Hi folks, (Insert standard cross-posting apology here.) This morning, i received an email closely resembling the following from a respected system software vendor (name obfuscated by FOOBAR to protect the guilty). -- Snip -- 8< ---------------------------------------- Dear Valued FOOBAR Customer Thank you for using FOOBAR Software products and services. As part of our ongoing efforts to improve customer experience, we are currently conducting an exercise to verify your Company's information as well as the designated contact person's information. Your Company's name or addresses may have changed since and they may not have been updated in our records. As such, we will like you to reply to this email with the following information so that we can verify and rectify, if necessary. Name of Company: Company's Address: Name of Contact Person: Contact Person's Tel#: Contact Person's Fax#: Contact Person's email: Please ignore this email if you have responded to our earlier calls to verify your contact information. Thank you for your participation. Rgds, FOOBAR Software Asia Pacific Pty Ltd -- Snip -- 8< ---------------------------------------- My first question is this: if you received an email such as this, would you trust it? Obviously, i didn't. I contacted the vendor's local office, was quickly put through to a technical person, who subsequently verified the authenticity of the message. (The only reason i called them instead of just deleting it was the fact that the Received: headers in the email did not appear to be forged.) My reply to the person who verified the message read as follows: -- Snip -- 8< ---------------------------------------- Thanks for the reply. Could you please pass this feedback on to the appropriate people: My primary expectation with email communication like this is some sort of cryptographic signature, like PGP or S/MIME (the latter is probably preferable, since it is available at no cost to users on many email platforms). All relevant keys or certificates should be shipped on your product CDs so that they can be verified through a channel independent of the email. Other (less desirable) independent channels might be telephoning your local office (as i did today), or downloading keys or certificates from your web site. Please note that simply turning the email into HTML and adding a corporate logo and a link to your web site are not sufficient. In fact, all links in HTML email are automatically suspect as far as i am concerned, due to the number of viruses and scams now masquerading as legitimate emails from companies like Microsoft, Symantec, and Westpac. If you cannot yet send signed messages, then at least make sure they are plain text. I realise these are not things that can be implemented overnight, but they are essential for you to implement if you are to communicate with your customers in a trustworthy manner via email. If i cannot verify the message itself, and cannot easily contact someone in the local office and independently verify the message, then i will simply ignore it, wasting your time and mine and possibly complicating matters next time i make a support call. And while i'm at it (since you jogged my memory by mentioning marketing spam , let me mention that for a company like yours, marketing via email, even to existing customers, is an unneccessary and distasteful practice. Speak with your products, not your mailing lists. The thing that will get me to use your products (and indeed this is why i am an existing customer), is recommendations - stories of strong reliability and service from my peers and colleagues in industry. Advertising, even about useful products from companies i know, just ends up in my junk mail folder. -- Snip -- 8< ---------------------------------------- More questions: Do other "respected" software vendors communicate with you like this? What do you do about it? Am i being too harsh? Do you care? (For those of you reading this email in an attachment due to the PGP/MIME bug in MS Outbreak, i can probably guess on your answer to the last one. :-) -- Paul Gear, Manager IT Operations Redlands College, 38 Anson Road, Wellington Point 4160, Australia (Please send attachments in portable formats such as PDF, HTML, or OpenOffice.) -- The information contained in this message is copyright by Redlands College. Any use for direct sales or marketing purposes is expressly forbidden. This message does not represent the views of Redlands College.
Attachment:
pgp00004.pgp
Description: PGP signature