This is a very real problem.
With regard to conventional mail, I'm not really sure how it can be
addressed. You could consider a suitably adapted form of the process
described below.
With electronic media the process is relatively straightforward. I subscribe
to a number of mailing lists, e-newsletters, etc. and many of these employ a
subscription method based on the following:
i) the user requests a subscription, entering such personal data as is
necessary and including their e-mail address. This is the e-mail address to
which the mailing-list or newsletter will be delivered.
ii) an "account" is set up in abeyance, and an e-mail sent to the address
given in the subscription information asking the would-be subscriber to
confirm that they require the subscription.
iii) on receipt of a confirmation the account is activated.
Often stage (ii) includes some information in the body of the e-mail which
has to be in a defined part of the reply sent to the subscription service -
eg. in the subject line or as the first (and only) line of the body of the
message. This helps to protect against automatic generation of these
replies.
None of this is foolproof - a malicious person "A" could subscribe in the
name of person "B" using a hotmail account or similar. They could reply to
the validation message and then use the normal "account management" facility
of the service to change the delivery address to B's real e-mail address.
The better services therefore also provide the same kind of system to
validate account detail changes.
Hope this helps.
Stuart
-----Original Message-----
From: Phillip Simons [mailto:[log in to unmask]]
Sent: 29 July 2003 09:43
To: [log in to unmask]
Subject: Adding people to a mailing list without their knowledge
I don't know whether this issue has been discussed in this forum before but
here goes
Our organisation maintains a postal mailing list. Anyone can join. They can
join via our website or by filling in a paper form or they can send an
email.
Somehow a person and their home address got registered on this postal
mailing list without their knowledge. They complained to us about it when
they got one of our mailings. They also complained that the organisation
that appeared on their address was false and caused them distress (I won't
state what it was).
All our mailings have an address correction facility and a 'remove from
this list' box. We have of course apologised and remove her from the list.
Although we check every new name and address added to our mailing database
this one somehow slipped through because although it was distressing to the
person concerned it was a medical term that our staff didn't notice at the
time (we are a medical research programme).
It seems to me that anyone can snip a coupon from a magazine and subscribe
someone else without them knowing about it and in whatever terms they want.
Similarly via the web. Does anyone have any observations or advice about
this and our response to the incident mentioned above?
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at : -
www.jiscmail.ac.uk/user-manual/summary-user-commands.htm
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
----------------------------------------------------------------------------
The information contained in this e-mail is confidential and is intended
only for the named recipient(s). If you are not the intended recipient you
must not copy, distribute, or take any action or reliance on it.
If you have received this e-mail in error, please notify the sender.
Any unauthorised disclosure of the information contained in this e-mail
is strictly prohibited.
----------------------------------------------------------------------------
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at : -
www.jiscmail.ac.uk/user-manual/summary-user-commands.htm
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|