Small suppliers who send out bulk emails

[Focalplane]

Today I received, along with 99 others, an email announcing an annual sale. The sender, who I would prefer not be named, placed the 100 email addresses in the To: box rather than the Bbc: box. As a result I could see 99 other email addresses and they could all see mine. This simple lack of email etiquette breaks open the anonymity many of us desire these days with identity theft, etc. very much a fact of life.

 

So, I am no longer on that mailing list and will unsubscribe from any future bulk email listing that follows this practice.

 

It also means that I will probably not be using that supplier again. Probably, never say never.

[Grovenor]

Did you send them an explanation for your action? Most likely this is just ignorance rather than intent and they need teaching how to use email.

Regards

Keith

[Kenton]

Simple incompetence or ignorance of a small supplier with no/little IT knowledge.

 

I would direct a complaint to the most senior level in the business, pointing to the Data Protection Regulations. I would also mention the words compensation and would not hesitate to name and shame. I would copy the same to all other respondents on the list.

 

Then follow all the other steps you have taken, keeping a close watch on potential spamming.

 

There is enough spam internet traffic without idiots adding to it.

 

(wish I were sub 100 emails a day, over 400 this morning and that doesn't include the auto-deleted, junk box, .... of course they are not all "spam", I get quite a few from a certain site I regularly visit rmweb.co.uk )

[cctransuk]

Well - I take none of these precautions, I don't hide behind an e-alias, I run a small supplier business involving significant e-mail traffic, and I get around 10 - 20 e-mails per day - about 30% of which is spam and easily ignored / deleted.

 

I can't help feeling that a lot of this e-paranoia is just that !!

 

Regards,

John Isherwood.

[Focalplane]

Yes, a simple explanation was sent.  No I am not going to name and shame.  And I don't think it is paranoia.  But I posted this simply to advise small suppliers in general that there are customers who prefer to maintain some anonymity.

[rjg]

Interesting.  I wonder if it was the same supplier who contacted me today.

 

If so, they've had at least 2 replies today unsubscribing from their list  

[jonny777]

I don't get any emails from rmweb.co.uk; am I doing something wrong right?

[teaky]

Still without naming names, this wasn'trelated to transfers/decals was it?

[Kenton]

 

I don't get any emails from rmweb.co.uk; am I doing something wrong right?

IIRC it is an opt in selection. you then get an email when any topic you have "posted to" (subscribed) has been updated. It comes with a direct link to the last post on the topic you read. It has been available since before this version (on older software) and I find it useful to keep "in touch" with "interesting" topics that seem to disappear from the "New Posts" radar as fast as you blink.

 

The only problem with it is that there is a new email for every post added! and that it does not notify you of all those other interesting topics that you missed in the first place, or couldn't be bothered to post anything to.

 

e-paranoia

If you saw some of the things I see on a daily basis (auto-linked to, attached, and other such malware) I think you would be horrified. Fortunately a fair proportion are removed/blocked/trashed by good security software - for the rest it is open-house. In the past many were quite content to leave the front door open when they went shopping, in these days of fast broadband you can loose Mb of data in the blink of an image. In life taking sensible precautions prevents a whole load of heartache later.

 

I'm sure no ill-intent or maliciousness was intended by this supplier. But it does remain a Data Protection failure and still one they should be at least apologising for.

[teaky]

Click on your login name at the top right then My Settings then Notification Options then set everything as you require.

[cctransuk]

If you saw some of the things I see on a daily basis (auto-linked to, attached, and other such malware) I think you would be horrified.

 

But I don't get worked up about it - just watch out for the inevitable scams - and Armageddon doesn't happen.

 

Surely I can't be THAT lucky? (Tempting fate) !!

 

Regards,

John Isherwood.

[Porcy Mane]

Surely I can't be THAT lucky? (Tempting fate) !!

 I don't think luck comes into it but I can tell you being the victim of identity theft and everything that goes with it isn't very pleasant.

 Having a bank that only half heartedly admitted that in my case, the theft was due to failings in their IT and security systems  the admission only came after the intervention of the banking ombudsman and police.

 

Through  this experience I saw how regular this type of thing happens to other people and since it happened I follow advice that was given at the time, that being, "always minimise your internet profile".

 

I seen to remember not to long ago, a certain prominent motoring journalist boasting in his column how safe the internet was only to have his account details hacked and made public within a couple of hours.

 

I don't know who the Transfer manufacturer that was alluded to earlier is but I have received two e mails from a railway transfer producer over the last few days advising of special offers but I was the only addressee.   (I stress I'm not talking about CCT here)

 

Porcy

[chris p bacon]

dmh, the company you mention is possibly not the one in the original post. Not really the place to score points either.

 

Maybe edit your post ?

[Wheatley]

I

have received two e mails from a railway transfer producer over the last few days advising of special offers but I was the only addressee. (I stress I'm not talking about CCT here)

 

I have too, I was the only addressee and I'm not talking about CCT either. If the content has anything to do with Easter bunnies then it's sent via a third party email marketing firm, there's a link to them at the bottom of the email. If that's the case then it isn't the manufacturer who's cocked up.

[Focalplane]

The good retailers know who they are, there is no need to bring them onto this thread. I said I would not name the offender as this was a general warning to customers and the risks of identity theft through poor security on behalf of a small supplier.

 

As the variety of comments shows, we will never have consensus on this. Best therefore for retailers to take note of their customers' concerns and also, as has been pointed out, be aware of the Data Protection Act, etc.

[griffgriff]

Did you send them an explanation for your action? Most likely this is just ignorance rather than intent and they need teaching how to use email.

Regards

Keith

No explanation required.  It's not the customers role to act as an unpaid IT consultant. 

[teaky]

The only reason I asked whether it was a transfer manufacturer was that I had exactly the same experience, but it was over a decade ago.  I received no apology at the time and wondered if they were still doing the same thing.

 

The manufacturer concerned lost my business as a result simply because not doing something so rudimentary suggested to me a lack of adequate protection for other customer data.

[cctransuk]

I

I have too, I was the only addressee and I'm not talking about CCT either. If the content has anything to do with Easter bunnies then it's sent via a third party email marketing firm, there's a link to them at the bottom of the email. If that's the case then it isn't the manufacturer who's cocked up.

 

For the avoidance of any doubt whatsoever, may I state that I, as Cambridge Custom Transfers, did not send the e-mail in question; nor did I receive it.

 

Regards,

John Isherwood.

[Wheatley]

Sorry John, yes, I was emphasising that it wasn't you, it was the 'other' transfer manufacturer.

[Kenton]

 

Surely I can't be THAT lucky? (Tempting fate) !!

 

You may well think so.

 

Closer to reality may well be that you have not noticed. Many of these problems have moved on from the childish virus delivery systems that have the intention to disrupt your PC or worse, they are now much more sophisticated delivering incredibly effective and difficult to detect tracking and key/mouse logging systems that can bore down into your computer data and collect information over extended periods. No longer stripping out your contacts email addresses from your email client (so old school, as many now give this information away free on facecrook and twitter (not to mention the plethora of forums). It is so much more rewarding to obtain birth date, name, address and bank details. To dupe you to visit a web site that might look just like for example rmweb.co.uk (easy to hid a forged link in html,javascript) then that site asks you to log in and the data you enter is then used to to fill the forms on the genuine site. You are then relayed all the information from the genuine site through the "scam" site. OK you probably don't care if that happens on RMWeb - but what if that was a bank?

[cctransuk]

 You may well think so.

 

Closer to reality may well be that you have not noticed. Many of these problems have moved on from the childish virus delivery systems that have the intention to disrupt your PC or worse, they are now much more sophisticated delivering incredibly effective and difficult to detect tracking and key/mouse logging systems that can bore down into your computer data and collect information over extended periods. No longer stripping out your contacts email addresses from your email client (so old school, as many now give this information away free on facecrook and twitter (not to mention the plethora of forums). It is so much more rewarding to obtain birth date, name, address and bank details. To dupe you to visit a web site that might look just like for example rmweb.co.uk (easy to hid a forged link in html,javascript) then that site asks you to log in and the data you enter is then used to to fill the forms on the genuine site. You are then relayed all the information from the genuine site through the "scam" site. OK you probably don't care if that happens on RMWeb - but what if that was a bank?

 

I usually get several spam e-mails asking me to log into countless spoof accounts.

 

The simple answer is never to do so !!

 

If I get such an e-mail from, say, my bank, and I'm not sure if it's genuine (they never are), I simply open another window and use what I know to be the genuine bookmark for my bank. That would be the only way that I would log onto my bank.

 

I know that thousands of users are fooled by these spoof e-mails, but a lot of suspicion and a little common sense can avoid most potential problems.

 

.... and I don't get 400 e-mails per day !!

 

Regards,

John Isherwood.

[Kenton]

... and of course you are/everyone is aware that simply opening any email that has been sent in html format in your email viewer window (essentially a browser) will automatically download anything from that site (and potentially others) as the html can call for images (including ones that you cannot see), return data to that server, activate cookie trackers, LSOs, and run any javascript supplied by that site (or other third parties). That is why everyone should only view emails as plain text, looking very carefully at all the exposed links and if not understanding what is happening then not to show with the fancy presentation. If it appears as blank in plain text then just delete.

[antrobuscp]

I've been using the web for near enough 20 years, initially without any antivirus protection. After many years one machine was infected by a virus and from that point on I have always installed a good up to date antivirus/firewall program or suite, as such software has progressed. I agree that a good dose of common sense avoids many problems but the standard of some scam emails has "improved" to the point where simple common sense cannot be relied upon. There are certain "tell tales" in many, but a lot of people are not aware of them or ignore them because the message looks so authentic in most respects. I have seen a couple of very good ones supposed to be from HMRC.

I, like Kenton, can receive a few hundred emails a day - some are professional update services, some from traders, clients, and organisations, and a lot of junk. The spam filters sort out a lot of the junk and email carriers of trojans, etc. It still requires care, but the software makes it manageable. Returning from holiday is a bit of a chore, though.

I do not understand as much of the technicalities as Kenton appears to, but I know enough to know that I can't rely on my own actions to fully protect myself and my clients' information. A mixture of solutions seems to be sensible  - common sense, antivirus/firewall suite, encryption software, anti-key logging software(often supplied by your bank), all seem sensible precautions alongside stronger passwords and protection of them. Also, I made some mistakes with early online IDs, and would be more circumspect now.

 

Colin

[jonny777]

... and of course you are/everyone is aware that simply opening any email that has been sent in html format in your email viewer window (essentially a browser) will automatically download anything from that site (and potentially others) as the html can call for images (including ones that you cannot see), return data to that server, activate cookie trackers, LSOs, and run any javascript supplied by that site (or other third parties). That is why everyone should only view emails as plain text, looking very carefully at all the exposed links and if not understanding what is happening then not to show with the fancy presentation. If it appears as blank in plain text then just delete.

 

 

Goodness me. I didn't realise the whole thing was so sophisticated.

 

I am surprised that my laptop still operates at all.

 

I do get quite a lot of spam emails addressed to Jacqueline, but I am not sure if they have just guessed at the name behind the "J" for Jonny, or if they already know something about my character and psychological status that I have yet to admit to myself.

 

What I do know is that someone suggested that I enrol on a site call Tumblr, and within minutes of doing so I began to get spam email from all manner of Yahoo accounts that I never had before. So, I have given up with all these new website crazes and just stick with Facebook for my friends and relatives.

[antrobuscp]

Jonny, I can't afford to take too many online risks as I have to protect my own and client data. I chatted this through last year when I was subject to a professional review. I was, as I have been before, told that my security was as good as if not better than most - at least I'd thought about it. Common sense is a very large element of protection, the problem is what we don't know or understand, and there are people "out there" who will put a lot of effort into stealing identities, etc. Some good software and hardware protection, some additional, often free, software, and a good dollop of common sense and scepticism will probably be enough.

 

Make a few decisions, organise yourself, and stick to your decisions and procedures - it doesn't have to be a big, ongoing, hassle.

 

Colin