I think it's very important to distinguish "spam" from "scam".
What AirBnB did was a little spammy (and probably violated CL's ToS). Same goes for ODesk and other freelance boards (I got one from HireTheWorld just the other day).
When someone wants all your personal information or help moving (i.e. "laundering") money overseas, that's an entirely different animal.
True, but spam is bad. Apartment hunting is time consuming enough. Tons of people end up wasting more of their time writing an email back to the seemingly-legit Tina.
If I understand correctly, AirBnB directly posted to Craigslist, where most of the spam emails (such as the roommate or oDesk emails) look to be the work of third-party affiliates. I'm not condoning AirBnB's methods, but there is a subtlety here that makes affiliate spam even harder to battle.
Lots of companies use affiliates to do the dirty work for them, then ban affiliates that get caught. New affiliates pop up, or the banned affiliates create new accounts and start over. That leaves sites like Craigslist in the unenviable position of playing whack-a-mole to try and ban spammers.
Other variations on these include fake profiles of women on (insert social networking site her) who inexplicably "friend" men and entice them to sign up for dating/adult sites where the target can see more photos, and gambling instruction guides/beat the casino secrets uploaded to torrent sites for free. Naturally affiliate links to lots of online gambling sites are embedded in the guides.
I guess the takeaways are:
1. Never trust user generated content.
2. Whenever there's a way for people to produce content (effectively) for free, the affiliates/scammers will be there. I built a rental-listing site a few years back. Not long after I stared getting real listings, I started getting rental scams. I had almost zero traffic, but the tiny blip on the radar screen my site produced drew scammers like flies.
4. It's often better to ask forgiveness than permission. What repercussions did AirBnB suffer for their posts? What real repercussions do any of the spammers face?
5. Just writing about affiliate marketing, well, at least this side of it, makes me feel icky.
> I had almost zero traffic, but the tiny blip on the radar screen my site produced drew scammers like flies.
It's worth pointing out, that if you used some sort of standard back end like Wordpress or some other user content system, there are bots built to search the web for those and post to them automatically. I wouldn't put it past someone to throw in a check for if it is real estate related and handle slightly more advanced back ends like Drupal.
The rental site was home-grown, but scammers still managed to find it. I noticed an ocean-view apartment in Miami for about $300 a month, which seemed odd. After some investigation I learned about scams and began checking for ultra-low rents, etc.
I did have a Pligg site I put up as a quick project and that was a victim of the automated searches for the "submit" page of a Pligg site. Even adding a CAPTCHA didn't help, so I assume offshore workers were adding links manually.
Spam is absolutely not a grey area. "it is NOT FUCKING ACCEPTABLE for a single post that is from a person talking to other people to be deleted, to be dropped on the uncaring floor to make room for machine generated spew."
Craigslist puts in a lot of effort to warn people about common scams, yet the problem persists in the high-value categories. This is especially true of rentals -- I get a Google Alert every week of Craigslist-related crime appearing in news reports, and half or more are rental scams. How can people miss the warnings and get conned? Part of the reason relates to smart social engineering, as the OP suggested -- girls, convincing sob stories (active duty military deploying overseas is a common hook), well-written emails, great prices that are almost too good to be true. The scammers are constantly running tests to see what works best and then applying them to multiple areas. But the other thing is the nature of buyers, who may only come to Craigslist once every few years and may assume that because their last experience turned out good, their next one will, too.
On the spam front, "flagging" is one of the main weapons CL uses to fight things like overposting, top-posting, miscategorized posts, etc. Unfortunately the system has broken down in many markets. Check out some of the cities in Western Canada, which are overrun by spam (see "Craigslist Canada: Ticket spam, giant markets and dead areas" http://invantory.com/2012/04/craigslist-canada/ ). Dealers and spammers using manual or automated means simply overwhelm the categories, and there aren't enough active flaggers to mark the violators -- or people have simply given up.
Classified marketplaces really interested me, and if anyone wants to talk about Craigslist or mobile classifieds, I can be reached via the websites listed on my HN profile.
Flagging can be unrewarding to the flagger as well. If I'm hunting an apartment deal, email 100 ads, determine 70 are fake, flagging the fakes to remove the ads I already know are bad is just going to bring in more competition for the places I want. A lot of fakes reuse something, like pictures or contact information, etc. so you can identify their future posts as well.
The real world rewards are huge. I know people who have sublet a place worth $5k USD/month from someone for $2.5k USD/month because they hunted for a deal and found someone who had to go move and take care of their parents ASAP and that person didn't have any other immediate takers pop up so quick.
ezl does not seem to have gone all the way down the rabbit hole with the oDesk tracking link. (I work at oDesk, but not on this, so I was really curious.) After about 3 HTTP redirects, the www.dpbolvw.net link seems to turn into some sort of affiliate link. So my guess is that a (possibly errant, but presumably very data-driven) affiliate was the one sending him e-mail about oDesk, rather than oDesk itself.
That seems to raise a broader question, which is: to what extent should companies be blamed (and thus try to control) for the actions of the people in their affiliate programs? Would you be unhappy about a blog purporting to be by a cute ice cream eating girl filled with recommended books with Amazon affiliate links? What are the standards in this area, exactly? (On reload, see dabent's comment below as well.)
So I treaded on the dark side at one point, and was hired to write a Craigslist spam application. It was pretty simple and would automatically post to all the Erotic Services sections in all the U.S. localities with randomized (a huge set of varying titles, descriptions and photos - that could all be localized specifically to where it was posting) postings, randomized emails, obfuscating the text further by using shades of black for each letter - then solving the captcha and auto-responding to the email to publish the posting. It would do this every 20 minutes, 24/7.
The results for spamming adult dating affiliate links was pretty interesting. On average it would earn $1k a day, with most holidays jumping up to $2k a day. One very religious holiday in particular (won't mention which one to single any group out) brought in $3k. In one single day.
As long as spamming people with affiliate links will work, and makes them money - someone will do it.
Well - part of the deal of me writing the app for the guy was that I would use it too. So the numbers I am reporting were my personal profits off of it - and I had a much lower posting frequency as not to compete directly with the guy who hired me to write the app. He ended up abusing the system and changed the configuration to go like every 5 minutes which caused Craigslist to make various changes like removing the ability to add links in the postings, then they changed the captcha system (which was still easy to bypass) and then finally they moved to recaptcha (I believe). I don't know how much more the other guy ended up making but I know he was easily pulling in more than me.
It's fascinating how much money there is in things that are at best ethically unsound and legally questionable, and at worst completely illegal (no real shocker in the latter, though).
craigslist could probably eliminate a ton of spam by simply editting out the urls that go thru it's email system.
i.e. if someone includes <a href> inside the email body, simply unscramble it and show the full link.
And on the bottom of the email spell out a warning about affiliates.
This will eliminate most of the spam that goes out to people who list stuff on craigslist.
To fight spammers that list fake listings to gather email addresses...simply implement a private message system for craigslist. Then you can analyze all emails that get sent to users and do the same trick as #1.
You can also limit exposure by blocking messages based on user IPs. Chances are someone from China listing in New York craigslist is a fake.
> You can also limit exposure by blocking messages based on user IPs. Chances are someone from China listing in New York craigslist is a fake.
That last one would probably just create a minor inconvenience for actual scammers while creating headaches for the occasional legit "I am in Shanghai please buy my couch" poster.
> You can also limit exposure by blocking messages based on user IPs.
Craigslist already does this to an extent in their high volume categories. For example, one cannot post Job Listings in highly populated areas (like New York or San Francisco) unless the posting IP address comes from a place near there, and the account is verified via a phone call. Anyone not fitting this description must pay a certain amount of money.
The other side of the coin is the blackmarket selling of Phone Verified Craigslist accounts along with proxy lists in those same markets which can effectively bypass any IP filtering put in place.
I'd say the others usually constitute fraud, so I wouldn't really give them a free pass... Also, the african missionary apartment scams are also looking for wire transfers of prepayment of rent.
33 comments
[ 4.8 ms ] story [ 83.3 ms ] threadWish the final pic had a NSFW warning though.
What AirBnB did was a little spammy (and probably violated CL's ToS). Same goes for ODesk and other freelance boards (I got one from HireTheWorld just the other day).
When someone wants all your personal information or help moving (i.e. "laundering") money overseas, that's an entirely different animal.
I definitely consider them different, though perhaps I didn't highlight that difference sufficiently.
I made a modification and titled the section as such, with a credit to you in the post.
Lots of companies use affiliates to do the dirty work for them, then ban affiliates that get caught. New affiliates pop up, or the banned affiliates create new accounts and start over. That leaves sites like Craigslist in the unenviable position of playing whack-a-mole to try and ban spammers.
Other variations on these include fake profiles of women on (insert social networking site her) who inexplicably "friend" men and entice them to sign up for dating/adult sites where the target can see more photos, and gambling instruction guides/beat the casino secrets uploaded to torrent sites for free. Naturally affiliate links to lots of online gambling sites are embedded in the guides.
I guess the takeaways are:
1. Never trust user generated content.
2. Whenever there's a way for people to produce content (effectively) for free, the affiliates/scammers will be there. I built a rental-listing site a few years back. Not long after I stared getting real listings, I started getting rental scams. I had almost zero traffic, but the tiny blip on the radar screen my site produced drew scammers like flies.
4. It's often better to ask forgiveness than permission. What repercussions did AirBnB suffer for their posts? What real repercussions do any of the spammers face?
5. Just writing about affiliate marketing, well, at least this side of it, makes me feel icky.
It's worth pointing out, that if you used some sort of standard back end like Wordpress or some other user content system, there are bots built to search the web for those and post to them automatically. I wouldn't put it past someone to throw in a check for if it is real estate related and handle slightly more advanced back ends like Drupal.
I did have a Pligg site I put up as a quick project and that was a victim of the automated searches for the "submit" page of a Pligg site. Even adding a CAPTCHA didn't help, so I assume offshore workers were adding links manually.
—http://www.eyrie.org/~eagle/writing/rant.html (actually about Usenet, which was wrecked by the same sort of predatory scum)
I now avoid any car with steering wheel covers in the picture as all the wreck scams I've seen had them.
Safer to miss the few false positives.
Clean it incredibly well.
Put a steering wheel cover.
Sell at Glendale for 6k to 10k as if it's a private sale.
Craigslist puts in a lot of effort to warn people about common scams, yet the problem persists in the high-value categories. This is especially true of rentals -- I get a Google Alert every week of Craigslist-related crime appearing in news reports, and half or more are rental scams. How can people miss the warnings and get conned? Part of the reason relates to smart social engineering, as the OP suggested -- girls, convincing sob stories (active duty military deploying overseas is a common hook), well-written emails, great prices that are almost too good to be true. The scammers are constantly running tests to see what works best and then applying them to multiple areas. But the other thing is the nature of buyers, who may only come to Craigslist once every few years and may assume that because their last experience turned out good, their next one will, too.
On the spam front, "flagging" is one of the main weapons CL uses to fight things like overposting, top-posting, miscategorized posts, etc. Unfortunately the system has broken down in many markets. Check out some of the cities in Western Canada, which are overrun by spam (see "Craigslist Canada: Ticket spam, giant markets and dead areas" http://invantory.com/2012/04/craigslist-canada/ ). Dealers and spammers using manual or automated means simply overwhelm the categories, and there aren't enough active flaggers to mark the violators -- or people have simply given up.
Classified marketplaces really interested me, and if anyone wants to talk about Craigslist or mobile classifieds, I can be reached via the websites listed on my HN profile.
The real world rewards are huge. I know people who have sublet a place worth $5k USD/month from someone for $2.5k USD/month because they hunted for a deal and found someone who had to go move and take care of their parents ASAP and that person didn't have any other immediate takers pop up so quick.
That seems to raise a broader question, which is: to what extent should companies be blamed (and thus try to control) for the actions of the people in their affiliate programs? Would you be unhappy about a blog purporting to be by a cute ice cream eating girl filled with recommended books with Amazon affiliate links? What are the standards in this area, exactly? (On reload, see dabent's comment below as well.)
The results for spamming adult dating affiliate links was pretty interesting. On average it would earn $1k a day, with most holidays jumping up to $2k a day. One very religious holiday in particular (won't mention which one to single any group out) brought in $3k. In one single day.
As long as spamming people with affiliate links will work, and makes them money - someone will do it.
i.e. if someone includes <a href> inside the email body, simply unscramble it and show the full link.
And on the bottom of the email spell out a warning about affiliates.
This will eliminate most of the spam that goes out to people who list stuff on craigslist.
To fight spammers that list fake listings to gather email addresses...simply implement a private message system for craigslist. Then you can analyze all emails that get sent to users and do the same trick as #1.
You can also limit exposure by blocking messages based on user IPs. Chances are someone from China listing in New York craigslist is a fake.
That last one would probably just create a minor inconvenience for actual scammers while creating headaches for the occasional legit "I am in Shanghai please buy my couch" poster.
Craigslist already does this to an extent in their high volume categories. For example, one cannot post Job Listings in highly populated areas (like New York or San Francisco) unless the posting IP address comes from a place near there, and the account is verified via a phone call. Anyone not fitting this description must pay a certain amount of money.
The other side of the coin is the blackmarket selling of Phone Verified Craigslist accounts along with proxy lists in those same markets which can effectively bypass any IP filtering put in place.