Related Posts

Fake privacy policies

I sign up at a lot of websites and liberally spray email addresses across the net. These signups are on behalf of one customer or another and each webform gets its own tagged and tracked email address. I always have a specific goal with each signup: getting a copy of a customer’s email, checking their signup process, auditing an affiliate on behalf of a customer or identifying where there might be a problem in a process. Because I have specific goals, I am pretty careful with these signups and usually uncheck every “share my email address” box I can find on the forms.
In every case the privacy policies of my clients and the things they tell me are explicit in that addresses will not be shared. It’s all opt-in, and email addresses are not shared without permission. Even in the cases where I am auditing affiliates, my clients assure me that if I follow this exact process my address will not be shared. Or so the affiliates have assured them.
Despite my care and the privacy policies on the websites, these addresses occasionally leak or are sold. This is actually very rare, and most of the websites I test never do anything with my address that I don’t expect. But in a couple cases these email addresses have ended up in the hands of some hard core spammers (hundreds of emails a day) and there was no useful tracking I could do. In other cases the volume has been lower, and I’ve watched the progression of my email addresses being bought and sold with morbid fascination.
Today an address I signed up at a website about a year ago got hit with multiple spams in a short time frame. All came from different IPs in the same /24. All had different domains with no websites. Whois showed all the domains were registered behind a privacy protection service. Interestingly, two of the domains used the same CAN SPAM address. The third had no CAN SPAM address at all. None of these addresses match the data I have on file related to the email signup.
It never ceases to amaze me how dishonest some address collection outfits. Their websites state clearly that addresses will not be bought an sold, and yet the addresses get lots of spam unrelated to the original signup. For those dishonest enough to do this they’ll never get caught unless recipients tags and tracks all their signups. Even worse, unless their partners test their signups or their mailing practices, the partners may end up unwittingly sending spam.

Read More

What is an email address? (part one)

Given we deal with email addresses every day, dozens or thousands or millions of them, it seems a bit strange to ask what an email address is – but given some of the problems people have with the grubbier corners of address syntax it’s actually an interesting question.
There are two real standards that define what is a valid email address and what isn’t. The most complex is RFC 5322 – Internet Message Format, which describes all sorts of things about the structure of an email, including what’s valid to put in From: and To: headers. It’s really too liberal in what it allows an email address to look like to be terribly useful, but it does provide for one very commonly used feature – the friendly from where the name that’s displayed to the recipient is not just the email address.

Read More

Organizing the mail flow

I get a lot of email. On a typical day I will get close to 2000 messages across my various work and personal accounts. About 60 – 70% of that mail is spam and caught by spamassassin or my mta filters and moved into mailboxes that I check once a day for false positives. About 15 – 10% of the remaining mail is from various discussion lists, and those are all sorted into their own mailboxes so I can keep conversations straight. The rest of the email is divided between mail directly to me and various commercial lists I have opted in to.
Up until recently, the commercial mail was all just dumped into my inbox. Nothing special happened to it it just sat there until I could read it. Recently, however, the volume of commercial mail has exploded, swamping my inbox. After losing track of some critical issues, I sat down and fixed my mail filters. Now, all my commercial and marketing mail (ie, mail I signed up for with tagged addresses) is now being filtered into its own mailbox.
There are two takeaways here.
One: the volume of commercial mail has increased significantly. Companies who were previously mailing me once a month are now mailing me twice a week. This contributed to the clutter and resulted in me pushing all commercial mail out of my inbox. I don’t think this increase is limited to just my mailbox, I believe many recipients are seeing an increase in commercial and marketing email, to the point where they’re finding it difficult to keep up with it all.
Two: Recipients have a threshold over which too much email makes their mailbox less usable. Once this threshold is reached they will take steps to change that. In my case, I can just filter all the commercial email as I use tagged addresses for all my signups. In other cases, they may start unsubscribing from all the mail cluttering their mailbox or blocking senders.
It is the tragedy of the commons demonstrated on a small scale.

Read More