McAfee SiteAdvisor

May 16, 2008 No comments

As you may have read, I’ve had an interesting week. I got a reminder of the way big companies operate. It’s not a pretty sight. I have also gotten an education in how McAfee’s SiteAdvisor works thanks to Yahoo’s new SearchScan.

To cut to the chase, SiteAdvisor has some serious flaws. I am saying this not to beat up McAfee for listings a false positive spammer rating (red alert) for three of our websites but to try to help McAfee fix the problem. I am publishing these (a) so McAfee can read them and take action, (b) so people who are wrongly targeted by McAfee as spammers can get a better understanding of what is happening (and get a nice dose of empathy by knowing they are not alone) and (c) to force McAfee to fix at least one that can be taken advantage of by people with no morals as they will see how to use it to harm their competitors.

Five Flaws

1) False Positive from a spammers hack

I don’t know what else to call this one. This is what happened to AnyCoupons. There was a false positive because McAfee thought that we sent e-mail to the account it used to sign up. McAfee doesn’t use an obvious e-mail address. I can’t find any in our database that use mcafee, siteadvisor or any variation of spam that I can attribute to McAfee.

The Sample Inbox below shows some of the e-mail that McAfee claimed we sent. Note that SiteAdvisor appears in 4 of the 5 listed e-mails. The problem is that we didn’t know that SiteAdvisor had registered. We took only an e-mail address, not a name. As I pointed out above, we have no record of SiteAdvisor in an e-mail address in our database. How could we have put the name with a random e-mail address? Well, we didn’t.

This seems to happen a lot and McAfee doesn’t appear to have a good system in place to correct it or to sniff out when this mistake happens. I would assume that McAfee has seen many situations like this and that the bright engineers at McAfee could write algorithms to tell when a false positive occurred based on the false positives it has retested.

As Richi Jennings pointed out on my original post, Rule #1 is that Spammers lie. That makes it tough for anyone to get rid of a false positive as they are guilty until proven innocent (which is rather un-American in my opinion). McAfee needs to have a better system for site owners to appeal its decisions. I have read far too many complaints on the Web (one from Angie Vandenbergh in the comments on the other post) about people who cannot get a retest. We lucked out as I write at a blog that is well-read. Most people don’t.

2) McAfee gets what McAfee asks for

I found that Excite.com was red flagged as a spammer in Yahoo search results. The executive at IAC whom I contacted is out of the country this week. We’ve had trouble connecting. So I contacted someone I know at another IAC company to see first about working together and once my problem was solved, helping them out. The response from someone at Excite was bizarre-big-company-speak. Basically, they said I should fend for myself. Good move. No retest for Excite.

The issue that Excite faces is that the registration form at Excite.com includes the following:

Excite may make the information that I supplied available to selected Third party companies so that they may contact me regarding services that may be of interest to me.

From what I understand, McAfee uses a bot to subscribe. The bot did not change the selection for receiving third party e-mail from Yes to No, so it requested to receive such communication.

Guess what… McAfee received that communication (all from the domain excite-partners.com), decided that it was unwanted (even if it requested) and deemed it to be SPAM. Bad McAfee!

McAfee needs to either redefine third party e-mail when requested or teach its bot to opt out. If McAfee is opposed to opt out options, it should make that public and it should notify websites that get a red flag for this so they can decide either to continue the practice and have a red flag or cease the practice.

3) Sub-domains

A non-techie friend read my last post. Because of it, he knew exactly what the red warning in Yahoo was about. he was surprised when he found it for a church! I wonder what the priest at Saint Peter the Apostle Catholic Church thinks of being labeled a spammer by Yahoo.

I don’t think that the church spams. The church in question has its website at naples.net. Some spammer probably used an account at naples.net (or there was another false positive). As a result, anyone with a site at naples.net is being dubbed a spammer by Yahoo! McAfee must correct this and take into account sub-domains. Imagine if Blogspot or Vox got pegged with this.

4) Use of HTML forms in ads on your site

OK, I don’t get all of the details on this one. It is Greg Yardley’s theory and you can find it on his post about McAfee’s SiteAdvisor. We don’t use ads like that so I can’t see how this happened to us.

5) Spammers link to good sites

Today I decided to check our other sites in SiteAdvisor. I was shocked to see that two of them were flagged as spammers. The reason? They had inbound links from, you guessed it, anycoupons.com, a site formerly known to McAfee to be an alleged spammer. AnyCoupons had a yellow flag at this point but these other sites were not updated. I don’t know if they ever would be. Another place that McAfee needs to improve is updating related sites.

This was cleared up today, thanks to Shane who commented on my last post. Again, there would have been no way for the average site owner to achieve this. Thank you, Revenews.

Why is this a problem? If you don’t like someone, build a new site on a shared server with a hidden domain registration. Put a form on the site. Request McAfee to review the site. Spam the hell out of any e-mail addresses you get. Just use some of the spam you get in your own inbox for templates. BAM! You now have a red flagged site. Now start adding a lot of outbound links to your competitors and watch their ratings turn red.

You can also use this if you want to see the type of e-mail addresses that McAfee uses to register. There were some questions about that in my last post.

Best Practices

I searched the SiteAdvisor website and was unable to find any best practices (e.g. never use opt out options for receiving third party e-mail) for websites. If McAfee is going to judge websites for commonly-used practices, it is in effect dictating best practices and should inform its victims of what it is doing, thus giving them the choice to comply or fight.

What to do if you get flagged by SiteAdvisor

Step 1 is to go to the SiteAdvisor site and request a retest. That won’t work but you have to do it.

Step 2 is to write an article on a well-read blog.

Step 3… I have no idea. If you have a suggestion for a more realistic Step 2, please post it below.

Read the original post:
McAfee SiteAdvisor

Uncategorized Affiliate Marketing, Contextual Advertising, d-m-c-a-notice, home, mcafee, mcafee-siteadvisor, micro-content, online-marketing, revenews, security-issues, siteadvisor, spam, Wordpress, yahoo

Make Money Online

McAfee SiteAdvisor

Comments

Leave a Comment

Tags

Recent Posts

Pages

Recommended

30 Day Wealth System

Blogroll