SpamArrest has shocked the anti-spam community this week by: Spamming. SpamArrest is a system that quarantines all incoming messages that are not pre-approved until the sender has had a chance to "confirm" that he's a real person (not a spammer or bulk sender) by clicking through to the SpamArrest site and typing in a code from an image that is not computer-readable. Once the sender confirms, then all subsequent mail from that person is approved. To many people this sounded like a great system to stop spam.
Of course, the senders of the messages had absolutely no idea that by sending email to a person (they had no way of knowing was using SpamArrest), they were agreeing to receive marketing offers from the spam-prevention system selected by that person.
Their addresses were, in effect, harvested from the inbox of SpamArrest users. This would be comparable to Yahoo deciding to harvest the email addresses of anyone who sent you email at your Yahoo account, and marketing to them. Boy, I hope Hotmail doesn't hear about this; it may give them an idea for email marketing.
This is an outrage. According to spamNEWS
, Daryn at SpamArrest claimed, "We didn't think it was spam; we thought it was a valid marketing idea. I'm guessing we won't do it again." Yea. Right. I guess it depends on what the meaning of "is" is.
If you value your friend's and colleagues privacy, stop using SpamArrest immediately. This kind of abuse casts a pall on all these "challenge-response" approaches to preventing spam.