ReveNews
-
NAVIGATION
-
TOPICS
-
THE REVENEWS BLOGGERS
-
QUICK CONTACT
McAfee SiteAdvisor
As you may have read, I’ve had an interesting week. I got a reminder of the way big companies operate. It’s not a pretty sight. I have also gotten an education in how McAfee’s SiteAdvisor works thanks to Yahoo’s new SearchScan.
To cut to the chase, SiteAdvisor has some serious flaws. I am saying this not to beat up McAfee for listings a false positive spammer rating (red alert) for three of our websites but to try to help McAfee fix the problem. I am publishing these (a) so McAfee can read them and take action, (b) so people who are wrongly targeted by McAfee as spammers can get a better understanding of what is happening (and get a nice dose of empathy by knowing they are not alone) and (c) to force McAfee to fix at least one that can be taken advantage of by people with no morals as they will see how to use it to harm their competitors.
Five Flaws
1) False Positive from a spammers hack
I don’t know what else to call this one. This is what happened to AnyCoupons. There was a false positive because McAfee thought that we sent e-mail to the account it used to sign up. McAfee doesn’t use an obvious e-mail address. I can’t find any in our database that use mcafee, siteadvisor or any variation of spam that I can attribute to McAfee.
The Sample Inbox below shows some of the e-mail that McAfee claimed we sent. Note that SiteAdvisor appears in 4 of the 5 listed e-mails. The problem is that we didn’t know that SiteAdvisor had registered. We took only an e-mail address, not a name. As I pointed out above, we have no record of SiteAdvisor in an e-mail address in our database. How could we have put the name with a random e-mail address? Well, we didn’t.
This seems to happen a lot and McAfee doesn’t appear to have a good system in place to correct it or to sniff out when this mistake happens. I would assume that McAfee has seen many situations like this and that the bright engineers at McAfee could write algorithms to tell when a false positive occurred based on the false positives it has retested.
As Richi Jennings pointed out on my original post, Rule #1 is that Spammers lie. That makes it tough for anyone to get rid of a false positive as they are guilty until proven innocent (which is rather un-American in my opinion). McAfee needs to have a better system for site owners to appeal its decisions. I have read far too many complaints on the Web (one from Angie Vandenbergh in the comments on the other post) about people who cannot get a retest. We lucked out as I write at a blog that is well-read. Most people don’t.
2) McAfee gets what McAfee asks for
I found that Excite.com was red flagged as a spammer in Yahoo search results. The executive at IAC whom I contacted is out of the country this week. We’ve had trouble connecting. So I contacted someone I know at another IAC company to see first about working together and once my problem was solved, helping them out. The response from someone at Excite was bizarre-big-company-speak. Basically, they said I should fend for myself. Good move. No retest for Excite.
The issue that Excite faces is that the registration form at Excite.com includes the following:
Excite may make the information that I supplied available to selected Third party companies so that they may contact me regarding services that may be of interest to me.
From what I understand, McAfee uses a bot to subscribe. The bot did not change the selection for receiving third party e-mail from Yes to No, so it requested to receive such communication.
Guess what… McAfee received that communication (all from the domain excite-partners.com), decided that it was unwanted (even if it requested) and deemed it to be SPAM. Bad McAfee!
McAfee needs to either redefine third party e-mail when requested or teach its bot to opt out. If McAfee is opposed to opt out options, it should make that public and it should notify websites that get a red flag for this so they can decide either to continue the practice and have a red flag or cease the practice.
3) Sub-domains
A non-techie friend read my last post. Because of it, he knew exactly what the red warning in Yahoo was about. he was surprised when he found it for a church! I wonder what the priest at Saint Peter the Apostle Catholic Church thinks of being labeled a spammer by Yahoo.
I don’t think that the church spams. The church in question has its website at naples.net. Some spammer probably used an account at naples.net (or there was another false positive). As a result, anyone with a site at naples.net is being dubbed a spammer by Yahoo! McAfee must correct this and take into account sub-domains. Imagine if Blogspot or Vox got pegged with this.
4) Use of HTML forms in ads on your site
OK, I don’t get all of the details on this one. It is Greg Yardley’s theory and you can find it on his post about McAfee’s SiteAdvisor. We don’t use ads like that so I can’t see how this happened to us.
5) Spammers link to good sites
Today I decided to check our other sites in SiteAdvisor. I was shocked to see that two of them were flagged as spammers. The reason? They had inbound links from, you guessed it, anycoupons.com, a site formerly known to McAfee to be an alleged spammer. AnyCoupons had a yellow flag at this point but these other sites were not updated. I don’t know if they ever would be. Another place that McAfee needs to improve is updating related sites.
This was cleared up today, thanks to Shane who commented on my last post. Again, there would have been no way for the average site owner to achieve this. Thank you, Revenews.
Why is this a problem? If you don’t like someone, build a new site on a shared server with a hidden domain registration. Put a form on the site. Request McAfee to review the site. Spam the hell out of any e-mail addresses you get. Just use some of the spam you get in your own inbox for templates. BAM! You now have a red flagged site. Now start adding a lot of outbound links to your competitors and watch their ratings turn red.
You can also use this if you want to see the type of e-mail addresses that McAfee uses to register. There were some questions about that in my last post.
Best Practices
I searched the SiteAdvisor website and was unable to find any best practices (e.g. never use opt out options for receiving third party e-mail) for websites. If McAfee is going to judge websites for commonly-used practices, it is in effect dictating best practices and should inform its victims of what it is doing, thus giving them the choice to comply or fight.
What to do if you get flagged by SiteAdvisor
Step 1 is to go to the SiteAdvisor site and request a retest. That won’t work but you have to do it.
Step 2 is to write an article on a well-read blog.
Step 3… I have no idea. If you have a suggestion for a more realistic Step 2, please post it below.
13 Comments
Leave a comment
-
We Support New York Affiliates
-
Subscribe to ReveNews
From past experience similar to yours . . . do step 1 and write SiteAdvisor and notify them of the problem. Specifically ask (politely demand is more like it) a retest. Step 2-? is to immediately reply to all their responses and ask for their supervisor each time. Hint at legal action (keep all emails and screen captures, etc. in case you have to move to the next level). Be persistent. The whole process took about 3 weeks as I recall.
Those without the well read blogs can also send copies (print and electronic) of these communications to their local, state, and federal representatives, the FTC, media (print, radio, TV), and anyone else they think might have an impact, as well as to the executives of the offending company.
This has worked quite well for me for unrelated issues I’ve had with mega-corporations - all resolved quite quickly after my letters arrived at the CEOs office.
I think that we all can agree that three months was not acceptable last month.
Given the ramifications of a red alert with the new and broken SearchScan, it is now completely unacceptable.
Sorry to see you experiencing this David…but as Mike indicated you aren’t alone (unfortunately).
The issue of false negatives and the why behind those have been an issue from the inception of SiteAdvisor, even before McAfee acquired them. I haven’t seen a whole lot of change in their reporting since the acquisition, so I’m not sure if change is in the wind here.
A couple of other things I’d like to mention about SiteAdvisor on the heels of what you have posted here. I’ve said it before and have gotten somewhat slapped in the past for saying it, but I’ll say it again.
I’ve seen OPMs and AMs encouraged to use SiteAdvisor as a source for vetting affiliates. I’ve seen affiliate encouraging this and OPMs/AMs say publicly they do this.
**Site Advisor should be used with caution for vetting affiliates**
Not only are false positives, but there are false negatives as well in their reporting. Both are equally troublsome in their own ways. I have seen many sites labled as green which are generally well known, at least in security circles, to be associated spwyare/adware/malware.
There is a balance between reach (SiteAdvisor having as many domains as possible in their database) vs. the accuracy of reporting. You sacrifice accuracy with increased automation.
Managers who are using SiteAdvisor to vet affiliate partnersips need to understand *how* SiteAdvisor rates sites. As with any tool, they also need to understand the pros/cons of the system and it’s limitations. Every method has it’s limitations. They should also realize that SiteAdvisor isn’t intended for vetting in affiliate relationships,it is a consumer centric product.
The other way it’s even easier to game SiteAdvisor that you didn’t mention David is that SiteAdvisor will rate sites, either good or bad, based on user generated comments. I’ve seen SiteAdvisor change site rankings both way based on the comments of users. To some degree they do seem to try to weight comments based on the Users overall “Experience” rating on SiteAdvisor. Still, the drawbacks to this should be obvious. I’ve seen SiteAdvisor say a site was rated based on user comments with no indication of any testing on SiteAdivsor’s part to validate the user’s comments.
I use SiteAdvisor myself and find it a helpful tool for certain things. My comments aren’t meant to trash SiteAdvisor. But I’m with you in saying there is improvement in their systems which would make for a better product for McAfee. I hope McAfee devotes some resources to improving the systems, especially since SiteAdvisor is now offered as a paid product as well as the free version.
Step 2. Like Brad suggested, send stuff to the media.
I’d like to extend on that and include bloggers of well read industry blogs. I bet that if somebody would contact you and provide enough evidence (email communication, screen shots and steps already taken), that you would be happy to make a “follow up” post, reminding McAfee about an outstanding item on their “To-Fix” aeh “To-Do” list hehe.
Bloggers are often doing a poor job on following up on things if their own problem was solved, but the general issue not. I include myself there, but are trying to improve on it.
no automated solution is without fault. SA should use its system and augment it with experienced ecommerce fraud pros. Of course they are in short supply but a perfect, or near perfect checkpoint.
-wayne
The bottom line is if a site is genuine and has not done anything wrong, nevertheless siteadvisor is showing a red flag then site advisor is defaming that entity in public. Then MacAfee are placing themselves in a position to be sued for libel.
I just discovered last week that mt site has also been unjustly accused of spamming. I have spent 3 and a half years of content building, legitimate double optin list building, gaining search engine ranking and gaining a high held reputation in my niche.
To see Yahoo come along and unjustly accuse me of spamming and hurting my crediblity, sure sounds like libel and slander to me. Isn’t this a sueable offence in any other line of work? But I am just a little guy and big dogs like Yahoo and to a leasser degree, McAfee, can run rough shod over me because they know I don’t have the weight to take them to court.
I hate spamming and don’t do it myself (I don’t plead the first law). But I can envision a crackerjack lawyer outfit putting together a class action law suit.
Thank you David for a place for us victimized malcontents to vent some frustration. Good luck to all of us and death to spammers everywhere!!
Dave
Hello everyone, we have been dealing with the McAfee support team for over a month and have had the same bad experience as you. A false positive red rating for supposed spamminess (despite very strict email shielding on our site), no retesting, inconsistent application of test results from site to site, no published criteria or standards to code against even if we were in violation and sluggish responsiveness from McAfee.
We have even sent the Site Advisor support team site by site comparison URLs where email addresses were unshielded and green ratings were given by Site Advisor versus our shielded addresses and red rating. The service and response from McAfee AND Yahoo has been pathetic. McAfe won’t act and Yahoo puts their head in the sand. Yet our business continues to be impacted everyday because of their inaction.
We are exploring the possibility of a class action against McAfee and Yahoo. If you have been negatively impacted by an unfair or inacurrate Site Advisor rating, please email a quick note to siteadvisorclassaction@gmail.com. You don’t need to provide any personal information, we just need to see the level of response from the internet community and whether we can make this happen.
Thank you,
Ken
siteadvisorclassaction@gmail.com
http://siteadvisorclassaction.blogspot.com/
I just want to state my disappointment from yahoo and McAfee Site Advisor for this extremely stupid mistake which is causing a lot of damage. Everyone makes mistakes but the most furstrating thing is that they do not want to fix it. My site was on top possitions in yahoo for every keyword in my niche and all of sudden site advisor decides that I am a spammer. I hate spammers like most of us and never ever intended or did any spam activity. Somehow they say that I sent some spammy e-mails about viagra and stuff. My website is real estate related and it does not make any sense. I am not sure how this testing works but I have to say that it is completely wrong!
If anyone is determined to sue McAfee I will be happy to cooperate and I believe we stand a good chance as this is a pure offense to my business and credibility. I never used McAfee product in my life and after this I do not believe will use such in the future.
Every time I contact McAfee they say that it will take at least 8 weeks for the retesting. I have been with them on phone I sent a lot of e-mails. The last response was 6 weeks ago, they said that my site has been set for retesting and it will take 8 weeks and I am still waiting, hopefully after 2 weeks I will not see the irritating red flag in my yahoo results.
I noticed that they have paid support, do you think that if I pay for their “support” they will make this faster?
Thanks for the post. At least we can show our anger here.
regards Zhelyazko.
Our website has also fallen foul of Site Advisor and is receiving a red danger rating because of three downloads that they claim contains WinFixer. These downloads are all of PC Tools Spyware Doctor, one of the most respected anti-spyware products in the industry, from RegNow, a leading online software reseller.
Our site offers advice and troubleshooting tools to PC users who on the whole are not very knowledgeable, who will believe this defamatory rating. It will cost us a lot in lost software sales. We are only a small business and cannot afford to sue McAfee ourselves, but I will certainly be happy to co-operate with any class action.
It seems inadvisable to use any free subdomain websites. I experimented with two and both have been flagged, one yellow and one red. These are both graphics sites, no spam , no malware.
These were experimental sites that I had linked to from my main site but I have now removed the links.
The main site has a good web presence so I will take Davids advise and give this fact some publicity.
Dave