ietf-asrg
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[Asrg] Big Companies Add to Spam

2003-10-28 08:50:04
from [Steve Schear] [Permanent Link] 
October 28, 2003


Big Companies Add to Spam

By SAUL HANSELL
ver wonder how a certain company sending unsolicited e-mail messages got your address?
Michael Rathbun, the director of policy enforcement at Allegiance Telecom, an Internet service provider in Dallas, says he thinks he has much of the answer.
Some five years ago, Mr. Rathbun bought a Palm hand-held organizer and, in registering it on Palm's Web site, gave the company an e-mail address he never used for anything else. Initially his in-box received only offers for products related to the organizer, but eventually he started getting advertising from some well-known companies like Bank of America, SBC Communications and Sprint. Lately, that one address alone has been receiving dozens of e-mails a month offering everything from travel clubs to acne remedies. 

"This is not stuff," Mr. Rathbun said, "that I should be getting from them."
The problem of spam or unwanted commercial e-mail is usually attributed to outlaws and hucksters peddlers of pornography, get-rich-quick schemes and pills of dubious merit who use hackers to send their fraudulent messages in ways that cannot be traced.
But the torrent of spam that is flowing into people's electronic mailboxes comes not only from the sewers but also from the office towers of the biggest and most well-known corporations.
Established companies insist they send e-mail only to people who have voluntarily agreed to receive marketing offers. A spokeswoman for Palm says it does not know how Mr. Rathbun's e-mail address got into the hands of spammers and says it has never sold its customer list.
But often companies rent e-mail lists from a cottage industry that has emerged to lure Internet users, through a variety of schemes, into signing up for e-mail marketing.
At best, if you have ever entered a contest to win a prize, subscribed to an online newsletter or simply purchased a product on the Web, you may well have also agreed, as many such fine-print contracts put it, "to receive valuable offers from our marketing partners."
This practice falls under the rubric of what is called opt-in marketing, or getting permission to send advertising messages.
But many e-mail executives admit that these same list companies also add to their databases by buying, trading sometimes even stealing names.
"Everyone is looking for a quick buck now, and people are claiming to sell opt-in data who don't have it," said Pesach Lattin, who runs Adspyre, a New York e-mail marketing firm.
Moreover, some companies have allowed the e-mail addresses of their own customers, either deliberately or inadvertently, to fall into the hands of list peddlers who in turn sell them to e-mail marketers of all stripes. Sometimes, the lists are stolen from corporate owners by employees or vendors looking to make a quick profit. But in many cases, the big companies are deliberately buying and selling access to names, relying on privacy policies often hard to find on their sites that they say permit such actions.
"White-collar spam" is how Nick Usborne, a newsletter writer and Internet marketing consultant, refers to this phenomenon.
"When a responsible company," Mr. Usborne said, "gets someone to sign up for a newsletter and says, now that we have their e-mail address let's make more money off it and send them e-mail they didn't ask for, that's white-collar spam."
The antispam bill passed unanimously by the Senate last week imposes tough penalties on people involved in the lowest forms of spam but it does not deal with the central questions Mr. Usborne and others raise about white-collar spam. It does nothing, for example, to establish rules defining an appropriate list of names that a purveyor of a legitimate product can use to send an offer by e-mail. Nor does it regulate the transfer of names between companies.
The law would require that every e-mail message offer recipients a method to remove themselves from an advertiser's mailing list. But with the way that names are traded today, this method would do little to reduce the amount of e-mail people receive, industry executives say.
"People don't realize that once you sign up for a contest or free stuff on the Web and you forget to uncheck a box, these people will pass your name to a hundred other people,'` said Paul Nute, a partner of Soho Digital, a New York advertising agency that represents e-mail marketers. "You've just raised your hand and said, `Send me the diet pill offers.' And there is no way to get them all to stop."
A new state law scheduled to take effect in California on Jan. 1 tries to take a stricter approach: it requires that commercial e-mail to or from anyone in the state be sent only to people who specifically request information from the advertiser. Many in the e-mail industry read the law as curbing many of the more common ways that names are gathered and used, but the exact limits will be left up to the courts to define.
Moreover, if the federal bill passed by the Senate is enacted it would void most state spam laws, including California's. Although the Senate bill also authorizes the Federal Trade Commission to create a do-not-spam list modeled after the wildly popular do-not-call list that is already starting to curb unwanted telemarketing calls, F.T.C. officials said that, unlike telemarketing, it would be extremely difficult to determine the difference between solicited and unsolicited e-mail. That is in part because so many companies go beyond their own customers to rely on opt-in list collectors.
Not surprisingly, companies that are active users of conventional mail solicitations have gravitated to e-mail, which can be far cheaper, to push certain products. These include Morgan Stanley's Discover Card, Altria's Gevalia Coffee, Schering-Plough's Claritin, and The New York Times, which uses opt-in e-mail lists to sell subscriptions.
One such list maker is Xuppa.com, a 38-person firm working from a cramped office in Midtown Manhattan across Seventh Avenue from Macy's department store. It has gathered half a billion e-mail addresses since it started four years ago, but most of those are no longer valid. The 65 million names left on its lists, Lance Laifer, Xuppa's chief executive, says, have given permission to receive marketing messages.
Visitors to Xuppa.com are encouraged to enter its $1 million sweepstakes. To do so they must enter not only their e-mail address but postal address and telephone number as well. Entering the contest gives Xuppa permission to market to users. On the same Web page, some 75 other offers from advertisers are displayed, each adjacent to a check box some already checked by default. When Xuppa users enter the contest, their personal information is passed to any advertiser whose offer is checked.
"There are a lot of people who would rather register and give their e-mail addresses than pay for services," Mr. Laifer said.
This process of putting many offers on one page where users enter information is called co-registration, and it has become one of the main ways that names are gathered online.
Some such sites make it hard for users to see all the lists they are joining. AmericanGiveAways.com, a site run by Synergy6, allows users to register to earn free gifts. "By signing up with us," a notice at the bottom of the page reads, "you are also agreeing to receive great offers, special coupons and promotions from our partner sites."
Dozens of partners are listed on separate links, yet once a single button is clicked each of the advertisers can claim with some degree of truth that the user agreed to receive marketing messages.
Such sites stretch users' consent beyond any recognition, argues Seth Godin, a former Yahoo executive, who coined the term "permission marketing" to define the practice of sending e-mail marketing to people who ask for it.
"The people who are talking about permission marketing are almost entirely doing it wrong," Mr. Godin said. "Greed and avarice drove people to wreck the system."
The trade in e-mail names is not limited to the back alleys of the Internet. Big traditional mailing list companies like Equifax and Experian have been buying e-mail addresses, often from these contest sites, and linking them with their vast stores of other information about people. They use this so marketers can send e-mail to people with, say, a certain disease, or who own a specific car, and so on.
The chain of permission can be stretched even further. Some names come from customer lists of Internet companies that collapsed as the dot-com bubble burst. For example, MatchLogic, a Colorado marketing company that gathered 13 million names was acquired by Excite(_at_)Home, a high-speed Internet service controlled by AT&T.
MatchLogic had a clear privacy policy that said it would not transfer those names to any third party without permission. But when Excite(_at_)Home was liquidated in bankruptcy in 2001, its mailing list was purchased by a group of marketing firms led by RHC Direct of Salt Lake City. Some of those companies in turn sold the list to others. Robert Caldwell, RHC's president, says he believes it is also being traded by former MatchLogic employees.
"Names get flipped and flipped and flipped until everyone's name is everywhere," Mr. Caldwell said.
Nothing is wrong with that, he contended, because the people who originally provided their e-mail addresses agreed to receive marketing messages.
"As much as people talk about privacy," he said, "they will give it up for the chance to win a Lexus."
Mr. Rathbun, who also has an e-mail address exclusively used to enter a MatchLogic contest, says it has received thousands of pieces of spam, some from big companies.
Bankruptcy courts have generally allowed the sale of lists from failed companies like MatchLogic. But those transfers were against Excite(_at_)Home's stated privacy policy, said Christopher Kelly, Excite(_at_)Home's former chief privacy officer, now a lawyer with Baker & McKenzie. He said he would advise any client not to send e-mail to that list "as there is insufficient proof of the permission of the information."
Officials at many of the big companies marketing by e-mail admit that the list companies are not always honest about the sources of their names. But they say there is no way to test the quality of a list other than to send e-mail to its addresses and find out how many complaints result.
"There are some irresponsible companies that are bringing a bad name to those of us trying to be responsible,'` said Rajive Johri, executive vice president for marketing for J. P. Morgan Chase's credit card unit, an active user of opt-in e-mail.
"We do a lot of due diligence on the vendors we utilize," Mr. Johri said. "At the same time, can I feel 100 percent sure that there are no abuses? No." 

http://www.nytimes.com/2003/10/28/technology/28SPAM.html?hp


_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [Asrg] 4d. Consent Framework, Yakov Shafranovich
Next by Date:  Re: [Asrg] Big Companies Add to Spam, Dennis Gearon
Previous by Thread:  [Asrg] 4d. Consent Framework, Yakov Shafranovich
Next by Thread:  Re: [Asrg] Big Companies Add to Spam, Dennis Gearon
Indexes:  [Date] [Thread] [Top] [All Lists]