The Business Controls Caddy

Permalink Yes Ed, We Should Care About SPAM Concerns




There are discussions going on in the Lotus blogging world about SPAM. The basic question posed by "ed underscore brill AT us d0t ibm nospam d0t com" (aka Ed Brill") is whether or not people should be concerned about posting their email addresses on web sites, since spammers are going to get it. Ed feels that it should be a moot point because anti-spam technologies are getting so much better, but alas I think he is missing some very important points here that need to be considered. And these points tie directly into Bruce Elgort's frustrations with DominoFiles.com's bad spammer habits. The bottom line, it is not really about SPAM, it is about PRIVACY concerns.

First, an individual's valid email address is more valuable on the open market then a credit card number obtained illegally. This may seem counter-intuitive, but if you think about it, it makes perfect sense. When a credit card is compromised, the owners of the card will very quickly cancel the card (assuming they read their statements and know about it). But they will very rarely change their email address because this is part of their identity and is one of their well established communication tools. In many cases, people foolishly put their names in email addresses, which help identify demographic information about the user, making the address more valuable on the open market.

Second, as a community, and I include myself in this, do a very poor job at communicating any sort of privacy policies on our blogs. You might be tempted to say "but these are just our personal blogs". However, the perception and in many cases the reality is that many of our blogs are extensions of our business models. If we do not include a clearly linked privacy policy on any page that gathers information, people can and will lose faith in what we do as a community do to protect information. Some blogs, including Ed's, publish the email addresses as part of any comments submitted. What is the purpose of this? I require email addresses so I can contact people as an off-line follow-up if need be, but I do not publish them. Why? Because an email address is personal, private information that a visitor has voluntarily elected to give me. We do not want to be lumped into the same perception of DominoFiles as people who sell and share the information, and make a false claim that they do not send messages to bloggers.

More "savvy" internet users have sacrificial e-mail address from Yahoo, AOL, GMail, and others for the purposes of on-line transactions. Some people I know that manage their own email services will have vendor specific email addresses such as edamazon@yahoo.com, so they can see where spammers are getting their email addresses from. However, this does not always work because clients of companies such as DominoFiles, as part of their "marketing strategy", will only allow valid company/corporate e-mail addresses to be entered into information request and/or webcast registration forms.

We do need to be concerned with what our visitors and users tell us. If not, we face the loss of our credibility. I, for one, will be starting to include a link to a variation of this privacy policy on all pages of this blog and on all comment forms. I encourage other members of the blogging community to do the same. I also encourage members of the blogging community to either not publish the e-mail addresses of commentors or at the very least give people the option of displaying it (opt-in, not out).

And finally, to DominoFiles.com staff and their customers: You are in violation of the CAN-SPAM Act. So get your act together or somebody may just take the time to file a complaint with the Federal Trade Commission. Do not try and get by with the statement you gave Bruce Elgort that "no one has ever complained about our emails". That is most likely because people have SPAM fatigue and have either trapped the mail in their filters or just ignore it because they have other things to do. I know I have talked to you on the phone about this issue, so at least two people have.



Comments
01/12/2007 08:45:07 AM

Comment posted by Ed Brill01/12/2007 08:23:00 AM
Homepage: http://www.edbrill.com


I publish e-mail addresses for four reasons.
1) So other readers can follow-up with people who leave comments
2) So readers can assess the relevance and legitimacy of the comments left -- this isn't Hyde Park Corner
3) Because comments are owned by the commentor
4) As a barrier to anonymous trolls

I have considered making them invisible to all but me, but that would discount all these motivations.

01/12/2007 08:45:07 AM

Comment posted by Chris Linfoot01/12/2007 08:38:04 AM
Homepage: http://chris-linfoot.net


(Note that I posted my email address - keep it safe )

We are talking about two different issues here.

Ed's point was that he no longer worries about posting his own email address where a spammer might find it, as spam filtering (or more usefuly, blocking) will keep out most spam anyway.

This is little more than pragmatism. The spammer will get your address anyway, if you have ever used it to send email to anyone who uses an MS mail client on a Windows platform. Windows malware more or less guarantees that.

Your point is also well made.

I do not publish posters' email addresses either (thanks, Blogsphere). In fact, as personal information, is could be argued that it is illegal to publish it without explicit permission here in the UK. The same may be true there.

I don't personally worry too much that Ed publishes my address when I comment on his site but Ed, you really shouldn't.

But finally, I don't really buy the identity theft by email address line.

So you know my email address. Unless you have a way of reading my email then you know nothing else about me and even if you could read my email, you'd find nothing useful (addresses, anniversaries, credit card numbers, bank accounts, passwords etc). If there's a real threat to identity, that's where it is though - not in the email address itself.

01/12/2007 09:16:08 AM

Comment posted by Christopher Byrne01/12/2007 08:57:47 AM
Homepage: http://www.controlscaddy.com/


@Ed, but don't you think you should give people the option whether or not they want is displayed or not? You still have the anti-troll factor by having their email address. The key is to give the users control on how their information is used/displayed.

@Chris, there are no laws regarding posting of email addresses here. And even though I did not address identity fraud (note I am not saying theft), there are some concerns outside commerce when people can extract yor name from the email address, particularly in terms of personal brand/reputation protection.

01/12/2007 09:47:09 AM

Comment posted by Chris Linfoot01/12/2007 09:18:11 AM
Homepage: http://chris-linfoot.net


@Ed - you could take a leaf out of vowe's book (ducks to avoid incoming projectile).

Volker requires a valid email address as a troll avoidance measure too, but he doesn't publish.

Of course other rules are different here. Comments are the responsibility of the publisher (you libel someone in a comment and I'll be the one who receives the writ, even if you did offer and I did publish a valid email address for you).

But as for the Hyde Park Corner thing and follow-ups between readers...

Why not encourage people to debate the issue you have raised in public, by just posting further comments?

01/12/2007 09:47:09 AM

Comment posted by Chris Whisonant01/12/2007 09:30:13 AM
Homepage: http://cwhisonant.blogspot.com


To address the concern of it being "llegal to publish it without explicit permission", I would say that by inputting your e-mail address and clicking Submit that you are granting the permission to publish it.

Add Your Comments



Email addresses provided are not made available on this site.





You can use UUB Code in your posts.

[b]bold[/b]  [i]italic[/i]  [u]underline[/u]  [s]strikethrough[/s]

URL's will be automatically converted to Links


:angry: :-( :-p :lips: :laugh: :-o :rolleyes: :huh: :-D :grin: :cool: :cry: :-) :-\ ;-) :-x :emb:






Remember me    

Add Manual Trackback
Please enter the details of the trackback post. Your trackback will not appear on the site until it has been verified. This may take up to 10 minutes.

Site Name

Permanent URL of TrackBack Post

Title of Post ( If Any )

Excerpt of Post ( Max 250 Chars )



Page 1 of the Leaderboard

 About This Blog

 Publications

 Book Reviews

 IDC Publications

 CERT/Phishing Alerts

 




Get on Board!

In The Bookstore

Search
Google
Sponsored Ads
My Other Blog

Fighting Fud

Fear, Uncertainty and Doubt (FUD) are too often used as marketing tools. And too many mainstream publications are citing reports that have no validity. So if you know anybody who is citing these publications and reports to make business decisions, please point them to one or more of these links. You can also point them to the "Fighting FUD" index of stories and/or add the "Fighting FUD" graphic link to your web site.



flag icon graphic Microsoft Tries To Feed Up More FUD, Again

flag icon graphic Lies, Damn Lies, and Radica...oops I Mean Statistics

flag icon graphic On Forbes, Foolishness and FUD

flag icon graphic When Technical Magazines Fuel FUD


Fighting FUD Blogroll
Tom "Duffbert" Duff
Chris Linfoot
Matt White
Joe Litton
Jeff Crossett
Gerco Wolfswinkel
Chris Whisonant
Gregg Eldred
Richard Schwatrz

Leaderboard By Category

About Me
About the Blog
Accounting Software
Admin2005
Articles
Auditing Standards
Best Practices
Best Practices - Coding
Blogging Risks
Blogging Templates
Blogsphere
Book Downloads
Book Reviews
Bookstore
Business Continuity
Business Continuity/Disa...
Business Controls
Business Controls Humor
Business Process Re-Engi...
Caddyshack
Case Studies
Collaboration Tools
College Football
College Hoops
Commentary
Community News
Compliance
Compliance Tools
Compliance Tools - Lotus...
Conference Presentations
Control Frameworks
Control Self Assessment ...
Copyright, Fair Use and ...
Corporate Governance
Data Protection
Daylight Savings Time
Dimensions of Leadership
Disaster Recovery
E-Commerce
E-Mail Compliance
E-Mail Etiquette
Employee Policies
Ethics
Exposure Drafts
Eye on Sports Media
Fighting FUD
Fraud Prevention
General
Going Green
Golf
Governance Cup
Government Compliance
HIPAA
Humour/Satire
IBM Pensions
IM Controls
Internet Safety
Interviews
Ireland 2007
IS Governance
IS Governance At Home
IT Audit Tools
IT Governance
IT Governance Insight
ITIL
Just for Fun
Licensing
Live Blogging Tools
Lotus AdvisorLive
Lotus Notes 8
Lotus Quickr
Lotusphere 2005
Lotusphere 2006
Lotusphere 2007
Lotusphere 2008
Lotusphere 2009
Movie Reviews
News Links
Newspaper Columns
Niagara Basketball
None
Notes 8 Beta
Notes/Domino Administrat...
Notes/Domino Development
Notes/Domino Mail
Notes/Domino Security
Observations
Outsourcing
Patent Issues
Presentations
Press Releases
Privacy
Procurement Controls
Product Advocacy
Professional Development
Records Retention
Reflections
Risk Assessment
Sarbanes-Oxley
Sarbanes-Oxley Tools
Secure Messaging
Security Awareness
Security Controls
Site Update
Smoking Kills
Social Engineering
Social Software
Social Software Risks
Software Development Con...
Software Tools
Spreadsheet Controls
Telecommuting Risks
The Disposable Society
Training Series
Travel Tips/Observations
Trivia
TV/Radio Sports
Understanding COBIT
User Education
User Interface
Vocabulary
Way Off Topic
WebSphere
XBRL
XML Feeds