back to article PGP email marketing gaffe creates message storm

PGP irritated its security conscious customers on Tuesday by making the schoolboy error of sending out an email marketing message to a list of around 300 recipients without using the bcc field. As a result of the slip-up, all the recipients of the marketing email (extract below) learned the email addresses of other potential …


This topic is closed for new posts.
  1. alain williams Silver badge

    training needed

    Some new boy put in front of a PC and told to get on with it.

    Most organisations don't train their staff properly.

  2. This post has been deleted by a moderator

  3. Anonymous Coward
    Paris Hilton


    Bad PGP! Naughty!

    There's a sex shop in Soho that also did this recently. Instead of apologising to its customers, they ignored all emails to them about it. Great (lack of) customer service.

    And no, I'm not a customer of that shop, my, ahem, friend is.

    Paris because, well, she invented sex shops, didn't she?

  4. Anonymous Coward


    Somebody did this where I work, bypassing established marketing email procedures through laziness.

    They were promptly shown the door. Even for a small mailshot of a few hundred, there's no excuse for using Outlook, let alone forgetting to tick the right boxes.

    Email's a dangerous thing - I insist all criteria are triple checked before sending a bulk email.

  5. Cameron Colley

    Organisational flaw?

    CC and BCC should not be a choice when sending a group email -- the software should be configured so that mass-email CC is impossible.

  6. Graham Marsden

    A couple of weeks ago...

    ... I received an e-mail from from Argos plugging their "Spring Blowout Sale", but someone obviously hasn't comprehended the idea of BCC, because it has over one thousand, three hundred e-mail addresses clearly visible in the "To" field!

  7. Anonymous Coward
    Anonymous Coward


    Those email addresses should have been in a database. There should have been a method for mass emailing people in said database (web form?). Nobody other than the techies maintaining that database should have direct access to the list of email addresses.

    Maybe the guys at PGP don't care about protecting their customers personal data. Even people *within* the company should be prevented from accessing customer data that they don't *need* access to.

  8. Anonymous Coward
    Anonymous Coward

    someone needs to be fired for this

    that is all

  9. Anonymous Coward
    Paris Hilton


    Isn't this against dataprotection laws?

    Paris, as she knows all about being unwittingly exposed.

  10. Anonymous Coward
    Anonymous Coward

    Something like this happened...

    ...with a company my dad had inquired with regarding some engineering app or another. It resulted in an utter uproar of pissed off engineers firing messages back and forth: somehow, all mails back to the company, even without 'reply all', got cc'd to the original list.

    So the first round involved indignant responses to the company; the second involved angry rejoinders from people who got the first round and thought it was the fault of the first responders; the third involved both the peanut gallery submitting wry comments and others yelling for everybody else to STOP SENDING EMAILS ALREADY...

    Apparently it was a pretty fun day.

  11. Anonymous Coward
    Anonymous Coward

    We are very sorry about this

    and are doing what we can. I have posted a comment at:


    Jon Callas


    PGP Corporation

  12. Anonymous Coward
    Anonymous Coward

    Never fails to amaze me that...

    ...ISPs and most commercial mail server implementations don't have a limit on the number of addresses in the TO/CC field (e.g., more than 200 and it bounces back saying "please use BCC" or something.

  13. Anonymous Coward

    Employee of the Month

    So, Homer Simpson now works for PGP !

  14. Anonymous Coward
    Paris Hilton


    I was going to come in flaming, but then I saw this. The CSO fessing up in near real time and blogging it too. You don't see that very often these days.


    Paris because she knows all about full disclosure...

  15. Cameron Colley

    I've had worse from BladeRunner

    I forgot about this when I posted:

    First they left their web-based marketing database exposed to Google long enough for it to be cached for a few weeks (I know this because I google my email address now and again). They never replied to my email when I let them know either.

    Then, to add insult to injury, they sent out a bulk email with everyone's name in the To... Field.

    Mine's the hoodie with the Kevlar lining.

  16. Anonymous Coward

    @We are very sorry about this

    Don't fire whoever it was. Everyone makes mistakes.

  17. Anonymous Coward

    The problem with security

    is that 30 sigma reliability isn't enough to stop these things from happening.

  18. Bradley McDonald

    PGP email marketing gaffe creates message storm

    As one of the people who received this email,to say I'm NOT amused is putting it mildly.A security company that seems to have no idea about security.................. it's a joke!

  19. Tim

    @ Jon Callas.....

    Maybe you should change the company name to PPP (Piss poor privacy), then your customers couldn't complain.

    Gizza job fella! My marketing skills are outstanding.....

    "Trouble getting your name known? Sick of the pay-per-click advert costs? Use PPP, and then everyone will know your business!"

    Mine's the one with the CV in the pocket.

  20. Psymon

    @ Jon Callas

    First of all, may I say I am impressed with your speedy and honorable response to the matter.

    It's rare indeed that we see such candidness.

    Secondly, I would like to say this might be an embarresing incident for yourselves, dashed with more than a little irony, but that I have seen much, much worse gaffes, from organisations and individuals who should have known much better.

    At least it was only a harmless marketing email. Anyone got the latest tally from the MOD?

    290 email addresses Vs 600,000 peoples passport details, NI numbers, family details, medical records...

This topic is closed for new posts.

Biting the hand that feeds IT © 1998–2019