SPECIAL REPORT: Klez Causes Problems of "Biblical Proportions"
for Email Newsletter Publishers - Some Fixes for You

The Klez email virus has been around since November 9, 2001.
According to our Tech Editor, Alexis Gutzman, early
versions were "fairly harmless."

However, last night ContentBiz received an email from one reader
saying new variants of Klez were causing a problem of "Biblical
proportions" for many email newsletter publishers.

Here is what happens; if one of your newsletter subscribers is
infected with Klez, the virus can now send an email message
"from" everyone in that subscriber's address book "to" every
email address that subscriber has emailed in the recent past.

If you have a subscriber who joined your list via email, now
your join-list address will get messages that appear to be 'from'
everybody in that subscriber's address book also trying to join
the list. Suddenly your list has grown a lot bigger, and
there is no way to tell which new subscribers joined on their own
and which came from the virus.

In summary: The Klez virus is causing people's email
addresses to be added to opt-in email lists without their
knowledge or permission.

In addition, Klez may send notices to your entire list through
your list server without your knowledge or permission.

If you operate a double opt-in (aka "confirmation required")
list, then you are safe from the first problem, because even if
Klez causes someone to be added to your list, they will not "stick"
until they manually confirm that they want to get your
newsletter.

However, please note you may still receive some accusations of
spam, because Klez is causing your server to send out request for
confirmation notices to unsuspecting people. We have certainly
received plenty from lists we never heard of before here at the
ContentBiz office in the last two days. Until we learned
about the Klez problem, we assumed a human prankster was signing
us up for double opt-in lists without our permission.

If you operate a double opt-in list, you may want to alert
your customer service people that they may get a few more "hey
you're spamming me!" messages than they normally do.

You may also want to quickly change the wording of the letter,
that is emailed out to people asking them to confirm their
subscription, just to say something like "The Klez virus may have
tried to subscribe you to our newsletter without your knowledge.
Do not worry! In that case, this letter is the only time you will
hear from us. You will not be added to our permanent list
*until* you click on the link below and tell us you want to be.
Sorry for the inconvenience."

If you are a single opt-in publisher -- in other words, if people
can add themselves to your email list without having to reply to
a confirmation email asking if they are sure they want to be
added -- then Klez may be causing you serious trouble.

Christopher Knight, CEO of SparkLIST, a hosting company
specializing in serving email newsletter publishers, told us that
he is strongly recommending that his single opt-in clients switch
to double opt-in "at least until this virus wildfire subsides."

He says, "Unfortunately single-opt-in list owners will have no
idea whether their new list members asked for the list or were
signed up by the virus. Every client who runs single opt-in is at
risk of reputation damage." Or worse; if someone suspects you
are a spammer they might report you to various spammer lists,
such as SpamCop, and get your messaged banned or filtered out by
their company's IT department, their ISP, or a whole group of
ISPs.

If you decide not to switch to double opt-in for at least the
duration of this emergency, you also may want to change your
subscriber Welcome message so it clearly identifies the potential
problem and offers a solution.

Example, "Note: We have learned the Klez email virus occasionally
signs up people for this list without their knowledge or
permission. You don't have to have the Klez virus for this to
happen -- your email simply has to be in the address book of
someone else who does.

Naturally we don't want to send you a newsletter that you don't
want to get. If you have been signed up without your permission,
here's how to get off this list quickly and easily..."

Knight also warned us that Klez poses a separate risk to list
owners, even if they are double opt-in:

SparkLIST clients, as well as many other email newsletter list
hosts using Lyris software, may need to change their default
settings to stop Klez from sending out messages to their entire
list.

"There's a setting that auto-approves or allows a moderated post
top be sent to the list at a certain time if it's not approved
already. This is bad considering the virus is spoofing FROM:
fields. Time to tighten them all down," says Knight.

For more information on exactly what Klez is:
http://securityresponse.symantec.com/avcenter/venc/data
w32.klez.gen@mm.html

Also, if you would like more information and advice on email security
for your company in general, written in clear non-technical
language, we suggest you get a copy of Alexis Gutzman's new book
published by the American Management Association:

"Unforeseen Circumstances: Strategies and Technologies for
Protecting Your Business and Your People in a Less Secure World"

It is on sale right now at Amazon (and no, we do not profit from
this plug at all, aside from the fact that Gutzman happens to
work for ContentBiz when she's not writing business books!)

Good luck with Klez -- with this issue out, we are now going to
go to our own list set-up and take the advice we just dished out
above.