Big MistakesEthics & EnvironmentFraudGeneralMarketingMatters Webby

Falsely Identified As Sending A "Virus or Unauthorised Code" – Thanks For That, MessageLabs!

Yesterday was a busy day for anti-fraud newsflow plus some good old fashioned web fear mongering.  Don’t get me wrong – web fraud happens and needs to be combated but there is often something shrill and hysterical about the reporting of online fraud, especially in the UK.  “Everyone PANIC!” would seem to summarise the editorial style of quite a few media channels.  Before people lock up their PCs or throw them in the river, they should remember that they are significantly more likely to be a victim of crime and fraud when venturing into the real world than they are when venturing online.

There’s no doubt that education is key in battling web spam and other forms of online fraud and Get Safe Online in particular does a fantastic job of putting out clear, moderate and easy to understand information on how to take care of oneself online.  Common sense recommendations include running regular updates for your browser and operating system, having up to date antivirus, antispyware and firewall software and not responding to unsolicited emails or giving away key personal and account information online.  Often, sites like Get Safe Online recommend third party software vendors, such as AVG or McAffee.

Understandably, reputable online businesses recognise the challenge of building trust and at Arena we work very hard to address potential trust concerns of visitors, such as payment methods and checkout integrity, site security, quality / value / freshness of product, and data protection and privacy policies.  After all, if we’re asking customers to hand over their money without ever having met us face to face, then they will need to be convinced that we are who we say we are and that we’ll deliver on our promises.  We try as much as we can to be clear and transparent about what we do (posting to our blog regularly is part of that…I hope it’s clear that this post isn’t being written by a scammer in Eastern Europe!).  The key is not to slip up as, as they say, “trust is hard to win and very easy to lose”.  Once you have it, do your very best to hold on to it.

It’s therefore incredibly frustrating when a lot of hard work is potentially undone by a company that really should know better – MessageLabs (who were, incidentally, purchased for a whopping $700m by Symantec yesterday).  To explain, last week we sent out one of our regular marketing emails to our subscriber base.  So far so good.  But soon after the send, we started receiving emails from concerned customers.  They had received the following email from their mail client, Message Labs:

Subject: WARNING. Someone tried to send you a potential virus or unauthorised code

Body of email included the following: The MessageLabs Email Security System discovered a possible virus or unauthorised code (such as a Trojan) in an email sent to you.

Possible MalWare ‘Exploit/Phishing-paypal-1054’ found in ‘7782603_2X_PM3_EMQ_MH__message.htm’. Heuristics score: 202

Now, I don’t know what you think, but if I received an email like that from my firewall supplier, I’d look very hard at any future communications from Arena and quite possibly unsubscribe immediately. After all, MessageLabs are a $700m company so they must be right, yeah?  Surely, they wouldn’t send out an email that slams a genuine business’s legitimate, opt-in marketing activity so thunderously by mistake?  Big boys like MessageLabs are bound to have complicated checks and balances in place to avoid accidentally torpedoing the legitimate marketing efforts of other organisations.  A web security firm in particular would understand the importance of online reputation and the hard work that goes into building trust.  And in any case, Arena has been sending regular marketing emails every other week for over two years, so no doubt MessageLabs would be able to use characteristics of our mail sends, such as previous send frequency, an unchanged IP address, subject lines etc etc to double check the validity of the send.

Nope.  It was a complete, 100% misdiagnosis by MessageLabs, as they subsequently confirmed.  We learnt that the reason that our email got hammered is that we put the word “PayPal” into the subject line yet we are not PayPal.  Blimey.  Sophisticated stuff.  We had PayPal in our subject line to let our customers know that they could win £10k cash if they paid for any order with PayPal during PayPal’s very generous 10th birthday promotion.


Obviously, customers of large online companies and banks, such as PayPal, can be targeted by spoof emails. However, our marketing email prior to this email also had PayPal in the subject line and email body and there was no backlash.  Also, I find it hard to understand how the word PayPal appearing in our mail can lead someone to imply we’re sending “viruses or unauthorised code”.  A virus would typically be an attachment of some kind, not a word in a subject line. I feel bad for PayPal too – we get way way more fraud from people who pay with credit cards than we do from people who pay with PayPal.  Fraud on orders paid with PayPal is virtually nil.  We much prefer people to pay with PayPal.

One of the first emails we received was in fact from a MessageLabs sales rep (who’d previously bought from Arena and who’d therefore received the MessageLabs warning email direct). His mail:

Please remove me from all your mailing list right away as you are sending viruses.
I can assist you with possible solutions however I was unable to reach your IT department.
MessageLabs Anti-virus solution has a SLA of 100% protection from all known and unknown viruses, phishing, trojans and other forms of malware.

Thank you

10/10 for being a pushy sales rep but frankly this mail was not terribly well received as you can imagine.  You wouldn’t want this guy consoling you if you broke up with your partner. “I’m afraid you’ve been dumped but I’m a pimp – have you considered paying for sex?”.  You’d then be even more upset when you found out that it was this guy that had caused the break up with your partner in the first place.

We also noted that, unlike the careful wording of the automated email sent by MessageLabs’ system, his email did not talk about “possible” viruses but came straight out and said “you are sending viruses” which was patently untrue. A rather terse email exchange followed, as you might expect, though not litigation as might have been the case with our American cousins (we’re too British for that).

In any case, I eventually spoke to the UK’s head of corporate sales who unsurprisingly was more reasonable and sort of / nearly / just about apologetic (although he too did suggest we bought their software, admittedly more tongue in cheek that his sales chasing colleague).  He gave me some spiel about how great MessageLabs is and how they use  complicated predictive algorithms to filter mail which all sounded good but didn’t stand up very well to “very nice, but it was just the word PayPal in the subject line that triggered this mess and you misdiagnosed it as a virus anyway”.

The frustrating thing about this is that MessageLabs has several million installed users in the UK, particularly in big, wealthy organisations, such as the government and banks etc.  These are obviously valuable potential customers and exactly the kind of people we’d love to retain.  Unfortunately we have no way of knowing how many such customers have now had their hard won trust in Arena dented or destroyed by MessageLabs’ misdiagnosis and there is no real way for us to fix this (bar writing this cathartic blog post!).  The chap at MessageLabs said “Sorry” but it’s not going to make any difference.  It’s clearly no coincidence that this email performed far worse than any other we’ve ever sent; it can realistically only be down to our MessageLabs mishap.

Maybe to add insult to injury MessageLabs will read this post and then use some of their freshly coined $700m to blast us right off the face of the earth and have done with it.  Ah well, you live and learn.  They didn’t do it on purpose but it certainly hurt.  I guess no matter how careful you are, there will always factors beyond your control, coming from any and all directions, that might disrupt your business.  The best laid plans of mice and men and all that…

Update: Following the post, we were featured on Mail on Sunday and other popular news channels. Read Mail on Sunday’s article on Arena Flowers here. The Register, one of the UK’s leading technology publishers picked up on our concerns and featured an article about Arena Flowers here. The article also featured on Softpedia, a leading technology related online publisher. Read the article on Arena Flowers here.

Previous post

Top Tips To Avoid Made Up, Dodgy Insurance & Personal Injury Claims

Next post

Flowers for Your Winter Wedding Wonderland


  1. November 18, 2008 at 3:00 pm — Reply

    Where did you get your blog layout from? I’d like to get one like it for my blog.

  2. November 18, 2008 at 5:53 pm — Reply

    […] Will â

  3. November 25, 2008 at 2:16 pm — Reply

    […] Will â?? Priority Juggler wrote an interesting post today onFalsely Identified As Sending A â??Virus or Unauthorised Code …Here’s a quick excerptTo explain, last week we sent out one of our regular marketing emails to our subscriber base. So far so good. But soon after the send, we started receiving emails from concerned customers. They had received the following email from … […]

  4. November 30, 2008 at 12:13 pm — Reply

    Good post, fella. Perhaps they should have sent you some flowers to apologise. I think you should write about this for a wider audience. Why not contact Lizzie Judge on the Times business pages and tell her that I sent you her way?

  5. December 2, 2008 at 10:15 am — Reply

    Excellent entry! I’m been looking for topics as interesting as this. Looking forward to your next post. -bjdenise-

  6. December 2, 2008 at 10:36 am — Reply

    Hi all Ben – I think we used a template that we have then amended..I’ll ask Sam to check on that for you. Guy – thanks…don’t want to be a bleating SME but on the other hand, they did cost us thousands of pounds! BJdenise – thanks!

  7. December 2, 2008 at 12:42 pm — Reply

    Hey Ben. Yeah the theme is one we made up. We started off with a free theme I found on the WordPress site but then we started to pimp up the blog with plugins and widgets and before we knew it we ran out of room. To top it off we wanted to add stuff that we would have to make ourselves – the bouquet of the week plug in for example. Happily this coincided with me redesigning the front end of our site so we decided to re work the blog template at the same time to better fit with the website. Here is the post I wrote about the theme when we released it: Sorry it is not an off the shelf one 🙂 Sam.

  8. December 15, 2008 at 10:54 pm — Reply

    maybe send also to they love these stories. Good post.

  9. December 17, 2008 at 5:12 pm — Reply

    Thanks, John. Great suggestion. We’ll get on it!

  10. December 22, 2008 at 7:59 pm — Reply

    Sorry to hear this – technology is wonderful until it turns on you, then it is evil beyond belief. I’m wondering if PayPal themselves would be of any help in this instance. They may be interested in hearing that their customers are being punished for helping to promote their business.

  11. December 23, 2008 at 11:23 am — Reply

    Hi EJ – Thanks for your comment. Actually, PayPal were great. As soon as we had the issue, we contacted our relationship manager and they got on to MessageLabs. It’s obviously very annoying that by trying to promote a PP offer (admittedly out of self interest – to increase our own sales and reduce payment fees (PayPal is cheaper than credit cards)) we put ourselves in the firing line. PP did their best but, obviously, it’s not within their control. The frustrating thing is that as part of the same promo we’d sent an email with PayPal in the subject line a few weeks before and there’d been no problem. There was no increased level of PayPal’ness in the email that got blocked so it was all fairly arbitrary and unpredictable. As I said, not on purpose by MessageLabs…but certainly painful!

Leave a reply

Your email address will not be published. Required fields are marked *