Ever had to register to buy online - and been PELTED with SPAM?
Way to thank me for being a customer, man...
Spam has been a fact of life, on a par with death and taxes, for many years now. To be blunt, spammers don’t particularly care about us. They don’t have any sense of reason or shame that we can appeal to, and they have no incentive to be accommodating. We’re not their customers. In fact they make their money from selling us, not selling to us, so they have an excellent motive not to help us.
Trying to unsubscribe from a suspicious email list using the prescribed method, or any other seemingly logical approach, is the worst possible thing to do — it merely confirms that your email address is in use, paradoxically making it even more valuable to the spammers for their malign purposes. About all anyone can do is use junk filters or packages like SpamAssassin and hope for the best. All this is well known.
However, a lot of spam comes from ostensibly legitimate online businesses that you’ve actually made purchases from. This may technically not be in the same category as the utterly useless, purely evil variety of spam, but it’s effectively no different: It’s email that you never requested, sent to a list that you never asked to be signed up to. Anyone who’s made any number of purchases online has probably seen the noise level of this other kind of spam skyrocket over the years.
It’s no mystery how this happens: For the vast majority of web or mobile transactions, you’re forced to register with the seller, establishing an account linked to your home address (possibly) and your email address (definitely). There are other annoyances connected to this process, like creating a userID and password, both of which must be added to the dozens or hundreds of other userIDs and passwords you’ve already been asked to create and keep track of. But to anyone who’s overwhelmed with email they don’t want — at this point, pretty much everyone — being added to a new mailing list every other time you buy something is surely the biggest annoyance of all. It’s not inconceivable that someone making an online purchase from, say, a discount wine seller might want to be notified about any amazing wine deals the vendor may offer at some time in the future.
But in most cases you, the buyer, are not asked that question. You’re literally forced to register before you’re allowed to place an order, which means handing over your email address and all the rest. True, some sites allow you to make an “express purchase” without registering (and as the name implies, this has the additional benefit of making the checkout process itself much faster), but those are rare and getting rarer.
There’s one important difference between these “soft” spammers and the faceless, unapologetic, evil ones: We’re actually customers of the former, so it’s presumably in their interest to be nice to us. But as site registration becomes accepted as a natural part of the online shopping process, it, and the soft spam resulting from it, will be seen less and less as an intrusion. My concern about this doesn’t necessarily have anything to do with privacy invasions through the gathering of personal information, though I’m sure some people, reasonably enough, are uncomfortable with that. (How would you feel about “registering” with every bricks-and-mortar shop you buy something from?) For me, it’s mainly about getting email for the rest of my life from an online vendor simply because I made a casual purchase from them at some point in the past.
I still receive mail from companies whose sites I haven’t visited in years and years, including sellers of clothing for toddlers — not especially useful now that my daughter is 10. I’m not nostalgic, but I’m sometimes afraid to gamble with an unsubscribe request to terminate one of these unwanted relationships. Will a particular company be honorable about it? There’s no sure way to know. The least scrupulous companies will not only be using your address themselves, but enthusiastically selling it to other parties, who sell it to other parties, and so on. This does not exactly enhance the online shopping experience, and it’s no way to repay people for their patronage.
There have been times when, giddy at the thought of saving $5 on some sale item, I’ve registered on a new e-commerce site, only to regret it in the cold light of the morning, when I realized that it would have been worth the extra five bucks not to give my email address to some unknown new set of spammers, forever. On more than one occasion I’ve gone so far as to make a purchase from Amazon rather than a company I preferred (because it was smaller, or more local, or had a better price) simply because Amazon already has all the personal information on me that they could possibly want. Going through the time-consuming steps of registration, and implicitly signing up for some new set of email lists, was just not something I wanted to deal with. There’s no reason making a simple online transaction should entail these kinds of worries.
Possibly even worse than having a retail business capture your email address via registration is having a charity do it. I’m not talking about traditional donations, which can generally still be made by way of a cheque sent through the post. It now seems to be the rule that when anyone participates in a race or walkathon to raise money for charity (something co-workers or relatives of mine do at least a few times a year) the request for sponsorship is made by email, with a link to a website where the donation must be entered. These sites always seem to require registration, followed by — you guessed it — periodic emails telling you about all the great things the organisation is doing, or gently nudging you to give more. Again, there’s nothing inherently wrong with any of this if I’ve indicated that I’m OK with it. But why should making a donation require me to be on your email list (and possibly other affiliated ones) from that moment on? These cases pose a real dilemma, because if a friend, relative, or co-worker is asking for sponsors for her 10K run to benefit cancer research I’m not about to say no. I’ll admit, however, that the temptation has been getting greater.
Spam in general is so completely out of control that the old retort of “What’s the big deal? It’s easy enough to use your DELETE key” doesn’t wash anymore. I’m afraid to think how much time I spend every day using my DELETE key, and I’m sure there are people who spend a lot more than I do. It’s way beyond a minor annoyance to be added to “just one more” email list, because that “just one more” happens many times over. And again, this isn’t even taking into account the issue of privacy (with the associated profiling, tracking, etc), which is very real. There’s not much I can do about Nigerian scams, but it seems clear that legitimate businesses should allow me to perform a simple transaction and be forgotten, if that’s my preference. Yes, they’ll need my postal address, but they don’t necessarily need my email address, and if they do need it for purposes of completing the transaction there’s no reason they need to sign me up for spam forever as a side effect. Who knows — I might actually want to be added to their mailing list, but I should be allowed to make that decision voluntarily. The customer’s always right, right? ®
Sponsored: Becoming a Pragmatic Security Leader