Appending in a nutshell

A few months ago a colleague sent me, and every other person on his overly large LinkedIn list, an email looking for some help hiring. It starts off with “Greetings LinkedI Connections” and ends with… an unsubscribe link.

P.S. If you don’t want to hear from me, here’s an unsubscribe link – that’s the easiest way. My LinkedIn network has gotten so ridiculously large that [unfortunately] I have to use an ESP to send messages like this out – which I do very infrequently – maybe a handful of times a year – I promise. 🙂

The part that really annoyed me was this person didn’t use my LinkedIn address. No, instead they found a different address for me and used that for their blast1 email. I pointed out to them that the address they mailed wasn’t my LinkedIn address. They replied they knew, that they’d mapped all their LinkedIn connections to corporate email addresses.
I asked them not to do that with my email address in the future, at which point they unfriended me on LinkedIn because it was easier.

This is the major problem with appending. I have an address associated with my LinkedIn account. It’s the address I have dedicated to handling requests from my LinkedIn network. But this person decided that it was better to use a different address to send me this email. Why? Dunno, you have to ask them. Probably because they thought, somehow, they’d get a better response if they ended up in my “primary” mailbox.
I suspect this person doesn’t like Gmail tabs either.
There are two major points I want to make with this story.
The first is that it’s a really bad idea to make assumptions about which email address to use for people, especially when they have given you an address to use. I do check my LinkedIn folder regularly but I do it on my time. My corporate address is for business. It’s for my clients, employees, and customers. Random requests for networking? I want those emails to go into my networking folder (and, yes, it really is named “networking”).
The second is, when someone says “please don’t do that again” don’t get all huffy about it. That only makes you look petulant and thin-skinned. In this case, the sender is an executive for a large player in the email space. Do you really think I’m going to recommend them to my clients? Fair or unfair, the interaction was unpleasant.
This is a very personal example of appending. A single person decided to find an address for me and specifically use that instead of the one I gave them. This was appending, but not in bulk. Nevertheless, it was someone else deciding they could override my decisions because they wanted to get in my inbox. It’s rude.
It’s no less rude when thousands of addresses are automatically appended to a list. In fact, that’s even more rude. Instead of just one annoyed person, there are thousands. Appending is a bad practice, whether it’s one or one million.

1: Yes, I called it a blast. It was a blast. Even the sender admits it’s a blast. They’re not doing anything other than importing hundreds of (collected, not opted-in) email addresses into an ESP and sending the same email to everyone of them, whether or not it’s relevant.

Purchased lists aren't always purchased
Disappearing domains

Related Posts

Clickthrough forensics

When you click on a link in your mail, where does it go? Are you sure?
HTTP Redirects
In most bulk mail sent the links in the mail aren’t the same as the page the recipients browser ends up at when they click on it. Instead, the link in the mail goes to a “click tracker” run by the ESP that records that that recipient clicked on this link in this email, then redirects the recipients web browser to the link the mail’s author wanted. That’s how you get the reports on how many unique users clicked through on a campaign.
In the pay-per-click business that’s often still not the final destination, and the users browser may get redirected through several brokers before ending up at the final destination. I walked through some of this a few years ago, including how to follow link redirection by hand.
HTTP Forensics
Evil spammers sometimes deploy countermeasures against that approach, though – having links that will only work once or twice, or redirects that must be followed within a certain time, or javascript within an intermediate page or any of a bunch of other evasions. For those you need something that behaves more like a web browser.
For serious forensics I might use something like wireshark to passively record all the traffic while I interact with a link from inside a sandboxed browser. That’s not terribly user-friendly to use or set up, though, and usually overkill. It’s simpler and usually good enough to use a proxy to record the web traffic from the browser. There are all sorts of web proxies, used for many different things. What they have in common is that you configure a web browser to talk to a proxy and it’ll send all requests to the proxy instead of to the actual website, allowing the proxy to make any changes it wants as it forwards the requests on and the results back.
For investigating what a browser is doing the most useful proxies are those aimed at either web developers debugging web apps or crackers penetration testers compromising web apps. Some examples are Fiddler (Windows), Cellist (OS X, commercial), mitmdump (OS X, linux, Windows with a little work), Charles (anything, commercial) or ZAP (anything).
I’m going to use mitmdump and Firefox. You don’t want to use your main browser for this, as the proxy will record everything you do in that browser while you have it configured – and I want to keep writing this post in Safari as I work.

Read More

Fraudulent signups or spam?

This morning I got spam from a major data broker / ESP / credit reporting agency claiming I’d signed up on some college website. In the UK. To check my credit score.
Uh. No. No I didn’t.
Of course, it’s very possible someone did use my email address when signing up for something at a UK university.  They probably got a t-shirt or free pizza out of it. But that doesn’t really matter to me. A certain credit agency is  spamming me with irrelevant and horribly targeted advertisements for their services and claiming the mail is opt in.
I know that address is widely sold in the UK to “legitimate” marketers. It’s very possible that it was purchased by the spammer in question. Or, I dunno, maybe they’re the ones selling it.  As a victim, I don’t really care why a company is spamming me.
Part of a sender’s job to make sure their data is accurate. And they failed.
But for this particular company, that’s par for the course. When I posted about this over on Facebook, I had multiple friends pointing out that this company regularly spams and sells spamming services.
Spammers gonna spam.
 

Read More

LinkedIn shuts down Intro product

Intro was the LinkedIn product that created an email proxy where all email users sent went through LinkedIn servers. This week LinkedIn announced it is discontinuing the product. They promise to find new ways to worm their way into the inbox, but intercepting and modifying user mail doesn’t seem to have been a successful business model.

Read More