I assume you have never had to send email to hundreds of thousands of people with short notice. There are many ways to get banned in very short order. The typical route is to use a third party service, but they are almost without exception set up to not accept a large non opt-in list for immediate mailing.
I'm perfectly familiar with database queries, but pulling a list of email addresses doesn't do anything. The problem is what you do when you have the list of email addresses.
It is when you have never emailed the list before and don't have a relationship with a mailing service to do it on your behalf. Not a lot of firms like people walking up with a 1.5m non opted in list that you want to send to immediately.
I've often wondered how companies such as the ones listed in another comment (MailChimp, Campaign Monitor, SendGrind) avoid being banned, or any company that sends a large amount of mail. Is something that just requires you to build up reputation over time?
It's a multi stepped process: use different IPs for different clients, warm up the IPs to build good reputation, actively work with ISPs to whitelist the IPs, enroll in loopback programs with the ISPs, carefully monitor spam complaint and bounce rates, etc.
Sending a large amount of email to a well established list can actually help your reputation, since the ISPs see that you send large numbers of emails that don't get reported as span -- that makes the (hopefully) few that do not affect your reputation as much.
My email from teamhint was in my Gmail spam folder.
If there weren't a nugget of truth in this, this phrase from the email would actually be hilarious:
"We HIGHLY recommend you change all of your online passwords as a precaution."
Thankfully my Gawker password was limited to a few sites of no worth and you can't deduce any of my other ones form it.
There's a little bit of scaremongering in that sentence though. Why change your other passwords, UNLESS your Gawker password was your email password too? After 19 years on the Internet, I have a lot of logins.
my apologies for the sharp rhetoric, i only meant to say that SOMEone was able to get the notice out right quick. i think it's great that you guys did that, seriously, but i think it was a mistake to forget what the click?Hash idiom is typically used for.
and really, your actions kinda put a lie to gawker's sloth, so extra props for that.
I got a notice from teamhint, very pleased as I wasn't sure which email I used for posting to Gawker/Valleywag. I then changed my main logins under that email.
I'm not sure if you guys have dealt with ISP blacklists before, but I think there is a good chance hint.io will never be able to reliably reach an inbox again. Sending emails to white-listed addresses is hard enough to get right, let alone sending to 1.5 million arbitrary email addresses.
Jesus. I just happened to check the reset password with my email address and found out that I do have an account. I have no idea what my password was, now I have to reset everything just to be safe.
The good thing is that the password is reset to a random string when you click "send password", so no further action is necessary if you don't read Gawker anymore.
except now you can't tell if you used one of your "standard" passwords or not, so you have to reset your passwords on every web site you've ever used. Instead of "reset your password", try logging in with your standard passwords, and hope that nothing works.
It's unfortunate that they still have no way to delete your account, because I wanted to delete mine a year ago and I'm sure they would have a lot fewer emails to send out.
42 comments
[ 2.2 ms ] story [ 112 ms ] thread"We are in the process of sending out emails to all ~1.5m users affected. Unfortunately, sending out that many emails is not a simple process."
I think MailChimp/Campaign Monitor/SendGrind should be able to handle a 1.5M volume quite nicely.
Sending a large amount of email to a well established list can actually help your reputation, since the ISPs see that you send large numbers of emails that don't get reported as span -- that makes the (hopefully) few that do not affect your reputation as much.
FWIW, my password reset email was sent via Gawker side-project kinja.com. Curious.
If there weren't a nugget of truth in this, this phrase from the email would actually be hilarious:
"We HIGHLY recommend you change all of your online passwords as a precaution."
Thankfully my Gawker password was limited to a few sites of no worth and you can't deduce any of my other ones form it.
There's a little bit of scaremongering in that sentence though. Why change your other passwords, UNLESS your Gawker password was your email password too? After 19 years on the Internet, I have a lot of logins.
OpenID ain't looking too bad now, is it?
It would seem to be possible for Gawker to notify their users more quickly.
and really, your actions kinda put a lie to gawker's sloth, so extra props for that.
The links in their "Your account has been compromised" lead me to a login page for the beta site, which of course I don't have an account for.
Very odd to advertise for a site which then the "users" can't use.
If Gawker needs help, they can let us know. We finished updating their users ~ 10 hours ago.
http://thenextweb.com/media/2010/12/13/digital-good-samarita...
"Nice Job" hint.io.
It ended up in everyone's spam folders for a reason.
Knowing that we've saved tons of people's accounts from being vulnerable while Gawker sat back and did nothing is what I would call a nice job.
Cheers,
Dru
What a weird world we live in.