Sainsbury's, Virgin say sorry over spam

But have they learned something useful?

  • alert
  • submit to reddit

Providing a secure and efficient Helpdesk

Several Register readers have now received apologies from Sainsbury's supermarket and Virgin Wines for spamming them. And both companies seem to be serious; in one case, Sainsbury's has offered a £20 voucher along with the grovel. This certainly indicates sincerity, but suggests that Sainsbury's still hasn't entirely grasped the impact of a major spam run, and therefore figured out how many times £20 it could add up to.

The two companies' mailshots went out around two weeks ago, and seem to have been fulfilled by the same third party using either the same or similar lists. Spews.org does some tracking work here, and from the information supplied to The Register by aggrieved recipients it is abundantly clear that this was not a 100 per cent exercise in 'permission-based marketing.' If, indeed, such a thing could be said to exist.

Many of the email addresses used were lifted from Usenet postings or scooped from web sites, and the non-UK ones included were superlatively inappropriate for companies attempting to sell mobile phone services (Sainsbury's) or wine (Virgin) in the UK. Both companies seem to have been burned in that they were aparently unaware that the lists bought or rented on their behalf weren't kosher, and both have possibly learned something, even if it's only what spam is, and how angry people get with you when you do it.

Virgin seems to have been fairly quick off the mark in apologising, and in the case of at least one person passed on the contact details of the managing director of eachweek.net, which would seem to be connected to the matter in some way. But Sainsbury's was caught flat-footed, and denied the spam run for quite a while before confessing. Last Monday, one reader contacted Sainsbury's Mobile to complain: "They claimed to know nothing of any problems, and said they were convinced that their email-shot was entirely legit. They assured me that all the addresses were legitimately collected. They tried persisting in this view even when I said it couldn't be true." As some of the addresses used are used by the recipients solely for Usenet postings, or for administrative purposes (e.g. sales@company.co.uk), this clearly could not be true.

Another reader checked the privacy section of the Sainsbury's web site, and phoned the number given there: "I rang them and told them that I objected to them spamming me and would they remove me from their mailing list for such stuff. Needless to say, no-one had a clue what I was on about. In the end they took my details (I'm a loyalty card holder FFS) and a supervisor would ring me. I think you can guess what has happened since."

The most heroic contribution we've had so far however shows how heroically unaware of the issues Sainsbury's was until last week. The reader phoned the customer care line for Sainsbury's Mobile, and was referred to the 0800 number you would dial if you were responding to the email in order to buy a mobile phone. And a nice touch of customer care here: "When I asked for her name, she went 'Yeah, it's <click>'." Undaunted, he dialled the sales number, where "a polite Irish fellow" called Jerry told him to take copies of the email into his local store, and speak to a manager about them. Jerry apparently has a fine appreciation of how major companies who haven't altogether got the internet yet operate: "He said they will have to file it, and it will then go to the head office."

There's clearly an 'innocents abroad' aspect to cases like this. People at the commissioning company may be naiive, largely unaware of the internet or overly optimistic, and this will frequently go for the 'marketing specialists' they're commissioning as well. And the longer the chain the list is passed down, the more inevitable it is that somebody will have just lied, saying a pile of miscellaneous IDs scooped from who knows where are 100 per cent opt-in and relevant. Some innocent/idiot then believes them, and the list's value goes up until it's proven otherwise. After getting burned several times reputable companies who don't want to alienate their customers may get themselves some expertise and confine themselves to using their own lists, or lists from outfits they really trust (who they? - Ed), but they'll no doubt go through a lot of pain before they get there.

An informant from SpamCop explains another method use to garner email addresses that might help their education, and indeed induce them to set up spam rapid response teams. Sometimes, you see, spam apparently from a major company isn't from them at all - it's sent out in order to establish that you really exist, and if you respond, you're on the list, and for sale.

"The gig is this:

"They send an email to a Spam list, purporting to be from some well-known brand. These people have used Pizza Hut and Seagram's in mails that I have received, and now they are using Sprint.

"The deal is to entice users to request that they do not receive mail. This has, in the past, been done in the form of a coded URL that confirms the email address, and enters it into a high-value Spam list.

"Needless to say, the poor punter does not get removed from a mailing list.

"Instead, they get put onto a very high-priority list, and receive more Spam than they ever thought existed.

"Unfortunately (or fortunately), these guys aren't exactly the brightest bulbs in the chandelier. Tracking them down is child's play." But there are plenty of them about... ®

Related story

Sainsbury's spams its way into mobile market

Providing a secure and efficient Helpdesk

More from The Register

next story
Phones 4u slips into administration after EE cuts ties with Brit mobe retailer
More than 5,500 jobs could be axed if rescue mission fails
Israeli spies rebel over mass-snooping on innocent Palestinians
'Disciplinary treatment will be sharp and clear' vow spy-chiefs
Apple CEO Tim Cook: TV is TERRIBLE and stuck in the 1970s
The iKing thinks telly is far too fiddly and ugly – basically, iTunes
Huawei ditches new Windows Phone mobe plans, blames poor sales
Giganto mobe firm slams door shut on Microsoft. OH DEAR
Phones 4u website DIES as wounded mobe retailer struggles to stay above water
Founder blames 'ruthless network partners' for implosion
Found inside ISIS terror chap's laptop: CELINE DION tunes
REPORT: Stash of terrorist material found in Syria Dell box
Show us your Five-Eyes SECRETS says Privacy International
Refusal to disclose GCHQ canteen menus and prices triggers Euro Human Rights Court action
prev story


Secure remote control for conventional and virtual desktops
Balancing user privacy and privileged access, in accordance with compliance frameworks and legislation. Evaluating any potential remote control choice.
Saudi Petroleum chooses Tegile storage solution
A storage solution that addresses company growth and performance for business-critical applications of caseware archive and search along with other key operational systems.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.
Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.