Feeds

Sainsbury's, Virgin say sorry over spam

But have they learned something useful?

  • alert
  • submit to reddit

Internet Security Threat Report 2014

Several Register readers have now received apologies from Sainsbury's supermarket and Virgin Wines for spamming them. And both companies seem to be serious; in one case, Sainsbury's has offered a £20 voucher along with the grovel. This certainly indicates sincerity, but suggests that Sainsbury's still hasn't entirely grasped the impact of a major spam run, and therefore figured out how many times £20 it could add up to.

The two companies' mailshots went out around two weeks ago, and seem to have been fulfilled by the same third party using either the same or similar lists. Spews.org does some tracking work here, and from the information supplied to The Register by aggrieved recipients it is abundantly clear that this was not a 100 per cent exercise in 'permission-based marketing.' If, indeed, such a thing could be said to exist.

Many of the email addresses used were lifted from Usenet postings or scooped from web sites, and the non-UK ones included were superlatively inappropriate for companies attempting to sell mobile phone services (Sainsbury's) or wine (Virgin) in the UK. Both companies seem to have been burned in that they were aparently unaware that the lists bought or rented on their behalf weren't kosher, and both have possibly learned something, even if it's only what spam is, and how angry people get with you when you do it.

Virgin seems to have been fairly quick off the mark in apologising, and in the case of at least one person passed on the contact details of the managing director of eachweek.net, which would seem to be connected to the matter in some way. But Sainsbury's was caught flat-footed, and denied the spam run for quite a while before confessing. Last Monday, one reader contacted Sainsbury's Mobile to complain: "They claimed to know nothing of any problems, and said they were convinced that their email-shot was entirely legit. They assured me that all the addresses were legitimately collected. They tried persisting in this view even when I said it couldn't be true." As some of the addresses used are used by the recipients solely for Usenet postings, or for administrative purposes (e.g. sales@company.co.uk), this clearly could not be true.

Another reader checked the privacy section of the Sainsbury's web site, and phoned the number given there: "I rang them and told them that I objected to them spamming me and would they remove me from their mailing list for such stuff. Needless to say, no-one had a clue what I was on about. In the end they took my details (I'm a loyalty card holder FFS) and a supervisor would ring me. I think you can guess what has happened since."

The most heroic contribution we've had so far however shows how heroically unaware of the issues Sainsbury's was until last week. The reader phoned the customer care line for Sainsbury's Mobile, and was referred to the 0800 number you would dial if you were responding to the email in order to buy a mobile phone. And a nice touch of customer care here: "When I asked for her name, she went 'Yeah, it's <click>'." Undaunted, he dialled the sales number, where "a polite Irish fellow" called Jerry told him to take copies of the email into his local store, and speak to a manager about them. Jerry apparently has a fine appreciation of how major companies who haven't altogether got the internet yet operate: "He said they will have to file it, and it will then go to the head office."

There's clearly an 'innocents abroad' aspect to cases like this. People at the commissioning company may be naiive, largely unaware of the internet or overly optimistic, and this will frequently go for the 'marketing specialists' they're commissioning as well. And the longer the chain the list is passed down, the more inevitable it is that somebody will have just lied, saying a pile of miscellaneous IDs scooped from who knows where are 100 per cent opt-in and relevant. Some innocent/idiot then believes them, and the list's value goes up until it's proven otherwise. After getting burned several times reputable companies who don't want to alienate their customers may get themselves some expertise and confine themselves to using their own lists, or lists from outfits they really trust (who they? - Ed), but they'll no doubt go through a lot of pain before they get there.

An informant from SpamCop explains another method use to garner email addresses that might help their education, and indeed induce them to set up spam rapid response teams. Sometimes, you see, spam apparently from a major company isn't from them at all - it's sent out in order to establish that you really exist, and if you respond, you're on the list, and for sale.

"The gig is this:

"They send an email to a Spam list, purporting to be from some well-known brand. These people have used Pizza Hut and Seagram's in mails that I have received, and now they are using Sprint.

"The deal is to entice users to request that they do not receive mail. This has, in the past, been done in the form of a coded URL that confirms the email address, and enters it into a high-value Spam list.

"Needless to say, the poor punter does not get removed from a mailing list.

"Instead, they get put onto a very high-priority list, and receive more Spam than they ever thought existed.

"Unfortunately (or fortunately), these guys aren't exactly the brightest bulbs in the chandelier. Tracking them down is child's play." But there are plenty of them about... ®

Related story

Sainsbury's spams its way into mobile market

Top 5 reasons to deploy VMware with Tegile

More from The Register

next story
Bono apologises for iTunes album dump
Megalomania, generosity and FEAR of irrelevance drove group to Apple deal
Facebook, Apple: LADIES! Why not FREEZE your EGGS? It's on the company!
No biological clockwatching when you work in Silicon Valley
Arab States make play for greater government control of the internet
Nerds told to get lost in last-minute power grab bid at UN meeting
Apple SILENCES Bose, YANKS headphones from stores
The, er, Beats go on after noise-cancelling spat
Doctor Who's Flatline: Cool monsters, yes, but utterly limp subplots
We know what the Doctor does, stop going on about it already
Zippy one-liners, broken promises: Doctor Who on the Orient Express
Series finally hits stride, but Clara's U-turn is baffling
Don't bother telling people if you lose their data, say Euro bods
You read that right – with the proviso that it's encrypted
America's super-secret X-37B plane returns to Earth after nearly TWO YEARS aloft
674 days in space for US Air Force's mystery orbital vehicle
10 Top Tips For PRs Considering Whether To Phone The Register
You'll Read These And LOL Even Though They're Serious
prev story

Whitepapers

Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Win a year’s supply of chocolate
There is no techie angle to this competition so we're not going to pretend there is, but everyone loves chocolate so who cares.
Why cloud backup?
Combining the latest advancements in disk-based backup with secure, integrated, cloud technologies offer organizations fast and assured recovery of their critical enterprise data.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Saudi Petroleum chooses Tegile storage solution
A storage solution that addresses company growth and performance for business-critical applications of caseware archive and search along with other key operational systems.