• by Tom Hespos , November 1, 2004

Bob is the type of guy most people would like to strangle if you ever met him face to face. Regrettably, the likelihood that I'll ever get such a chance is practically nil.

Every few days, Bob lets loose with an automated submission script that spams my blog with ads for anything from casino games to debt consolidation services to mail-order pharmaceuticals. He usually does this on Sunday, when I'm more apt to be watching football with my brother-in-law than paying attention to my blog. Every Monday morning, I run another script to get rid of Bob's spam and ban his IP address.

With every piece of comment spam that Bob's script generates, I get an e-mail from my blog software that lets me know that someone has left a comment on a post I've made. Bob's comments automatically get posted to my blog as soon as he leaves them, and the outbound links he leaves behind to his various Web sites are an attempt to pump up his Google juice.

Bob is pretty good about covering his tracks. He always seems to post from a block of IP addresses in China, and he's never posting from one IP address for very long. He always uses a slightly different e-mail address every time he posts.

Every Monday, I can count on at least 25 pieces of blog spam from Bob, posted from a new IP address. Looks like I'll have to implement a new anti-spam package if I want to put a stop to his constant influx of comment spam. Bob is as persistent as he is annoying.

Last weekend, on a whim, I decided to check out some of Bob's sites, just to see what was keeping him so motivated and to see what prompts him to lead a spammer's life. I followed a link of his to a Web site for online pharmaceuticals and it immediately redirected me to a page on an altogether different Web site where I could order drugs online.

The online drug company I was redirected to offered an affiliate program. So I decided to check out the program, just to see what Bob might be making from these guys. A simple one-page form was all that was required to sign up for the program.

If I didn't mind where my personal information went, I might have signed up myself. The program offered two-tier commissions and a lifetime value model - once you referred a customer, you earned money from that customer any time they spent money with the drug site. Did the site offer an affiliate terms of service document? Nope.

I checked out another Web site for debt consolidation of which Bob is an affiliate. This site seemed to have some rules set up for its affiliates. There is an agreement, one part of which covers spam. It says that the affiliate indemnifies and holds harmless the debt consolidation Web site for any misuse of e-mail.

But it didn't mention things like blog spam, phantom redirect pages, or any other modern non-email spam techniques. And the agreement is set up such that if someone catches Bob one day, the parent site isn't liable for his spamming at all.

There is certainly no shortage of these open-ended affiliate programs in which a spammer can participate. Many of them offer sales commissions of over 20 percent. And all one needs to set up a profitable spamming operation is an Internet connection, an account with an offshore ISP, and knowledge about some simple Perl scripts.

Bob doesn't have to keep an inventory of products or send products to people who order them. He simply needs to get as much traffic to the sites he's affiliated with as possible and hope that they buy enough product to keep him in business. I can't fathom how much traffic Bob's hijinks drive to his Web site in any given month, but it appears to be enough to allow Bob to continue doing what he's doing.

Which begs the question - If we want to get rid of spam in all its forms, shouldn't we take a look at the open-ended affiliate programs from which spammers get their money? Should marketers who run affiliate programs share responsibility for the behavior of their affiliates?

One thing's for sure - spam is thriving partly because of affiliate programs that aren't doing a good enough job of screening affiliates. One way we could solve this problem would be to require affiliates to put up a deposit in order to participate. The deposit could be held in escrow, and forfeited if and when an affiliate sends spam.

This one is a toughie. Most marketers want to grow a healthy affiliate program that drives legitimate leads and sales, but they can't go on promoting open-ended programs that are too easy for spammers to exploit.

If we want to get serious about stamping out spam, we need to cut off the source of its funding. For me, that includes easily exploited affiliate programs that allow affiliates to make money from spam.