Skip to content
 

Shelfari.com Spam

The latest attempt to get into people’s webmail accounts is from a group Shelfari. Apparently set up as a service to help your friends learn about new books to read. They do this by getting you to give them your webmail account’s password so they can look to see if any of your friends are also members of Shelfari. In reality, Shelfari.com sends spam masquerading as you to everyone in your webmail’s Address Book.

See other reports of this behavior at:

I have blacklisted email from shelfari.com to my servers, as a complaint I filed there a few days was blatantly ignored and they did it again, emailed one of my addresses another “invite” to join.

Reminder: Never ever ever give your webmail account information to a third party.

6 Comments

  1. Prateek says:

    Hi Mike,

    The issue is not really that shelfari is asking for your email contacts. LinkedIn and other websites do it too.

    It is more the “how”. By default, all your contacts are checked and there is no way to deselect them. There are two or three buttons and if you click any, you will send an email to everyone.

    I also run a website Muziboo.com and we have rolled out the same feature but we do it very neatly and pull no cheap tricks (no reminders nothing). Check it out for yourself and tell me what you feel

    Btw .. thanks for the trackback …

  2. Hi Prateek,

    I checked out your Muziboo site, and sorry, but it is never acceptable to ask for a password to someone webmail’s account. All we have is your word that you won’t do anything nefarious with that info. You could take over their account, search for password reminders from other web sites, lots of other bad stuff. Blackmail is possible. Spam obviously. Why would someone ever open themselves up to that kind of abuse and headaches?

    If lots of different sites ask for webmail account login info, people get the idea that it is ok to give it out. And it is not. Look at the phishing epidemic. Now people need to be on the lookout for muziboo phishing attempts. It’s much better to not be in the position of having to say “we never do anything bad with your password” by not collecting it in the first place.

    Why does Muziboo not have a privacy policy? Site users don’t even know what country the muziboo site is based in. Is it India? USA? Australia? Laws are very different, and if someone had to come after you because you did something Bad with their email account, how could they do that? Whois info says India, but other than that there’s no hints on how to track you down.

    So, I’m not upset at you or anything, but I really think collecting webmail login information is a very bad idea, for both you and the user submitting the info.

  3. Prateek says:

    Hi Mike,

    Thanks for reviewing Muziboo.com and I really appreciate your comments. It is certainly true that I can despite giving my word for it, do nasty things with your email address. However we at Muziboo.com certainly don’t and neither do we pull cheap tricks to spam your contacts. But I agree that its all based on trust, which can be breached. Same applies for companies that take your credit card information. That can be misused too and you can incur a financial loss. I think most of ecommerce and internet is based on trust and the belief that legal action can be taken when the trust is breached.

    However, if you never import your contacts anywhere, the big guys like google will have all the power because they have all the services linked with just one login and it will be very difficult for smaller companies to help you connect with your network on their site. I would like to know whats your view on that.

    I will put a privacy policy in place. However there already is relevant contact information in the footer of the website, so the team is reachable and visible.

    Thanks again for your comments. I will work on them to improve the website

    Regards
    Prateek
    Muziboo.com

  4. Sanjukta says:

    Hey thanks for the track back..

    Although I firmly believe that shelfari is nothing more than a cheap spamming site which has not yet stopped its act of spamming even though much have been written against it (goes to prove how sick are they)…. I do however think blaming shelfari alone is not enough…

    I reiterate the point i tried to make in my post “major ranting” that our fellow net users should be more careful about sending invites..whether bulk or not why send invites in the first place…

    If I need to I’d do my own research and find a site to join…no need to send me invites…

  5. […] Boyd Clark has linked to this post of mine while writing about the shelfari.com spam on his blog. He have also listed few more posts talking about the same issue. There is a constructive […]

  6. Deane says:

    The Shelfari saga has been playing out on Gadgetopia for a few days now.

    I think we’ve gotten some traction. We’ve raised enough hell that Shelfari posted to their own blog that they’re going to re-design the interface, and Josh Hug himself posted an apology on a comment to the linked post.