pondered whether McAfee uses hotmail, etc for the test accounts.)
But here is what really struck me as strange. If you look at the Sample Inbox at http://www.siteadvisor.com/sites/anycoupons.com/email, many of them have SiteAdvisor in the subject. AnyCoupons only asks for an e-mail address and password. There is nowhere on AnyCoupons for someone to give us their name and “siteadvisor” shows up in no e-mail addresses in our system.
So the spammer who guessed the e-mail address knew that it was SiteAdvisor while we didn’t.
Theories?
-David
That crawler’s trained to fill out forms, so it must have told a form – not your form, but maybe within an ad that ran on your site – that its name was ‘SiteAdvisor’.
Can you recall any advertisements with a form field called ‘Name:’ or something similar?
We don’t have ads, per se, on the site. The only forms to fill out are to sign up for the newsletter or review a store.
How would filling out a form get to the McAfee e-mail account?
I see some ads in the right sidebar. Check out these pages, for example:
http://anycoupons.com/baby_universe.html
http://anycoupons.com/mortgage.html
If you didn’t have any ads on your site with forms, then there’s a couple of possibilities:
a) the crawler ran amok, and went off your site to a form while thinking it was still on your site,
b) the email address in the user database somehow got leaked to a spammer, suggesting a security issue with the server (although this seems unlikely since you don’t store name and the spam *did* use a name.)
Those ads really are static. We really don’t use them.
I was concerned about a potential security risk when you first mentioned it but then I realized that we have no way to know that it is SiteAdvisor. That appears nowhere in our database.
There is a problem with McAfee’s system. There has to be a flaw there that (a) the e-mail address was used more than once, (b) someone leaked it or (c) someone hacked McAfee’s system.
I wrote a little more about the problems I found with McAfee’s SiteAdvisor at http://www.revenews.com/davidlewis/mcafee-siteadvisor/
If you want to figure out what domains McAfee uses when it registers, there is a suggestion about that.
McAfee Site Advisor is certainly flawed, and not just at detecting whether sites send spam. It has just red-flagged our site tech-pro.net on the basis of a false positive detection of Winfixer in a free trial download of PC Tools Spyware Doctor (as verified at virustotal.com – McAfee was the only one of 33 products that claimed anything wrong with the file.) The full story is on my blog: http://blog.tech-pro.net/entry/47/McAfee_defamation_of_Tech-Pron