The Register® — Biting the hand that feeds IT

Feeds

Orange overshares in bcc blunder

Orange accidentally shared the email addresses of more than 300 customers yesterday during a bid to find out what they think of the company. The email, passed on to us by several readers, suggests the recipient might like to reply with their thoughts about how customers keep in touch with the operator, along with any suggestions …

This topic is closed for new posts.
Nic 3
Thumb Down

ESP

Which is why they and all serious firms should be using an Email Service Provider rather than their own email client for such broadcasts.

Anonymous Coward
Anonymous Coward
Reply Icon

What an opportunity

They could pay for the mail rather than sending it for free, and probably still mess it up.

The only sane reasons for using ESPs are to improve deliverability on junkmail, which wouldn't have been an issue here, and to get simpler reporting on read and click rates, which again probably aren't that important to them.

Nic 3
Reply Icon

Not true

ESPs provide a lot more than that. They have moved on.

yakitoo
FAIL

on reflection decided... no

wimps.

J2O
FAIL

Not so bright...?

A lot more than 300 - over 2000 excluding duplicates. More than one email went out, with different sets of cc'd addresses.

And guess what, it just happened AGAIN this morning! Orange sent a "Recall Email" message - cc'd to the same big list.

'Oops' perhaps doesn't cover this one...

Anonymous Coward
Unhappy

What charges?

Will the ICO move on this? I would suggest a minimum fine of £1,000 per breach. So that's at least £300,000 for this.

Of course, just like the FSA, the ICO is a toothless incompetent.

Throatwobbler Mangrove
WTF?

wait

"Orange sent a "Recall Email" message - cc'd to the same big list."

Do those "email recalls" ever work or is it just a cruel joke? I have certainly received lots of mistaken emails and then notice of the emails on corporate MS Exchange etc...but obviously I wouldn't know if there was a successful recall.

Anonymous Coward
Anonymous Coward
Reply Icon

Only if...

Yes, they do work, but only if the recipient uses outlook AND is on an exchange system AND you do and are to generate and get the message through AND those messages get accepted by the recipient's mail system. And you won't have a guarantee the recipient hasn't read it yet. It's of even less use than "disposition notifications" that aren't proprietary and sometimes do work even outside your corporate office but even so usually are dropped and not acted upon by many a mail system.

So, in general, no, they don't, and expecting that "recall email" button to work is as fruitless as trying to get a sent message back from the mail. The very existence of that button is yet another pox on how micros~1 tried to "embrace and extend" email, failing the grade spectacularly even on basic email and useful things like threading. The best is does is show the sender to be completely ignorant of how email works outside their cozy proprietary office.

As to reply-to-all storms, blame idiots with a reply-to-all button. You are responsible for your own actions, so you had better know what the button does before you press it.

The lesson? A few more reasons not to use micros~1 products that vaguely pretend to do email. They don't, but they do love to help with embarrasing you and your ignorance. Clippy and Bob are there to Help You!

Anonymous Coward
WTF?
Reply Icon

Outlook?

And where does it say Orange use Outlook in the article? Or maybe you have inside info? Otherwise they could be using Lotus or some proprietory system.

Regardless, all your points are relevant to all systems - any bozzo can and does send email to the wrong recipients and nothing to do with Outlook.

I am a user of linux and tried Evolution several times. Outlook beats it hands down in my experience. Great product, well at least the 2003 version is.

Anonymous Coward
Flame

Orange e-fail

1082 distinct email addresses per email. It's beyond a joke really. I am one of the customers affected.

On first contact with orange they tried to pass it off as a phishing attempt which would have been an even bigger fail as the questionnaire was in the body of the email asking for no personal information whatsoever. Now they admit the messup and have issued an apology to all who contact them It's not good enough.

A scan of the email headers show it is not actually orange uk who screwed the pooch though, it's the parent company, france telecom since the originating domain on the email is orange-ftgroup.com and the IP traces to france telecom.

Yet another problem caused by the garlic eating surrender monkeys.

I think we should post the email address originating the message and see how france telecom like being made into spam targets.

LTQ
Reply Icon

orange-ftgroup.com is used within the UK

All UK Orange employees have orange-ftgroup.com email addresses and the domain is widely used in the UK - in fact apart from customer-facing stuff, this is their primary domain. They switched over a couple of years back, so I think you'll probably find this problem does originate from a UK office.

Anonymous Coward
Anonymous Coward

Nothing new...

In my experience, 90% of the known universe doesn't seem to know the difference between CC and BCC. That includes local authorities, schools, education authorities, govt depts, private firms, etc, etc. Quite often, not only handing me a list of other private addresses, but often internal corporate ones too. In fact, the higher you go up in many organisations, the more culpable ignorance you find on this subject.

I've lost count of the friends I've lost when - after showing them 100 times how to properly BCC an email - they've once again CCed me with yet more multiple address lists. And usually with the kind of 'humorous' internet dross I don't want to read (for the 999th time) anyway. When I ask them to remove my email address from their address book - at once - they're astonished and offended. I don't need to worry about spam merchants - my email address must by now be on the PCs of 1000 people I don't even know. God help me if any of them are arrested for bank robbery, hacking or paedophilia!

FFS!! It only takes a mouse click! What is wrong with people?

Anonymous Coward
Anonymous Coward
Reply Icon

to BCC or not to BCC

That is the question. However these emails were listed in neither, the whole list was in the To: Field

solarwind
FAIL

solarwind

I was copied into this email. I think you'll find there were circa 1000 email addresses included and not 300.

theodore
FAIL

not unique to Orange

I recently received an email from one of my Colo providers, and while they did send it from their 'donotreply@' account, and sent it to their 'donotreply@' account, they put all of the Their Atlanta customers' address in the CC field instead of the BCC field. Of course, when I sent them a message about it, never got a reply...

This topic is closed for new posts.