Hacker News new | past | comments | ask | show | jobs | submit login
Two Phase Spam: Spammers that Impressed Me (ezliu.com)
54 points by michael_fine on May 3, 2012 | hide | past | web | favorite | 30 comments

I think this is bullshit. Google search of "is the game called world of tanks?" only pulls up this one page. If it was some kind of viral spam campaign, more people would be discussing it in forums.

It's not spam. It's a misdirected email.

Either way, actual spammers should never be praised. If it was legitimately spam, then I wouldn't be impressed.

From the web site contact page of the original article, the author has email address "ericzliu on gmail". I can see how that could easily receive a mistyped email.

maybe the article is a stealth ad for world of tanks :)

That is what I was thinking. Clearly the email isn't really spam or a lot of people would have received it. But the blog entry is getting hits, and that is getting the name of the game out. So next step would be to see if Eric was working as a viral marketing consultant :-)

While strategy is good, nowhere in this post we can actually see that it is a spammer. I get a lot of emails from people who think they are talking to someone else. These look like those.

Again, I agree this would be good strategy for spammers, just don't see how this is one of those.

If you google the name of the "spammer" it looks like he might be a kid in high school. Seems like a misdirected email that led to the development an ingenious spamming technique.

"Is this the game that you were talking about?" Link to blog post reviewing some random game that has an amazon affiliate link spammed all over the post

Edit: Unless the spammer thought ahead and created and populated accounts around the internet pretending to be in HS so that we will now write off this spam as a misdirected email...

If _I_ were doing this, I'd joe-job some plausible looking kid's email address…

I doubt it was a spam. World of Tanks is owned by a quite big company. There are TV adverts for this game running in my country - they would not engage in such activities unless they really want to burn their reputation.

As for SEO benefits - I doubt that it would positively affect their ranking even if they were not widely known.

The only way that e-mails can be used for SEO (besides of buying links) is using the fact that Google is spying on the links you are sending. Every URL being sent through GMAIL is being crawled by Googlebot. This can be used to index backlinks.

In this case, there was no links inside.

>Every URL being sent through GMAIL is being crawled by Googlebot

This is demonstrably false.

Email a gmail address with a URL that only you know about. Then observe your server logs - you will not see GoogleBot at this URL

I've done this before and I know this works. Tested on many thousands of URLs.

I thought this was pretty interesting so I just tested this by setting up a Perl script that pretends to be a web server and having it printing out the IPs of anyone who accesses it while feeding them a 403 page.

After emailing myself a link to that server on Gmail, referencing a document that doesn't exist, I waited for over six hours. No hits were recorded from any source and I am unable to duplicate your results.

Darn that is effective! I think just posting the story to HN works really well also. I ended up googling the game and poking around the forums. Nice marketing scheme.

I wonder how this could be used in traditional marketing sense? He describes it as:

   First you plant the seed.
   Then you wait for it to grow into a plant.
   Then you …
You clearly couldn't use this approach, because it is a: disingenuous, and b: requires you to have a large number of people's emails. It's an interesting concept, especially in the context of traditional marketing.

Isn't this what most marketing does? Or at least all top-of-mind marketing (e.g.-plumbers)? They plant the seed--they don't expect you to buy soda or a car while you're in the middle of watching a television show, but they want you to make you inquisitive about it. e.g.-How would that new car drive? Wow, that looks fun. I should test drive that at some point--and then when you're in the market, you go test drive it.

Yeah, I guess so, it's just this was such a poignant form of marketing it really struck me.

A two phase billboard is an old trick in traditional marketing. First an apparently non-salesy image designed to incite curiosity, then after a few days, hammer it in.

Phase 1. Arrange for a large group of people to show up outside an Apple store waving 'Wake Up' placards.

...or is it possible someone just sent you these emails as a mistake?

I doubt someone is actually sending bulk emails from a comcast account.

Yes, that's what I came here to post...

That actually happens sometimes. Someone used my email when registering for an online store, and now I get mail receipts for everything he buys. The thing is there's no way I can contact him. I tried contacting the store, but they didn't do anything about it either, so I just created a mail filter and got on with life.

I guess the real lesson in my case is: always validate your user's email address by sending it a confirmation link (by t he way, I think people using giant regexps to validate mail are missing the point). I see the point in letting the user log in right away (as soon as an email address and password are provided), but I think there still should be a confirmation email and the system should not send any email to unconfirmed addresses.

Yes, this. Every person I know who has a reasonably common gmail address gets mail intended for others. For some of them it's often enough that they've created canned responses to deal with them. It's somewhat astounding how many people out there apparently do not know their own email addresses.

I would just reset "your" password, log in, and cancel the account. Problem solved.

That's what I usually do. I have a first initial + last name @ gmail.com account and tons of people sign up for accounts using my email address. Unfortunately, doing a password reset on for a bank account, cellular account, or the like is usually impossible without an account number or something else. As it should be, but it's really important that people use closed-loop sign-ins and allow people to remove their email addresses from accounts without logging in.

Must be a trial, going through life named "Norbert Ospam"…


Sometimes, they need to warm-up their accounts. This could have just been such a warm-up.

I am always impressed (although often repulsed) by spammers. Getting someone to look you up on Google is a a clever way not only to get people to see your ads, but to solidify your position in the search rankings. Clever!

This is actually 3 phase spam.

Phase 3 is at the top of the page you are looking at (i.e. this one)

This reminds me of an e-mail I go the other day:

    From: Tai Bei <tai.b1@9.cn>
    Subject: Re

    Seeking for your cooperation.

you might want to obscure screenshot as well.

It's a little ironic that its courtesy to obscure spammer's emails.

A lot of spam mails are sent through hijacked white-listed accounts. If that's the case here, it's unnecessary exposure of someone else's email address.

As jyap said up the top -- it's more likely that this is a mis-typed email to a friend than spam.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact