back to article Reply-All storm flares as email announcing privacy policy puts 500 addresses in the 'To' field, not 'BCC'

Some advice from The Register: when announcing a new privacy policy don’t do so with emails that reveal 500 addresses in the “To” field of the message. We offer this advice after today finding ourselves on the receiving end of just such an email from newsletter-as-a-service platform Substack. Social media commentary on the …

  1. hitmouse

    Also if you emailed their published privacy email, the response is (from mailer-daemon@googlemail.com>)

    We're writing to let you know that the group you tried to contact (privacy) may not exist, or you may not have permission to post messages to the group. A few more details on why you weren't able to post:

    * You might have spelled or formatted the group name incorrectly.

    * The owner of the group may have removed this group.

    * You may need to join the group before receiving permission to post.

    * This group may not be open to posting.

    If you have questions related to this or any other Google Group, visit the Help Center at https://support.google.com/a/substackinc.com/bin/topic.py?topic=25838.

    Thanks,

    substackinc.com admins

  2. Giles C Bronze badge

    This sort of mistake sounds like they were doing the emails manually.

    I run a small club and to avoid this we signed up with MailChimp to ensure that this didn’t happen when the gdpr regulations came in.

    Even if you didn’t want to rely on a hosted service you can buy the mailing list software to run on a local machine.

    1. eldakka Silver badge

      Even if you didn’t want to rely on a hosted service you can buy the mailing list software to run on a local machine.

      The sad thing is you don't even need to buy the software.

      LibreOffice does it for free. It (mail merge) is a built-in feature.

      And if you already have MS Office, it also has mail merge built-in for no extra cost on top of the existing MS Office license.

      And I find it hard to believe that any organisation wouldn't have at least one of those 2 suites already, at least in limited quantities for interoperability purposes in case they did have to deal with someone who only accepts MS Office or open formats.

      1. Dave559 Bronze badge

        Mailing list management

        I'm a little bit surprised that nobody has yet mentioned Mailman as a perfectly competent (and Free) mailing list management service, which you can install on your own web server.

    2. Pascal Monett Silver badge

      Or you can take a few seconds to check what you're doing before clicking the Send button.

      Putting yourself in the proper frame of mind before starting also helps, meaning paying bloody attention to what you're doing.

      Yes, mistakes happen. I have forgotten to attach a file to a mail I send several times, but I only send it to one person. When you're sending out a mass mail, you don't approach the question like a regular mail.

      For me, a mass mail is a ticking time bomb. I execute the job with the same amount of care and attention than I imagine a bomb removal specialist would. You need to be extra careful, because any mistake you make will be sent to multiple (sometimes hundreds of) people, and any mistake means you'll have to do the whole process again.

      So I pay extra attention in order to not have to start over.

      1. Mark192 Bronze badge

        Pascal Ninety said "Or you can take a few seconds to check what you're doing before clicking the Send button."

        No!

        You don't have your staff do something where a moments inattention will result in a serious data breach.

        1. Pascal Monett Silver badge

          First of all, I'm Pascal Monett. Don't know where you got Ninety from.

          Second, my whole point is that you do not have a moment's inattention when you are sending a mass mail.

    3. Doctor Syntax Silver badge

      I take it your small club has informed consent from its members to provide their email addresses to a 3rd party in a jurisdiction whose laws ensure it can't honour any contract clauses relating to privacy.

    4. Mike 137 Silver badge

      Actually ...

      A well known international standards organisation does this all the time, and I'm certain that they're not using a manual process. The big problem seems in general to be that marketing and "communications" folks don't get (probably don't ask for) technical support for mass mailings, they just treat them the same as internal communications because nobody gets training in using email clients so they don't know what they're actually doing technically, or its implications.

      1. Anonymous Coward
        Anonymous Coward

        Re: Actually ...

        the communications chimp recently sent all 8000 staff the link for haveIbeenPwned suggesting we check our emails addresses. Our IP was banned pretty quickly ....

  3. Anonymous Coward
    Anonymous Coward

    mail client

    As long as mail clients allow you to put up 50+ recipients in To: or Cc:, shit like this *will* happen.

    I know very few people that are aware of Bcc:, even in the IT world.

    Even in Outlook, you really need to find the way to Bcc: ...

    1. Lee D Silver badge

      Re: mail client

      Trouble is that sometimes people demand that.

      I work in a place with 100+ employees. There is a mailing list for when *everyone* needs to know something (e.g. regulation change, site closing, covid, etc.).

      As such, one email "name" in Outlook - that group - expands to 100+ people instantly. Include several groups and it grows and grows.

      Now, those are strictly internal, but if you're in that pattern of working, then you start to creep outside people in (we have outside-domain people on our list now, for contractors and suchlike). And eventually you get used to using it for everything and use it for outside people.

      So you can put all these limits on, people will just turn them off because they stop what they want to do. And you can't whitelist "@domain email only" or whatever, because that won't work either. And you can limit the number of people in an email and then when the boss has to shut the site or send everyone out their covid info to all their outside customers, it'll get turned off because it got in the way when time was of the essence.

      This isn't a technological problem. There's plenty of tech to take account of it, and controls in almost any tech capable of doing this. The problem is human, as always.

      I know in my workplace, the "everyone" email address is over-used for all sorts of junk, and I've warned about the "feature-creep" of such facilities many times. As people get used to receiving them, and sending them, you'll get misuse of them, then someone will Reply-All by mistake, and you'll have a huge spam problem, then everyone will ignore/filter those emails because they're now junk, then they'll miss an important message, then everyone will get told to read ALL emails, then you'll wonder why nobody has any time, and so on...

      My biggest question, for the last 20 or so years, is really: Why are you contacting customers direct by email. Why is the person behind the Send button even aware of their addresses? Under DPA and now GDPR, we've clarified that you need to have access to the information necessary to do your job and nothing more. Does the person who sends out these email *need* to know the email address of every customer? No. They need to have a database with them in, obviously, but they don't need to actually see them unless they are verifying the customer's details.

      So why is it not the norm that such things are handled via a CRM, where you send an email to all customers who purchased product X in the last 5 years - you have no need to know who those people actually are, or what email address they've chosen to give you. It's somewhere in the database but you, the person sending the email, don't need to know it. So your Send button should be in the CRM, you need to know how many it's going out to. You or someone else *could* interrogate that list, if necessary, but you shouldn't ever be putting those addresses into a list and then into an email client and then into a To: field or a CC: field. It just shouldn't be done.

      It's then trivial to prevent these occurrences, and as a nice side-effect you have a perfect barrier against a rogue agent stealing your customer database, against compromise of a desktop meaning that all your customers are at risk, etc.

      I've always said the same about call-centres. Why do they have my full history, addresses, phone numbers, etc. just the second I phoned up? It's not necessary. And they could just have a ton of fields and then literal "request" buttons on a field if they need to see it. Then all the problems with misuse of such databases evaporates.

      I'm a proponent of the idea that such workers should really never have anything more than a set text menu of options available to them, not an Excel of email addresses or whatever. Press 1 to amend customer details, Press 2 to view customer orders, etc.

      There's no way that someone should be able to get a list of your customers email addresses and just throw it into Word mail-merge or screw up like this.

      1. Pascal Monett Silver badge
        Trollface

        Re: why is it not the norm that such things are handled via a CRM

        Because that costs more than just banging the list into a mail for a peon to fumble with, and it's the beancounters that count these days.

        1. A.P. Veening Silver badge

          Re: why is it not the norm that such things are handled via a CRM

          Because that costs more than just banging the list into a mail for a peon to fumble with, and it's the beancounters that count these days.

          Some hefty fines (GDPR will do nicely) will convince the beancounters pretty quickly.

      2. Doctor Syntax Silver badge

        Re: mail client

        There's no fundamental reason why an "everyone" address shouldn't expand into BCC. If it doesn't then there is a technological reason in that either it wasn't configured that way or the application doesn't make provision for that.

        1. Lee D Silver badge

          Re: mail client

          Yep.

          But the fact is that such a group is just a disaster waiting to happen while it resolves in ANY field.

          If someone puts "everyone" in the To:, expands it, and it jumps into the BCC: you're going to have user's complain. If someone put "everyone" in the To:, expands it, and it expands into the To:, then you have this problem.

          If you warn that there are outside entities in that group, people will ignore/disable the warning. If you warn that the email is going to more than X people, people will complain/ignore/disable the warning.

          It's fundamentally not a tech problem. The computer does what it's told, precisely. What you want is a computer that second-guesses the humans, which almost always results in it being wrong and getting turned off.

          What you *need* is a computer system where the decisions available to the humans are few and far between. There is no *technical* reason why you couldn't send literally every email ever using only the BCC field, and that replies still go to all those people, but nobody knows who those people are except the original author (via a conversation tracking), and then setting BCC as a global default. But then people will complain that they can't see that "boss" was copied in and you dropped them in it by doing that. And they'll complain that you could be copying it into outside entities, and so on.

          This isn't a tech issue. This is a process issue. And the process of sending out hundreds of customer emails in an office email program is the process problem. It just shouldn't be happening. But millions of businesses worldwide run that way "because we always have" and you can't fight that.

          20 years from now, like I said 20 years ago, we'll still be having CC/BCC/reply-all errors. Because it's the human process of even attempting it via that method that's in error. Not the quirks of a particular program.

      3. Graham 32

        Re: mail client

        I know in my workplace, the "everyone" email address is over-used for all sorts of junk, and I've warned about the "feature-creep" of such facilities many times. As people get used to receiving them, and sending them, you'll get misuse of them, then someone will Reply-All by mistake, and you'll have a huge spam problem, then everyone will ignore/filter those emails because they're now junk, then they'll miss an important message, then everyone will get told to read ALL emails, then you'll wonder why nobody has any time, and so on...

        This. And then the boss decides that email doesn't work and everyone must use Slack for all internal communication.

    2. Spanners Silver badge
      Big Brother

      Re: mail client

      I know very few people that are aware of Bcc:, even in the IT world.

      I know a manager who considers its use to be shady/underhanded. I tried to explain its use in mass mailings but he didn't like the idea of people sending him email but not letting him see who else is getting it. I pointed out that he was already receiving such email but left it at that.

  4. Flak
    Stop

    Elementary, my dear Watson

    Don't let people near bulk mailing tasks without proper training and tools.

    Please!

    Thank you.

    1. Greybearded old scrote
      Stop

      Re: Elementary, my dear Watson

      Nope.

      If training and reminders could stop people falling down this pothole, it already would have done. Same goes for 'Are you sure?' popups. Time we made the code smart enough to handle human psychology rather than expect people to work around the code's limitations. We could start by making BCC the default and TO or CC a bit more work.

      Your tools rather than your training.

      Really, all those gazillions of transistors we have now should be good for more than just allowing us coders to write fatter code.

      1. cd

        Re: Elementary, my dear Watson

        What needs to happen is that out in pebkac -land when a user selects To, they really get Bcc.

        Obviously there needs to be a way to select all To for my intended group emails, but it needs to be the buried choice.

  5. Shadow Systems Silver badge

    An email storm?

    I never get those anymore. I miss them. I want to be included in them. I !LIKE! email storms.

    *Comical pout*

    Who do I have to fuck around here to get added to the email storm list?

    *Head explodes from the sarcasm*

  6. john 103

    Reply All

    Please remove me from this thread

    1. Insert sadsack pun here

      Re: Reply All

      Please stop posting. The more you post on this thread, the longer the thread is. Please do not reply to me, because I do not want to be in this thread any further.

      1. Anonymous Coward
        Anonymous Coward

        Re: Reply All

        Stop sending me these emails!!!11!

        How do I unsubscribe?

        Please unsubscribe me from this list.

        I am too stupid to read the unsubscription instructions written in Big Friendly Letters in the footer of every message to the list...

    2. jelabarre59 Silver badge

      Re: Reply All

      Please remove me from this thread

      http://www.unsubsquirrel.com/ (I'm sure there are people who understand the origins of this. See also: https://github.com/c3d/unsubsquirrel )

    3. Throatwarbler Mangrove Silver badge

      Re: Reply All

      Unsuscribe

      1. Androgynous Cow Herd

        Re: Reply All

        plus one

        1. DemeterLast

          Re: Reply All

          me too

  7. Prst. V.Jeltz Silver badge
    Facepalm

    spectacular tripple whammy!

    see title.

    1) privacy breach

    2) done by "mailer" service - you had one job!

    3) done with privacy policy

    You couldnt make it up!

  8. Luiz Abdala Bronze badge
    Coat

    Who, Me?

    Do I smell a "Who, Me?" scenario looming in the horizon for this outfit?

  9. Efer Brick

    Like tying ones laces together

    then falling flat on your face

    1. Nunyabiznes Silver badge

      Re: Like tying ones laces together

      In a public place.

  10. Blackjack Silver badge

    Flash is dying, why not e-mail?

    E-mails were not made with safety and security in mind, they have more holes than Emmenthal cheese.

    Maybe the reply all option could have also been a problem using another thing but honesty, we have safer things than E-mail nowadays.

    1. doublelayer Silver badge

      Re: Flash is dying, why not e-mail?

      That is true, but unfortunately most of those things are worse. Email may have too many security problems to count, but you can pretty much guarantee that an email sent from one place will get to another one, and if it doesn't there are only a few reasons for it. More modern communication apps require a lot more configuration. Ones designed for companies often make it hard to communicate out of the company. Those designed by big companies require sending unencrypted data through their centralized system. Those designed by hardware manufacturers lock you in. And some others require phone numbers or email addresses and essentially provide an overlay; while the features are good, you still need the other mechanism for that one to work. Email and to a lesser extent phone calls and SMS are global and compatible. Most other things aren't.

      1. Anonymous Coward
        Anonymous Coward

        Re: Flash is dying, why not e-mail?

        And some others require phone numbers or email addresses and essentially provide an overlay; while the features are good, you still need the other mechanism for that one to work. Email and to a lesser extent phone calls and SMS are global and compatible. Most other things aren't.

        Delta Chat looks possibly worth a look. It uses those (near-universal) email addresses as the addressing underlay and IMAP as the transmission channel, and adds encryption invisibly on top?

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2020