Reply-All storm flares as email announcing privacy policy puts 500 addresses in the 'To' field, not 'BCC' Some advice from The Register: when announcing a new privacy policy don’t do so with emails that reveal 500 addresses in the “To” field of the message. We offer this advice after today finding ourselves on the receiving end of just such an email from newsletter-as-a-service platform Substack. Social media commentary on the …
Also if you emailed their published privacy email, the response is (from mailer-daemon@googlemail.com>)
We're writing to let you know that the group you tried to contact (privacy) may not exist, or you may not have permission to post messages to the group. A few more details on why you weren't able to post:
* You might have spelled or formatted the group name incorrectly.
* The owner of the group may have removed this group.
* You may need to join the group before receiving permission to post.
* This group may not be open to posting.
If you have questions related to this or any other Google Group, visit the Help Center at https://support.google.com/a/substackinc.com/bin/topic.py?topic=25838.
Thanks,
substackinc.com admins
This sort of mistake sounds like they were doing the emails manually.
I run a small club and to avoid this we signed up with MailChimp to ensure that this didn’t happen when the gdpr regulations came in.
Even if you didn’t want to rely on a hosted service you can buy the mailing list software to run on a local machine.
Even if you didn’t want to rely on a hosted service you can buy the mailing list software to run on a local machine.
The sad thing is you don't even need to buy the software.
LibreOffice does it for free. It (mail merge) is a built-in feature.
And if you already have MS Office, it also has mail merge built-in for no extra cost on top of the existing MS Office license.
And I find it hard to believe that any organisation wouldn't have at least one of those 2 suites already, at least in limited quantities for interoperability purposes in case they did have to deal with someone who only accepts MS Office or open formats.
Or you can take a few seconds to check what you're doing before clicking the Send button.
Putting yourself in the proper frame of mind before starting also helps, meaning paying bloody attention to what you're doing.
Yes, mistakes happen. I have forgotten to attach a file to a mail I send several times, but I only send it to one person. When you're sending out a mass mail, you don't approach the question like a regular mail.
For me, a mass mail is a ticking time bomb. I execute the job with the same amount of care and attention than I imagine a bomb removal specialist would. You need to be extra careful, because any mistake you make will be sent to multiple (sometimes hundreds of) people, and any mistake means you'll have to do the whole process again.
So I pay extra attention in order to not have to start over.
A well known international standards organisation does this all the time, and I'm certain that they're not using a manual process. The big problem seems in general to be that marketing and "communications" folks don't get (probably don't ask for) technical support for mass mailings, they just treat them the same as internal communications because nobody gets training in using email clients so they don't know what they're actually doing technically, or its implications.
Trouble is that sometimes people demand that.
I work in a place with 100+ employees. There is a mailing list for when *everyone* needs to know something (e.g. regulation change, site closing, covid, etc.).
As such, one email "name" in Outlook - that group - expands to 100+ people instantly. Include several groups and it grows and grows.
Now, those are strictly internal, but if you're in that pattern of working, then you start to creep outside people in (we have outside-domain people on our list now, for contractors and suchlike). And eventually you get used to using it for everything and use it for outside people.
So you can put all these limits on, people will just turn them off because they stop what they want to do. And you can't whitelist "@domain email only" or whatever, because that won't work either. And you can limit the number of people in an email and then when the boss has to shut the site or send everyone out their covid info to all their outside customers, it'll get turned off because it got in the way when time was of the essence.
This isn't a technological problem. There's plenty of tech to take account of it, and controls in almost any tech capable of doing this. The problem is human, as always.
I know in my workplace, the "everyone" email address is over-used for all sorts of junk, and I've warned about the "feature-creep" of such facilities many times. As people get used to receiving them, and sending them, you'll get misuse of them, then someone will Reply-All by mistake, and you'll have a huge spam problem, then everyone will ignore/filter those emails because they're now junk, then they'll miss an important message, then everyone will get told to read ALL emails, then you'll wonder why nobody has any time, and so on...
My biggest question, for the last 20 or so years, is really: Why are you contacting customers direct by email. Why is the person behind the Send button even aware of their addresses? Under DPA and now GDPR, we've clarified that you need to have access to the information necessary to do your job and nothing more. Does the person who sends out these email *need* to know the email address of every customer? No. They need to have a database with them in, obviously, but they don't need to actually see them unless they are verifying the customer's details.
So why is it not the norm that such things are handled via a CRM, where you send an email to all customers who purchased product X in the last 5 years - you have no need to know who those people actually are, or what email address they've chosen to give you. It's somewhere in the database but you, the person sending the email, don't need to know it. So your Send button should be in the CRM, you need to know how many it's going out to. You or someone else *could* interrogate that list, if necessary, but you shouldn't ever be putting those addresses into a list and then into an email client and then into a To: field or a CC: field. It just shouldn't be done.
It's then trivial to prevent these occurrences, and as a nice side-effect you have a perfect barrier against a rogue agent stealing your customer database, against compromise of a desktop meaning that all your customers are at risk, etc.
I've always said the same about call-centres. Why do they have my full history, addresses, phone numbers, etc. just the second I phoned up? It's not necessary. And they could just have a ton of fields and then literal "request" buttons on a field if they need to see it. Then all the problems with misuse of such databases evaporates.
I'm a proponent of the idea that such workers should really never have anything more than a set text menu of options available to them, not an Excel of email addresses or whatever. Press 1 to amend customer details, Press 2 to view customer orders, etc.
There's no way that someone should be able to get a list of your customers email addresses and just throw it into Word mail-merge or screw up like this.
Because that costs more than just banging the list into a mail for a peon to fumble with, and it's the beancounters that count these days.
Some hefty fines (GDPR will do nicely) will convince the beancounters pretty quickly.
Yep.
But the fact is that such a group is just a disaster waiting to happen while it resolves in ANY field.
If someone puts "everyone" in the To:, expands it, and it jumps into the BCC: you're going to have user's complain. If someone put "everyone" in the To:, expands it, and it expands into the To:, then you have this problem.
If you warn that there are outside entities in that group, people will ignore/disable the warning. If you warn that the email is going to more than X people, people will complain/ignore/disable the warning.
It's fundamentally not a tech problem. The computer does what it's told, precisely. What you want is a computer that second-guesses the humans, which almost always results in it being wrong and getting turned off.
What you *need* is a computer system where the decisions available to the humans are few and far between. There is no *technical* reason why you couldn't send literally every email ever using only the BCC field, and that replies still go to all those people, but nobody knows who those people are except the original author (via a conversation tracking), and then setting BCC as a global default. But then people will complain that they can't see that "boss" was copied in and you dropped them in it by doing that. And they'll complain that you could be copying it into outside entities, and so on.
This isn't a tech issue. This is a process issue. And the process of sending out hundreds of customer emails in an office email program is the process problem. It just shouldn't be happening. But millions of businesses worldwide run that way "because we always have" and you can't fight that.
20 years from now, like I said 20 years ago, we'll still be having CC/BCC/reply-all errors. Because it's the human process of even attempting it via that method that's in error. Not the quirks of a particular program.
"But the fact is that such a group is just a disaster waiting to happen while it resolves in ANY field."
In a shit company I worked for, having regretted many times not having left earlier, there was an old and clueless CIO PA, 60 years old harpy dressed like a goth teenager. Creepy. You'd wonder where the flying broom was :)
She used to fuck up often with the "all' groups and always blame the infra and immediately call the infra director, stating her demented ideas about sorting the 58000 entries directory to avoid her screwing up.
I'm glad to have left.
Anon' cos reasons.
I know in my workplace, the "everyone" email address is over-used for all sorts of junk, and I've warned about the "feature-creep" of such facilities many times. As people get used to receiving them, and sending them, you'll get misuse of them, then someone will Reply-All by mistake, and you'll have a huge spam problem, then everyone will ignore/filter those emails because they're now junk, then they'll miss an important message, then everyone will get told to read ALL emails, then you'll wonder why nobody has any time, and so on...
This. And then the boss decides that email doesn't work and everyone must use Slack for all internal communication.
I know very few people that are aware of Bcc:, even in the IT world.
I know a manager who considers its use to be shady/underhanded. I tried to explain its use in mass mailings but he didn't like the idea of people sending him email but not letting him see who else is getting it. I pointed out that he was already receiving such email but left it at that.
Nope.
If training and reminders could stop people falling down this pothole, it already would have done. Same goes for 'Are you sure?' popups. Time we made the code smart enough to handle human psychology rather than expect people to work around the code's limitations. We could start by making BCC the default and TO or CC a bit more work.
Your tools rather than your training.
Really, all those gazillions of transistors we have now should be good for more than just allowing us coders to write fatter code.
That is true, but unfortunately most of those things are worse. Email may have too many security problems to count, but you can pretty much guarantee that an email sent from one place will get to another one, and if it doesn't there are only a few reasons for it. More modern communication apps require a lot more configuration. Ones designed for companies often make it hard to communicate out of the company. Those designed by big companies require sending unencrypted data through their centralized system. Those designed by hardware manufacturers lock you in. And some others require phone numbers or email addresses and essentially provide an overlay; while the features are good, you still need the other mechanism for that one to work. Email and to a lesser extent phone calls and SMS are global and compatible. Most other things aren't.
And some others require phone numbers or email addresses and essentially provide an overlay; while the features are good, you still need the other mechanism for that one to work. Email and to a lesser extent phone calls and SMS are global and compatible. Most other things aren't.
Delta Chat looks possibly worth a look. It uses those (near-universal) email addresses as the addressing underlay and IMAP as the transmission channel, and adds encryption invisibly on top?
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
