SPECIAL REPORT: Klez Causes Problems of "Biblical Proportions" for Email Newsletter Publishers - Some Fixes for You
The Klez email virus has been around since November 9, 2001. According to our Tech Editor, Alexis Gutzman, early versions were "fairly harmless."
However, last night ContentBiz received an email from one reader saying new variants of Klez were causing a problem of "Biblical proportions" for many email newsletter publishers.
Here is what happens; if one of your newsletter subscribers is infected with Klez, the virus can now send an email message "from" everyone in that subscriber's address book "to" every email address that subscriber has emailed in the recent past.
If you have a subscriber who joined your list via email, now your join-list address will get messages that appear to be 'from' everybody in that subscriber's address book also trying to join the list. Suddenly your list has grown a lot bigger, and there is no way to tell which new subscribers joined on their own and which came from the virus.
In summary: The Klez virus is causing people's email addresses to be added to opt-in email lists without their knowledge or permission.
In addition, Klez may send notices to your entire list through your list server without your knowledge or permission.
If you operate a double opt-in (aka "confirmation required") list, then you are safe from the first problem, because even if Klez causes someone to be added to your list, they will not "stick" until they manually confirm that they want to get your newsletter.
However, please note you may still receive some accusations of spam, because Klez is causing your server to send out request for confirmation notices to unsuspecting people. We have certainly received plenty from lists we never heard of before here at the ContentBiz office in the last two days. Until we learned about the Klez problem, we assumed a human prankster was signing us up for double opt-in lists without our permission.
If you operate a double opt-in list, you may want to alert your customer service people that they may get a few more "hey you're spamming me!" messages than they normally do.
You may also want to quickly change the wording of the letter, that is emailed out to people asking them to confirm their subscription, just to say something like "The Klez virus may have tried to subscribe you to our newsletter without your knowledge. Do not worry! In that case, this letter is the only time you will hear from us. You will not be added to our permanent list *until* you click on the link below and tell us you want to be. Sorry for the inconvenience."
If you are a single opt-in publisher -- in other words, if people can add themselves to your email list without having to reply to a confirmation email asking if they are sure they want to be added -- then Klez may be causing you serious trouble.
Christopher Knight, CEO of SparkLIST, a hosting company specializing in serving email newsletter publishers, told us that he is strongly recommending that his single opt-in clients switch to double opt-in "at least until this virus wildfire subsides."
He says, "Unfortunately single-opt-in list owners will have no idea whether their new list members asked for the list or were signed up by the virus. Every client who runs single opt-in is at risk of reputation damage." Or worse; if someone suspects you are a spammer they might report you to various spammer lists, such as SpamCop, and get your messaged banned or filtered out by their company's IT department, their ISP, or a whole group of ISPs.
If you decide not to switch to double opt-in for at least the duration of this emergency, you also may want to change your subscriber Welcome message so it clearly identifies the potential problem and offers a solution.
Example, "Note: We have learned the Klez email virus occasionally signs up people for this list without their knowledge or permission. You don't have to have the Klez virus for this to happen -- your email simply has to be in the address book of someone else who does.
Naturally we don't want to send you a newsletter that you don't want to get. If you have been signed up without your permission, here's how to get off this list quickly and easily..."
Knight also warned us that Klez poses a separate risk to list owners, even if they are double opt-in:
SparkLIST clients, as well as many other email newsletter list hosts using Lyris software, may need to change their default settings to stop Klez from sending out messages to their entire list.
"There's a setting that auto-approves or allows a moderated post top be sent to the list at a certain time if it's not approved already. This is bad considering the virus is spoofing FROM: fields. Time to tighten them all down," says Knight.
Also, if you would like more information and advice on email security for your company in general, written in clear non-technical language, we suggest you get a copy of Alexis Gutzman's new book published by the American Management Association:
"Unforeseen Circumstances: Strategies and Technologies for Protecting Your Business and Your People in a Less Secure World"
It is on sale right now at Amazon (and no, we do not profit from this plug at all, aside from the fact that Gutzman happens to work for ContentBiz when she's not writing business books!)
Good luck with Klez -- with this issue out, we are now going to go to our own list set-up and take the advice we just dished out above.
The views and opinions expressed in the articles of this website are strictly those of the author and do not necessarily reflect in any way the views of MarketingSherpa, its affiliates, or its employees.