To many people, the easiest way to determine if an email message can be trusted enough to warrant opening and reading it is to look at the sender. Unfortunately, the inboxes of our family and friends can be compromised rather easily and used to send spam.
But surely the email of a large, respectable news organization would be immune to the trickery and masquerades of spammers, right?
On December 28, 2011 subscribers to the New York Times received an email from the news company. The email informed these recipients that although their recent request to cancel their home delivery subscription for the newspaper had been received, the Times was appealing to them to reconsider their decision and remain on as a customer:
Our records indicate that you recently requested to cancel your home delivery subscription. Please keep in mind when your delivery service ends, you will no longer have unlimited access to NYTimes.com and our NYTimes apps.
We do hope you’ll reconsider.
As a valued Times reader we invite you to continue your current subscription at an exclusive rate of 50% off for 16 weeks. This is a limited-time offer and will no longer be valid once your current subscription ends.*
Continue your subscription and you’ll keep your free, unlimited digital access, a benefit available only for our home delivery subscribers. You’ll receive unlimited access to NYTimes.com on any device, full access to our smartphone and iPad® apps, plus you can now share your unlimited access with a family member.†
To continue your subscription call 1-877-698-0025 and mention code 38H9H (Monday–Friday, 8:30 a.m. to 8:30 p.m.; Saturday, 9 a.m. to 3 p.m. E.D.T.).
In a day and age where a majority of people get their news from electronic sources instead of traditional newsprint, this doesn’t sound like anything out of the ordinary.
However shortly after these emails went out, a tweet from the Times’ account went out stating:
If you received an email today about canceling your NYT subscription, ignore it. It’s not from us.
Instead of a few people being asked to reconsider their choice to cancel newspaper delivery services, the email went out 8 million people. All of them subscribers to services of the New York Times, but some of them only subscribed to the digital edition of the newspaper. They weren’t even customers of the home delivery service.
Spreading the News Over Twitter
As soon as the tweet was released, the speculation started. Although the New York Times claimed that they were, “working to coordinate a response,” many on Twitter pointed the finger at Epsilon, the email firm that was compromised last spring.
When asked by BetaBeat if this was a result of the recent breach, Epsilon spokesperson Jessica Simon stated:
“This is the first I’ve heard of it. Let me talk with our email group and get back to you.”
Jumping the Gun
Once the smoke had cleared and the fingers had been pointed and redirected, it turned out that the email actually was sent from the New York Times’ email servers. They immediately released the following statement:
An email was sent earlier today from The New York Times in error. This email should have been sent to a very small number of subscribers, but instead was sent to a vast distribution list made up of people who had previously provided their email address to The New York Times. We regret this error and we regret our earlier communication noting that this email was SPAM.
It is nice that they regret their error, however they shouldn’t regret calling their errant mass mailing spam, because that is exactly what it is.
According to WikiPedia, Spam is unsolicited bulk, or unsolicited commercial, email. It is the practice of sending unwanted email messages, frequently with commercial content, in large quantities to an indiscriminate set of recipients.
Companies, especially larger ones, need to understand that when someone trusts them with their email address they are assuming that this information is safe. Safe from cyber-criminals looking to harvest these addresses and safe from trusted employees accidentally sending out indiscriminate emails causing panic.
Had this incident in fact been caused by a security breach, the result would have been similar. Customers would have been hassled by illegitimate messages, people would have been less productive as they were forced to deal with this fake warning and resources were spent dealing with the mess.
Just because it was an email that was sent by mistake doesn’t mean the effects are any less irritating or costly.
If it walks like a duck, and sounds like a duck… well, you get the point.