How to avoid bulk e-mail blunders

August 20, 2001

Two recent news stories about well-intentioned companies that made serious mistakes with bulk e-mail serve as warnings for everyone. Neither company was sending spam, although the negative publicity they received after their blunders was nearly as bad as that which spammers get. Both companies would have been much better off if they had let the e-mail professionals in their IS departments handle the mailing.

First, drug manufacturing giant Eli Lilly accidentally revealed the names of 600 users of its prescription drugs to other users. A few years ago, Lilly set up an e-mail service to send reminder messages to people taking its drugs for serious diseases. The messages were sent to individual users. In June, Lilly shut down the reminder service and sent a message to all the users telling them so. However, the sender of the message put all the patients' names in the "To:" field, revealing the names of all the users. News of this release of patient information was seen in national newspapers and television news. To make matters worse, the American Civil Liberties Union asked the Federal Trade Commission to investigate.

Then last month, the high-tech design and strategy firm Razorfish sent out the first issue of a newsletter to people working for its customer companies, many of whom didn't want to be on the mailing list. Sending out unsolicited mail is bad enough, but Razorfish made the situation worse by not making the mailing list one-way. When people started sending back unsubscribe requests, they went to the whole mailing list, not just to the list administrator. This, of course, made other people on the list very angry, and the tone of the messages went from bad to worse. Customers were mad, and the company looked incompetent.

Both incidents point out the corporate problems with letting untrained mail users create mailing lists. Almost everyone on the Internet subscribes to one or more mailing lists, and mailing lists are wonderful things when they work well. However, when they work poorly, the results often make the sender and the sender's company look like amateurs and possibly even open them to legal liability.

There is no perfect method for avoiding such mistakes, but taking two common-sense steps will certainly reduce your risk:

l Always send a test run to a small list of internal users. Each user should then read the message to be sure the headers and body look correct.

l Have your IS department use administratable mailing list software, even for what seem like one-time bulk messages. All mailing list software allows one-way lists; this will help prevent recipients from seeing each other's addresses and responses.

Your company should have a policy that all bulk messages go through the IS department. The Eli Lilly and Razorfish debacles clearly illustrate why such policies are necessary.

Hoffman is director of the Internet Mail Consortium and the VPN Consortium.