dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
1892
share rss forum feed

jstratner

join:2012-12-16

Link disguising in the email titled "Copyright Update"

I recently received the email communication titled "Copyright Update" from you guys. On one hand, thanks for keeping us informed on this copyright issue. On the other hand, the disguised links are pretty much unacceptable. Below is an example of one of the offending links:
<p>
<font size="1" style="color: #000000;"><strong>&nbsp;</strong>Since that time
we have had many questions from customers concerned that they may have missed
the communication.&nbsp; We have set up a notification system in the customer
portal to let our customers know if they were on the list.&nbsp;&nbsp; Please
visit the My World on the TekSavvy website to verify this information.</font>
</p>
<p>
<font size="1" style="color: #000000;"><a class="" href="https://oe972.infusionsoft.com/app/linkClick/1111/2222222222222222/3333333/4444444444444444">https://myworld.teksavvy.com/Account/Login.aspx?ReturnUrl=%2f</a></font>
</p>
<p>
 
(where I've swapped out the actual tracking number for 111/22/etc).

I'm not implying that this email is fraudulent, but it's disconcerting that you are using that technique, as it's indistinguishable from phishing (see »en.wikipedia.org/wiki/Phishing#L···pulation ). A reasonable internet user would not follow such a link without first investigating whatever "infusionsoft.com" is. It makes sense that you'd wan't to know how many people followed those links; but consider that it would come across as considerably less shady if the link-tracker was hosted on your own domain.
Expand your moderator at work

graniterock
Premium
join:2003-03-14
London, ON
reply to jstratner

Re: Link disguising in the email titled "Copyright Update&q

This has been brought up before with their other mass mailings of theirs.



Kev
TekSavvy.com
Premium
join:2005-06-12
canada
reply to jstratner

I would like to know what that link to and what it does? It steal Tek Account for?
--
Teksavvy.com + 300GB Bandwidth awesomeness!


Curmudgeon

join:2012-04-09
reply to jstratner

Viewed in gmail, it will show it came from "TekSavvy Buzz teksavvybuzz@teksavvy.com via infusionmail.com". If you check the message headers it shows the origin as:

mailer@infusionmail.com

Infusion Software, 103-2065 W. Obispo Ave., Gilbert, AZ 85233

1-866-800-0004



rogersmogers

@start.ca
reply to jstratner

Using a site like they have it allows them to see how many people have clicked the link, how many people the email has gone out too. How many emails bounced back etc... It's all for tracking stats nothing bad or tinfoil hat like.



TSI Andre
Got TekSavvy?
Premium,VIP
join:2008-06-03
Chatham, ON
kudos:24

said by rogersmogers :

Using a site like they have it allows them to see how many people have clicked the link, how many people the email has gone out too. How many emails bounced back etc... It's all for tracking stats nothing bad or tinfoil hat like.

Correct. We use it to track our success vs. fail rate on emails and to see how many of our clients click through on the links.

When we sent out the email, MyWorld was timing out due to extremely high traffic. The infusion soft redirect is supposed to be instant but since MyWorld was timing out, it made it look like a phishing site however I can confirm that it wasn't!

Cheers,

Andre
--
TSI Andre
Director of Service Delivery
Authorized TekSavvy Employee ( »TekSavvy FAQ »Official support in the forum )
Follow me on Twitter!

Curmudgeon

join:2012-04-09

It's more than that. TekSavvy has given our personal e-mail addresses to Infusion Software without explicit permission. Is this permitted under your privacy policy? Many of these addresses are not @teksavvy.com. Mine was @gmail.com and I unsubscribed from the list immediately.



The Doctor

join:2011-11-25
Montreal,Qc
Reviews:
·ELECTRONICBOX

1 edit

The level of paranoid behavior on these forums is insane last few days.

Curmudgeon gmail as all your e-mail contacts and can read any and all e-mails you send out but that does not bother you????
Gmail does not do this but they could but yet seem more worried about tek using 3rd party mailling that as your e-mail gmail addy.



rogersmogers

@start.ca
reply to Curmudgeon

said by Curmudgeon:

It's more than that. TekSavvy has given our personal e-mail addresses to Infusion Software without explicit permission. Is this permitted under your privacy policy? Many of these addresses are not @teksavvy.com. Mine was @gmail.com and I unsubscribed from the list immediately.

Maybe go read the privacy policy and you tell us. I am betting it covers this.

bt

join:2009-02-26
canada
kudos:1
reply to Curmudgeon

said by Curmudgeon:

It's more than that. TekSavvy has given our personal e-mail addresses to Infusion Software without explicit permission. Is this permitted under your privacy policy?

I'm willing to bet that it is, as it was for the explicit and limited purpose of contacting TSI's customers on behalf of TSI.


rogersmogers

@start.ca
reply to jstratner

You all want a valid reason for this being done. Right now in court TSI was able to say only 10% of people have been notified. I bet some of those stats came from how many emails went out and who has clicked the links etc..


UK_Dave

join:2011-01-27
Powassan, ON
kudos:2
Reviews:
·TekSavvy DSL
reply to bt

See the hashtag for the courtroom #teksavvy

Or follow on the board here....

»[Twitter] Court Hashtag - for Monday ?

The malicious link had a purpose it seems.


JonyBelGeul
Premium
join:2008-07-31
reply to jstratner

I don't click through on principle. But there's an easy solution.

Provide both direct and meta links. This way, those of us who don't click through on principle can still go to the link anyway without much fuss. I've dealt with other enterprises who do it like that. Things like registration confirmation emails are written like that, i.e., "if the link above doesn't work, try the direct link below".

I understand that a direct link bypasses TSI's intent, but based on the fact that many TSI customers are savvy, therefore would not click through on those links anyway, providing a direct link is just polite, and makes it easier for TSI's intent to be fulfilled after all.
--
My blog. Wanna Git My Ball on Blogspot.


jstratner

join:2012-12-16

said by JonyBelGeul:

I don't click through on principle. But there's an easy solution.

Provide both direct and meta links. This way, those of us who don't click through on principle can still go to the link anyway without much fuss. I've dealt with other enterprises who do it like that. Things like registration confirmation emails are written like that, i.e., "if the link above doesn't work, try the direct link below".

I understand that a direct link bypasses TSI's intent, but based on the fact that many TSI customers are savvy, therefore would not click through on those links anyway, providing a direct link is just polite, and makes it easier for TSI's intent to be fulfilled after all.

I sort of agree. The easy solution is to host the link-tracker on *.teksavvy.com. We already gave Teksavvy our credit cards and home addresses; it's not a question of trusting Teksavvy at this point. I don't have a problem with *TekSavvy* tracking link clicks in this context. My complaint is the use of 3rd party phishing style links.

If this is important (brief reading of the other threads indicates that this method is used to quantify how many users have been notified about the copyright troll), then please do it in a less shady way. Even the average internet user knows to avoid phishing links.

bt

join:2009-02-26
canada
kudos:1
reply to UK_Dave

said by UK_Dave:

The malicious link had a purpose it seems.

Except it's not malicious at all.

It certainly can appear that way, though, so I can't blame anyone who gets suspicious about it.

MaynardKrebs
Heave Steve, for the good of the country
Premium
join:2009-06-17
kudos:4

1 recommendation

reply to Curmudgeon

said by Curmudgeon:

Viewed in gmail, it will show it came from "TekSavvy Buzz teksavvybuzz@teksavvy.com via infusionmail.com". If you check the message headers it shows the origin as:

mailer@infusionmail.com

Infusion Software, 103-2065 W. Obispo Ave., Gilbert, AZ 85233

1-866-800-0004

@Marc
Is it too much to ask that you use a Canadian-based service?
One that doesn't cause personally identifying information to cross the US border and get swept up by the NSA?

MaynardKrebs
Heave Steve, for the good of the country
Premium
join:2009-06-17
kudos:4

1 recommendation

reply to TSI Andre

said by TSI Andre:

Correct. We use it to track our success vs. fail rate on emails and to see how many of our clients click through on the links.

When we sent out the email, MyWorld was timing out due to extremely high traffic. The infusion soft redirect is supposed to be instant but since MyWorld was timing out, it made it look like a phishing site however I can confirm that it wasn't!

Viewed in gmail, it will show it came from "TekSavvy Buzz teksavvybuzz@teksavvy.com via infusionmail.com". If you check the message headers it shows the origin as:

mailer@infusionmail.com

Infusion Software, 103-2065 W. Obispo Ave., Gilbert, AZ 85233

1-866-800-0004


@Marc, @Andre
Is it too much to ask that you use a Canadian-based service?
One that doesn't cause personally identifying information to cross the US border and get swept up by the NSA?
Expand your moderator at work


TSI Andre
Got TekSavvy?
Premium,VIP
join:2008-06-03
Chatham, ON
kudos:24

1 recommendation

reply to jstratner

Re: Link disguising in the email titled "Copyright Update&q

Hi guys,

There are a lot of question on this thread that I do not know the answers to. I have asked internally for some answers to clear things up for you.

Stay tuned.

Thanks,

Andre
--
TSI Andre
Director of Service Delivery
Authorized TekSavvy Employee ( »TekSavvy FAQ »Official support in the forum )
Follow me on Twitter!


malocite

join:2004-05-24
Hamilton, ON
Reviews:
·TekSavvy DSL

1 recommendation

reply to jstratner

This is how companies communicate with mass audiences. They use products like constant contact or infusion to send out mass emails to their customers and they can track how many people opened them, how many people marked them as spam and how many people clicked through the links.

This is no different than using google analytics.

No one has sold your information, and if you're that paranoid then perhaps the internet is not the place for you. There are many public libraries full of books for you to read.



hm

@videotron.ca
reply to MaynardKrebs

said by MaynardKrebs:

Is it too much to ask that you use a Canadian-based service?
One that doesn't cause personally identifying information to cross the US border and get swept up by the NSA?

Maybe they did what they could with what they had.

Anyhow, the stats from this Email was used in court today to show how only 10% of the affected users were aware that there is a case against them.

Maybe after all is said and done they will look into it. I dont think that's a priority right now with Xmas a week away and Canada's largest mass trolling lawsuit less than a month away.

In other words, Cut them some slack on this one and give them time to breath. There was some reason to this insanity after-all you know (or maybe now you just realized and only now know).

*shrug*


TSI Andre
Got TekSavvy?
Premium,VIP
join:2008-06-03
Chatham, ON
kudos:24

1 recommendation

reply to jstratner

Hey guys,

I got some clarification on this subject:

We are using InfusionSoft as a Cloud based solution to send out mass emails to our clients. Doing so allows us to track the success rate of our email blasts.

We have a very strict agreement in place with them to ensure that only TekSavvy has access to our customer’s information. This agreement ensures that the use of this software adheres to our Privacy Policy. No one other than TekSavvy can send information to our clients/contacts.

Although we are growing rapidly, we are still a small company and at this time, we have not had the time to create an enterprise-grade solution in-house. We are however evaluating this option providing it makes sense to do so.

Hope this helps!

Thanks,

Andre
--
TSI Andre
Director of Service Delivery
Authorized TekSavvy Employee ( »TekSavvy FAQ »Official support in the forum )
Follow me on Twitter!


MaynardKrebs
Heave Steve, for the good of the country
Premium
join:2009-06-17
kudos:4

1 recommendation

said by TSI Andre:

We have a very strict agreement in place with them to ensure that only TekSavvy has access to our customer’s information. This agreement ensures that the use of this software adheres to our Privacy Policy. No one other than TekSavvy can send information to our clients/contacts.

Do you encrypt the information you send them? If not, the NSA already has it in cleartext. How long do you think it will take for the **IAA to get their hands on it? or more appropriately put, do you trust the US government when the focus of EVERY trade deal they do is copyright, copyright, and more copyright?

Your supplier is a US company and subject to ALL US laws, including handing over data. The minute you get your NYC hub up and running, so too will TSI (already mentioned that to Marc).

Curmudgeon

join:2012-04-09

said by MaynardKrebs:

Your supplier is a US company and subject to ALL US laws, including handing over data.

+1

And Voltage, another US company, knows that you are using Infusion Software to notify the affected users in its case.