I think Log4shell was about the closest we got to this. It’s still crazy to me you could exploit an unknown machine by leaving a string of text somewhere and waiting for a vulnerable client to process it. I imagine many spammers are running a lot of insecure PHP and Perl scripts to support their operation. That was certainly the case back in ~2006, and I imagine most “new entrant” spammers are not using email but rather social media tactics and the like, so I doubt email spam infrastructure improved.
That said, the real guilty spammers are the companies doing it under the flag of a sales tool. RIP your email if you put it in a git commit.
not my fault you haphazardly inserted <whatever I crafted> into an HTML field in some browser at some point in the future.
DNS records, facebook statuses, titles of apps on the playstore, Wifi SSIDs, BIO's on obscure forums, names of children, recipe ingredients, your TV's network nick name...anything that can hold the input of a user, that a scraper or content mechanism will eventually naively come across...
eventually it will get added to the DOM of some unknownst messenger, and I will receive a ping, letting me know that someone, somewhere, somewhen, sniffed my digital fart.
So, for the email industry (both marketers and client developers) "Spam" is used to specify emails that are not compliant with the CAN-SPAM act - they don't have a way to unsubscribe or report abuse.
ITT people are using Spam to cover all sorts of junk email, but in my mind there is a difference between companies engaging in annoying methods to get your consent and organizations engaging in bad faith breaches of CAN-SPAM.
I’m not sure if your comment is meant to defend the practices of the companies I’m referring to - maybe you work at one of these spam houses, I won’t judge - but frankly, I don’t care what the definition of CAN-SPAM is. Clearly everyone thinks they CAN-SPAM me and I’ve never heard of anyone actually being fined under any anti-spam law except at the highest, most absurdly industrial volumes of spam.
If my email is public because it’s in a Git commit or a Gravatar or even an intentionally public “email” field in my profile, that is not consent to send me unsolicited, automated messages followed by a multi-day campaign of emails guilt-tripping me for not responding to the first one. Maybe they have an unsubscribe link at the bottom. I don’t know, because I don’t open unsolicited emails that may contain malicious zero-days targeting my device. But if they do include the unsubscribe link, it doesn’t make me think any better of them and it doesn’t absolve them of any moral wrong-doing.
If you’re a founder or employee of a company that revolves around sending automated emails to non-customers, just be aware that your target market is a group of self-anointed “hustlers” who send unsolicited email messages to people who slowly grow to rightfully despise them. If your “marketing database” is a scraped list of emails, you should delete it and shut down the company. In the future, consider using your skills to work on problems that have a positive impact on the world.
In most of my professional career (B2B), we didn't use any scraped data in our marketing system. We relied strictly on opt-in forms or in-person event data (some gray areas existed here).
However, you've unwittingly touched on one of the philosophical divisions that exist in most organizations between Marketing and Sales: Sales departments in general have a much more "liberal" idea of who is email-able. The idea being, "what's the rule against me just emailing someone about something"?
Well, you give a mouse a cookie and before you know it Sales has an entire email automation system to themselves. So if you look at an expensive sales tool like Outreach or Salesloft and ask, "what's the difference between this and a normal email automation tool" the answer is a lot of money and a lot of looking the other way.
So to give you a window into the politics of a GTM organization, most companies keep kind of a curtain of plausible deniability between their "inbound"/optin-based marketing and their outbound sales systems.
This is something legislation could fix. Harvesting emails for spamming from GitHub commits is not much different from taking parked cars for a joyride: they might be in the open, but not for you.
I assume the CAN-SPAM Act is a law in whatever country you're in. But as a member of the "email industry" in a different country, no, that's not how we define spam.
There's not a big difference between skirting the rules of CAN-SPAM with annoying junk emails and email list sales to whoever will pay and violating it outright. There's a pretty clear line between useful work and scummy opportunism which is crossed constantly by "legitimate" email marketing.
List purchases are a whole thing in the industry. It's actually a big line to cross. But it's far from a universal behavior that organizations deal in.
So I will say I have witnessed some amount of "grey market" lists (Tech Target, Experts Exchange, etc). But in my professional opinion, all these seem to do is generate garbage leads and unsubscribes.
That said, the real guilty spammers are the companies doing it under the flag of a sales tool. RIP your email if you put it in a git commit.