How to get customer lists or How to get others to hate you

Again I lack a good title but both will serve nicely for this one.

These days it’s very easy for me or anyone who knows you to collect sensitive contact information about your customers, sales reps, fabric sources, sewing contractors and finances. Best of all we don’t even have to ask for it because you just send it to us. It’s harmless to send it to me (I know for a fact that others have copied and pasted your juicier data into a database for their own use) but do you really want everyone -including your competitors- on your contact list to have that? I didn’t think so. What’s most shocking is who is doing it; everyone from computer neophytes to Ph.Ds in computer science.

So how is it that you are sending your most privileged sensitive business contacts to everyone you know however casually? That’s easy, you’re not using BCC from your email window. This is the rule: if you’re sending email to multiple recipients, use the BCC option. Never put the email addresses of people who don’t know each other in the To or CC fields. The only exception is by explicit or implied pre-agreement in that every recipient has the need to communicate with everyone else in the group.

Here’s how it happens:
Someone you’ve emailed has an infection. A spam harvesting program reads the email addresses in the CC field of your email and responds by spamming everyone in that list. What’s worse is if you send an email to your entire contact list with an apology and disclaimer which negates your own apology if you also didn’t use the BCC option. Meaning, anyone who receives your message has the email address of every other recipient and people’s reactions will range from annoyed to offended to very angry. If anyone receiving your CC’d group email has an infection, the cycle starts all over again because they spam everyone in your contact list.

Other than the damage you can do to yourself, it creates two problems.
1. You are violating every recipient’s privacy and exposing them to spam.
2. Your security breaches are akin to forcing everyone you email to have unprotected group sex with everyone else you email. Their only connection to each other is that they each know you.

My policy now is that if I get a spoofed spam email from you with multiple addresses in the CC field, I delete it unless it is obvious the entire list came from you -in which case I mark it as spam. It’s easier to know the list came from you than you’d imagine (we know many of the same people). If that ambiguity is removed because I get an apology email from you with your entire contact list in the CC field, I can safely add your address to my blacklist because your poor security practices are confirmed and it’s not fair to expose me to more spam. If it matters, I don’t do this happily.

When I’ve explained this to people they insist there is no BCC option in their email window. I don’t believe there is an email program in existence without it. You just haven’t noticed it. Look for it.

A related mechanism is now at work on Facebook and it is even more annoying. Someone will add X number of their contacts to a conversation and then anyone who was added (without their consent) receives updates from people they don’t even know whether they’d wanted to be included or not. I solve that by unfriending whoever it was who added me without my consent. The only saving grace is you don’t get too many emails because the people who tend to do this don’t have many friends. Somehow I don’t think that is a coincidence. They probably bleed friends.

Get New Posts by Email


  1. Scott Smith says:

    Thank you for the BCC comment. I get several emails from local groups/organizations that have everyone’s email available because they have sent it using the TO: line. First it gives away everyone’s email and second, I think it looks cluttered and unprofessional with that many addresses showing.
    Thanks again Kathleen.

  2. Charles says:

    This is very good advice and very important. Sometimes I wish they would put the BCC field at the top in email software and hide the TO (rather than vice versa) to force people to find out what it is. O:)

  3. jasmin says:

    Bang on Kathleen – another handy hint to add – if you copy something from an application (eg an excel spreadsheet) into another application (eg a presentation or word document), please don’t embed it – use the ‘Paste special’ option, and paste it as a picture. That way only the visible information is available.
    If you embed it, I can open it when you send me your file. Then I can see everything stored in the original document. I’ve pointed this out before to vendors who have embedded spreadsheets to display a graph, not realising that they are also providing information about margins, sales, and all sorts of information you *really* don’t want to share, and its available to anyone who wants to open the file.
    If you copy info off a website (eg say online banking > account payment received) you may also be imbedding links – make a practice of ensuring you remove any links to online content. Once again, just do a ‘paste special’ and ‘unformatted text’ to get rid of the built in links when you paste from web content.

    Don’t give away your information!

  4. Elaine says:

    Thanks, Kathleen. I can’t count how many times I’ve tried to explain this to people. Now I’ll just link them to this post! :)

  5. Marie-Christine says:

    oh, hey, I -save- those emails with everyone’s address. Very useful :-).

    And there’s even better from Facebook: sucking up your entire phone book into their database, including private info of innocent bystanders who aren’t even registered. That’s besides the 135 different settings to preserve your data. I might have to create an account just so I can attempt to control how my data is smeared around..

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.