Click the comments link on any story to see comments or add your own.
Subscribe to this blog
06 Oct 2010
This week I got an email newsletter from a patent law firm near Washington DC. Since I didn't recognize the name of the firm, and the pharmaceutical patent law they do isn't related to anything I do so I was pretty sure I wouldn't have signed up and forgotten, and it was to my CAUCE address which I wouldn't use if I did sign up, it was spam. I was about to send of the usual mostly automatic report to their ESP, when I noticed that several of the items were written by an old college friend of mine. It wasn't out of the question that she'd put me on the list so I could see what she's doing, but she'd have used my regular address if she did. So I forwarded it to her and asked if she knew why they'd sent it to me.
No, she hadn't put me on the list, and when she asked around the office, nobody but her knew me. Poking around a little more, they found my correct name, CAUCE address, and title in their internal file, with a note saying they'd gotten it from my business card.
Where'd they get my business card? From the basket at their hospitality suite at a meeting earlier this year in Boston. But I didn't go to the meeting; I haven't been in Boston in several years. So someone must have dropped my card into their basket, and it was a pure coincidence that the first newsletter they sent happened to have my friend's name in it. I know a fair number of patent lawyers from expert witness work, who probably did go to that meeting, but my card is bright blue, not one they'd be likely to mistake for their own. Was it malice? Distraction? Someone with a peculiar sense of humor? At this point we'll probably never know unless the physical card, which they'll dig out this week, has some clues.
What does this tell us about mailing list management? It's not really a strong argument for demanding confirmed opt-in on lists like this one in the US, since I would be rather surprised if any of the other cards in the basket weren't from people who were really there. On the other hand, even though the law firm is in the US, their ESP, called YourMailingListProvider, is in Belgium, and header information in the spam confirms that the mail was indeed sent from Belgium. By my understanding of EU law, putting my contact information in their database in the EU without my permission is just plain illegal. Maybe a court would think that an honest mistake is OK, but that would open a rather large barn door through which one could drive sloppy mail practices. ("Well, yes, we did offer a cash prize to the person who collected the most cards.")
So my advice here has to be that you need to think of mistakes like this one when designing your address collection and management practices, keeping in mind that even people who mean well can really screw up. How many mistakes do you get to make before a court would decide that they're not so innocent? Do you really want to find out?
Update: We looked at the card, it's mine, it even has the URL of this blog on the back in my handwriting. So one of the patent lawyers I know probably did drop my card in the basket, but I doubt I'll be able to figure out who it was or why.
My other sites
© 2005-2020 John R. Levine.
CAN SPAM address harvesting notice: the operator of this website will not give, sell, or otherwise transfer addresses maintained by this website to any other party for the purposes of initiating, or enabling others to initiate, electronic mail messages.