On Mon, Jul 12, 2010 at 4:08 AM, Jay Hennigan <jay@west.net> wrote:
On 7/10/10 7:26 AM, Nick Boyce wrote:
I tend to assume that when I get an email allegedly from Company A (Internap) but actually sent by Company/Domain B (iContact), inviting me to enter all kinds of sensitive information about my organisation's operations into a "survey" hosted at Domain C (Zoomerang) ... then I'm being socially engineered by a Bad Guy, and I just press "delete". [...] Rather than JHD (just hit delete) please try to reach out to someone with technical clue at Company A or their upstream.
Actually I _do_ do that quite a lot .... much to the amusement of some colleagues who think I complain too much. I'm quite used to contacting abuse@ and security@ teams anyway, so I often just treat these emails as a security issue, and forward them to security@CompanyA stating "Someone is sending email claiming to be from your company but it looks as if they're actually a completely different organisation. You may want to look into this as a possibly fraudulent activity against your employer. If however these emails are genuine then my apologies for wasting your time, but you may wish to forward my email to the relevant marketing department, pointing out how ineffective their campaign will be, due to the number of recipients who will treat it as a scam." However, as I'm sure you will have found, this often results in either (a) no response, or (b) a tedious, painful response dialog with various Company A staff who just don't get it. Only rarely do you get to talk to Someone With A Clue who gets the required policy changes implemented.
I do this, even when Company A is a big well-known company (e.g. Sun ... it's happened)
Sun giving away Dell laptops? O RLY?
[grin] .... no, in their case it was a free iPod as I recall ... wouldn't have minded one of those, except that they won't play OGG media.
Shaming them is IMHO more effective, although it takes more work.
Trouble is, they're almost always outsourcing their campaigns, as part of the western world's obsession with cost cutting by eliminating in-house staff. The MBA whizz-kids who dream it up just won't listen to anything but bottom line. "Incorrect domain name on the sender address ?", they say, "... I'm afraid I don't see the significance. I'm telling you now that ACME Mailshot Campaigns And Surveys Inc. is fully authorised by us". [subtext: my bonus depends on the resulting "savings"] But yes, as and when I can bear it, I do what you suggest. Keep the faith, Nick -- /* affect != effect */ void affect(int *thing,int effect) { *thing += effect; }