Address harvesting through social networks


The next killer ap on the Internet seems to be social networking. Everyone has a great idea for the next facebook or or myspace. All of these sites, though, have to find users. The site will fail if there are no users. One way to get new users is to ask all your current users to invite all their friends to join. This tends to lead to the marketing / product decision to insert functionality into the social networking site which allows current users to upload their address book and the site itself will send out invitations to all your friends and contacts.
This is not actually as great as an idea as it sounds, however. First, you end up with situations like what happened to me this past week.  On Wednesday I received the following email:

I looked for you on, the largest people search service — but you weren’t there.
See who else has been searching for you! Click here.
—Bob – Life Changes. Keep in Touch.™
You have received this email because a Member sent an invitation to this email address. For assistance, please refer to our FAQ or Contact Us.
Our Address: 2118 Wilshire Blvd., Box 1008, Santa Monica, CA 90403-5784

Bob is actually a current client and I recognized his full name in the from address. Bob has my current information and we have had contact within the last few weeks so I know he is not actually using to try and find me. I spend a few minutes poking at trying to figure out how to make the mail stop and make sure they never bother me again, discover they do not want to make that easy and give up. I can always block them if their email becomes annoying.
The next day, I receive an email from Bob, it says:

If you received an email from on my behalf, please IGNORE it as that email was sent without my knowledge and I have not sent it willingly. This email was sent to all my contacts in my email address book.
I have already cancelled my account on that site and it is really weird that the site would do this without my permission.
The site is “force inviting” people from your contacts if you register on the site, which is very annoying.


Because of this behaviour, has now lost one registered user, and he has told all his contacts to avoid the site in the future. is not alone in their rush to grab any address they can get a hold of. Most sites will let you upload address books, or your account information so they can mail all your contacts introducing their new product. It is an attempt to appear to be organic viral marketing, but it is not. In point of fact it is no different than randomly harvesting addresses off websites and mailing them.
Social networks need to be very careful about appropriating addresses and assuming permission. This week, appropriated both Bob’s address and my own and assumed they had permission to email me on Bob’s behalf. In fact, they did not have Bob’s permission to appropriate his address and they certainly did not have my permission to contact me.
Many newborn social networks are using similar types of spam to spread their presence. It remains to be seen if this is a working strategy or if they are forced to actually start actually caring about permission.

About the author


This site uses Akismet to reduce spam. Learn how your comment data is processed.

  • my issue is
    a) consent of their subscriber to give them their address book isn’t enough. {even when given}
    my consent wasn’t asked for or given.
    {if this was one company giving your details to another it would be a cut n dry data protection case)
    b) these sites should be added to the same lists as malware and phishing sites as in essence they are ‘grooming’ users for later abuse by phising sites by encouraging them to ‘share’ their authentication
    c) sites like yahoo gmail hotmail and aol should for the protection of their users be activly blocking logins from their ip-space and/or tracking what id’s attempt to so they can e-mail reprimand them for abusing their TOS by giving out their passwords
    d) many sites now abuse this lax user generation to actually harvest login details to jabber/messenger/yahoo-im spam their contacts from their trusted contact’s id while the trusted contact is offline.
    {also the traditional spamming them via the contacts webmail}
    e) the trusted sites that do abide by their privacy policies and never send the invites {while searching their internal userlists only} are the guilty ones as they are the ones blurring the lines and making people willing to give tothers MY EMAIL, without MY permission as they know that I will never find out.
    people need to respect their friends property and privacy
    the same way as they do when a mutual friend asks for anothers phone number, most of us have the respect to ask before handing it on to a mutual contact, so why now are we allowing a generation to learn that its kosher to give their friends e-mail’s to random third parties

  • added to the AHBL…
    After a request by one of our users, I’ve added to the Abusive Hosts Blocking List for spamming people’s contacts through social networking sites like Facebook. Laura did a pretty good post on her blog about the issue….

  • Er, so why are there links at the bottom of the article to various social networking sites which engage in similar dubious practices?

By laura

Recent Posts


Follow Us