Corporations Helping Spammers

December 26th, 2006Business, Technology

TD AmeritradeI’ve now experienced this issue for the second (perhaps third) time, so I figure it is time to write about it. I’m a big fan of stemming the flow of spam (who isn’t?). So I’ve gone to the step of setting up a custom subdomain and email addresses for each company that I deal with online. For example, I’m a TD Ameritrade customer and my email address for them might be: t-d-amer-i-trade@sendmesomemail.sanjayparekh.com (it isn’t and it isn’t a valid subdomain either). The sub domain here (sendmesomemail) is pretty hard to guess but when coupled with the username (t-d-amer-i-trade in this case) means that the likelihood of randomly guessing the right combination is near impossible.

So if I don’t use an email address for anything but corresponding with that one company, that means that the company in question has some type of customer information leakage within their system. Most people will never pick up on this issue since they just use one catch all email address for everything they do and just see an increasing torrent of spam over time. The leakage might just be email addresses but it could potentially be much worse.

The spam I just got was through an email address used exclusively for my TD Ameritrade account. Now, I’m a huge fan of their service but if I can’t be sure that they are maintaining the integrity of their customer data, I’m not sure if I can be certain of the integrity of everything else they are doing.

Thoughts? Have you found other companies who you thought were reputable but had/have data leakage issues? And now that I/we have found this issue - what do we do next? It isn’t (necessarily) financial data which was compromised but in today’s age of electronic communications, the result is still pretty important.

UPDATE: I sent TD Ameritrade an email about this issue. I’ve now gone back and forth with them and in the most recent response from them, they said:

I assure you we are looking into this matter further, working along side our Technology Department and Legal Department. Our Legal Department has taken the appropriate action to address and prohibit further spam attempts.

This is pretty curious since I haven’t sent any email headers from the spam to them nor is the spam originating from them (unless they’ve gone the route of sending foreign language spam as a business model). This again highlights the lack (I think) of concern on issues like this. The “appropriate action” line would cause non-technical folks to be put at ease but we really know that this is a line of bull. I’ll keep following this and post followups here.

Tags: , , , ,

Trackback URI.



One Response (Add Your Comment)

Trackbacks:

Leave a Reply

Formatting: You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

Other Entries

Sanjay Parekh

I'm the founder and organizer of Startup Riot and Startup Dinner and the founder of GivingTi.me and Startup Gossip. I also co-founded Digital Envoy a long time ago. I'm the only one responsible for the things I write about here and I don't speak for any company, organization, or group.

Email Subscription

Enter your email address:

  

Find Me

View Sanjay Parekh's profile on LinkedIn


Upcoming Schedule