2010-01-13
One reason why you should not let people register other people
Let us suppose that you have a website that allows and in fact requires registration. Let us further suppose that you have decided to be clever and viral; you will helpfully let people register other people, so Jim can tell your website 'create an account for Bob, here's his email address'.
(This is subtly different than registration confirmation email, at least in practice. Arguably it is worse, since you aren't even trying to confirm that Bob is interested, you're setting up the account whether or not he is.)
Don't do this. No, really, no matter how much marketing tries to talk you into this.
First, this violates one of the principles of modern email. You only get to bother people who've asked you to bother them; you don't get to bother other people.
Second, if you allow this I can assure you that sooner or later someone is going to get clever (or forgetful, or helpful) and register a mailing list. This generally creates comedy, except not comedy for you and not really comedy for the mailing list. But it is a good way to leave an indelible impression on people.
And I really do mean indelible, because many mailing lists are archived all over the place; I'm sure that you can find any number of such 'registration' emails that have been sent to the Linux kernel mailing list alone. All of those are going to come up when someone else who gets your registration email starts doing Internet searches for you or for the phrases in your email, and their impression is going to be even more negative than it already was.
(Of course, the real reason not to do this is that spammers have already poisoned this well long ago, much like they have poisoned all of the excuses for sending people unsolicited email in bulk.)
2010-01-02
Proper disclosure, or how not to be a comment spammer
Shortly after I wrote my first ipsCA entry, I got a comment on the entry recommending a specific other SSL vendor. At first this didn't strike me as unusual; it was the kind of helpful note that might be left by one of my readers (or just someone who saw my blog entry on Planet Sysadmin). But I have a hair trigger with spam, one that not infrequently makes me unreasonably suspicious, so I ran the poster's IP address through a reverse DNS lookup just to make myself feel better.
Since I'm writing an entry about it, you can probably guess what the result was. Let's just say that the IP address in question was intimately associated with the SSL vendor that was being recommended (although this was not immediately obvious, since it was in the overall corporate domain instead of the vendor's SSL site).
I doubt that this is actual, intentional comment spam (for a start, I suspect that anyone underhanded enough to do this intentionally is smart enough to do it in a less traceable manner). Instead, I imagine that it was simply a well-intentioned employee of the SSL vendor wanting to share some good news. However, the net effect was extremely bad; by not disclosing their affiliation, the commentator turned their good intentions into comment spam.
(And they caused all of the consequences that usually ensue. For example, I am going to do my level best to insure that we don't buy our eventual SSL certificates from that vendor.)
So here is a message to all vendors, and to everyone who works for them: proper disclosure is not optional. There is no surer way to throw away any possible goodwill you might have and give yourself an indelible and unpleasant reputation than to act like a covert marketer. People these days are more and more sensitive to things that look like marketing, 'astroturfing', and outright spam (and the lines between them are awfully thin), and they react very badly; you become a untrustable, slimy liar on the spot. And you will get caught sooner or later.
(Perhaps you think that you can't disclose your affiliation without your comment looking bad. Well, you know, if you can't disclose your affiliation without having your comment look like anything but a marketing message, perhaps you ought not to leave it, good intentions or not.)
(This is one of those entries that I shouldn't have to write but apparently I do.)