Previously, I wrote an article about scraping via email. In it, I detailed how spam bloggers, especially those using Blogspot, would take an RSS feed, pass it through an RSS-to-Email service (site appears to be down) and have the resulting email messages delivered to their Post-via-Email address, thus converting the emails to new blog posts without the need for special blog scraping software.
Shortly after writing that article, I received emails from several administrators of Yahoo Groups lists and other mailing lists. They were finding that the same technique was being used to convert member-only newsletters and posts into spam blogs.
The idea is simple, just subscribe to the group using the same Post-via-Email address and have all of the messages that are sent to the group, converted straight to posts in to spam blog. This can work with lists where only the administrator posts or on lists that allow users to participate.
Any mailing list or “group” site that routine sends messages to members and allows public sign up is vulnerable. To help guard against this, I would recommend that administrators take the following precautions.
- Make sure that your list does not allow anyone to subscribe with an @blogger.com address or that you routinely remove anyone who attempts to.
- If possible, make sure that the email address of the subscriber is included in every letter sent out, this guards against the use of email forwarding.
- Include your unsubscribe link as a clickable hyperlink in your emails. If a user discovers the spam blogging, they can easily unsubscribe the spammer.
- Set up Google Alerts for relevant information in your emails, something that would be unique to your list.
- Make it clear when users register that content from the list is not for republication and have them agree to not redistribute the content that is emailed to them.
Fortunately, this problem seems to be relatively minor now. Most email lists do not seem to have this issue in a significant way and, of the mailing lists I subscribe to, I was not able to find one that was being actively scraped.
Still, administrators should be aware of the danger, especially since simple steps can help prevent any problems.