Feeds

Ever had to register to buy online - and been PELTED with SPAM?

Way to thank me for being a customer, man...

Choosing a cloud hosting partner with confidence

Spam has been a fact of life, on a par with death and taxes, for many years now. To be blunt, spammers don’t particularly care about us. They don’t have any sense of reason or shame that we can appeal to, and they have no incentive to be accommodating. We’re not their customers. In fact they make their money from selling us, not selling to us, so they have an excellent motive not to help us.

Trying to unsubscribe from a suspicious email list using the prescribed method, or any other seemingly logical approach, is the worst possible thing to do — it merely confirms that your email address is in use, paradoxically making it even more valuable to the spammers for their malign purposes. About all anyone can do is use junk filters or packages like SpamAssassin and hope for the best. All this is well known.

However, a lot of spam comes from ostensibly legitimate online businesses that you’ve actually made purchases from. This may technically not be in the same category as the utterly useless, purely evil variety of spam, but it’s effectively no different: It’s email that you never requested, sent to a list that you never asked to be signed up to. Anyone who’s made any number of purchases online has probably seen the noise level of this other kind of spam skyrocket over the years.

It’s no mystery how this happens: For the vast majority of web or mobile transactions, you’re forced to register with the seller, establishing an account linked to your home address (possibly) and your email address (definitely). There are other annoyances connected to this process, like creating a userID and password, both of which must be added to the dozens or hundreds of other userIDs and passwords you’ve already been asked to create and keep track of. But to anyone who’s overwhelmed with email they don’t want — at this point, pretty much everyone — being added to a new mailing list every other time you buy something is surely the biggest annoyance of all. It’s not inconceivable that someone making an online purchase from, say, a discount wine seller might want to be notified about any amazing wine deals the vendor may offer at some time in the future.

But in most cases you, the buyer, are not asked that question. You’re literally forced to register before you’re allowed to place an order, which means handing over your email address and all the rest. True, some sites allow you to make an “express purchase” without registering (and as the name implies, this has the additional benefit of making the checkout process itself much faster), but those are rare and getting rarer.

There’s one important difference between these “soft” spammers and the faceless, unapologetic, evil ones: We’re actually customers of the former, so it’s presumably in their interest to be nice to us. But as site registration becomes accepted as a natural part of the online shopping process, it, and the soft spam resulting from it, will be seen less and less as an intrusion. My concern about this doesn’t necessarily have anything to do with privacy invasions through the gathering of personal information, though I’m sure some people, reasonably enough, are uncomfortable with that. (How would you feel about “registering” with every bricks-and-mortar shop you buy something from?) For me, it’s mainly about getting email for the rest of my life from an online vendor simply because I made a casual purchase from them at some point in the past.

I still receive mail from companies whose sites I haven’t visited in years and years, including sellers of clothing for toddlers — not especially useful now that my daughter is 10. I’m not nostalgic, but I’m sometimes afraid to gamble with an unsubscribe request to terminate one of these unwanted relationships. Will a particular company be honorable about it? There’s no sure way to know. The least scrupulous companies will not only be using your address themselves, but enthusiastically selling it to other parties, who sell it to other parties, and so on. This does not exactly enhance the online shopping experience, and it’s no way to repay people for their patronage.

There have been times when, giddy at the thought of saving $5 on some sale item, I’ve registered on a new e-commerce site, only to regret it in the cold light of the morning, when I realized that it would have been worth the extra five bucks not to give my email address to some unknown new set of spammers, forever. On more than one occasion I’ve gone so far as to make a purchase from Amazon rather than a company I preferred (because it was smaller, or more local, or had a better price) simply because Amazon already has all the personal information on me that they could possibly want. Going through the time-consuming steps of registration, and implicitly signing up for some new set of email lists, was just not something I wanted to deal with. There’s no reason making a simple online transaction should entail these kinds of worries.

Possibly even worse than having a retail business capture your email address via registration is having a charity do it. I’m not talking about traditional donations, which can generally still be made by way of a cheque sent through the post. It now seems to be the rule that when anyone participates in a race or walkathon to raise money for charity (something co-workers or relatives of mine do at least a few times a year) the request for sponsorship is made by email, with a link to a website where the donation must be entered. These sites always seem to require registration, followed by — you guessed it — periodic emails telling you about all the great things the organisation is doing, or gently nudging you to give more. Again, there’s nothing inherently wrong with any of this if I’ve indicated that I’m OK with it. But why should making a donation require me to be on your email list (and possibly other affiliated ones) from that moment on? These cases pose a real dilemma, because if a friend, relative, or co-worker is asking for sponsors for her 10K run to benefit cancer research I’m not about to say no. I’ll admit, however, that the temptation has been getting greater.

Spam in general is so completely out of control that the old retort of “What’s the big deal? It’s easy enough to use your DELETE key” doesn’t wash anymore. I’m afraid to think how much time I spend every day using my DELETE key, and I’m sure there are people who spend a lot more than I do. It’s way beyond a minor annoyance to be added to “just one more” email list, because that “just one more” happens many times over. And again, this isn’t even taking into account the issue of privacy (with the associated profiling, tracking, etc), which is very real. There’s not much I can do about Nigerian scams, but it seems clear that legitimate businesses should allow me to perform a simple transaction and be forgotten, if that’s my preference. Yes, they’ll need my postal address, but they don’t necessarily need my email address, and if they do need it for purposes of completing the transaction there’s no reason they need to sign me up for spam forever as a side effect. Who knows — I might actually want to be added to their mailing list, but I should be allowed to make that decision voluntarily. The customer’s always right, right? ®

Internet Security Threat Report 2014

More from The Register

next story
FYI: OS X Yosemite's Spotlight tells Apple EVERYTHING you're looking for
It's on by default – didn't you read the small print?
Russian hackers exploit 'Sandworm' bug 'to spy on NATO, EU PCs'
Fix imminent from Microsoft for Vista, Server 2008, other stuff
Edward who? GCHQ boss dodges Snowden topic during last speech
UK spies would rather 'walk' than do 'mass surveillance'
Microsoft pulls another dodgy patch
Redmond makes a hash of hashing add-on
NOT OK GOOGLE: Android images can conceal code
It's been fixed, but hordes won't have applied the upgrade
'LulzSec leader Aush0k' found to be naughty boy not worthy of jail
15 months home detention leaves egg on feds' faces as they grab for more power
China is ALREADY spying on Apple iCloud users, claims watchdog
Attack harvests users' info at iPhone 6 launch
prev story

Whitepapers

Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Why and how to choose the right cloud vendor
The benefits of cloud-based storage in your processes. Eliminate onsite, disk-based backup and archiving in favor of cloud-based data protection.
Three 1TB solid state scorchers up for grabs
Big SSDs can be expensive but think big and think free because you could be the lucky winner of one of three 1TB Samsung SSD 840 EVO drives that we’re giving away worth over £300 apiece.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.