Quechup

Last updated

Quechup (kway-chup) was a social networking website that came to prominence in 2007 when it used automatic email invitations for viral marketing to all the e-mail addresses in its members' address books. [1] This was described as a "spam campaign" and raised a great deal of criticism.

Contents

Address book harvesting

The automatic invitation of all the contacts in the e-mail address books of people who signed up to their service was controversial for two reasons:

  1. Without explaining intentions, Quechup required permission to access the address book. [2]
  2. Invites were sent to all addresses in address books without permission of e-mail address owners.

This attracted a great deal of criticism [3] in September 2007.

Reacting to the criticism, Quechup's parent company iDate Corporation made a public statement on 17 September 2007, [4] stating that:

"Quechup was one of the first social networking sites to include such a feature back in 2005. With its growing popularity (social networks), expectations of what features a service should have and how they should work have emerged. Quechup's address check did not conform to what users now expect as the norm."

Much of the criticism focused on misleading users by hiding the nature of the feature in the 'small print' of the site terms [5] and not specifying it in the Quechup privacy policy, which stated only, "You agree that we may use personally identifiable information about you to improve our marketing and promotional efforts, to analyse site usage, improve our content and product offerings, and customize our Site's content, layout, and services.". [6]

While admitting the campaign was misleading, technology blogger Chris Hambly pointed out that text explaining how the feature worked was placed in normal print directly above the feature, raising the question of a user's responsibility to read what they agree to, although he noted that this explanatory text failed to clearly state what would happen. [7]

However you view this, no matter what your opinion is on this the fact of the matter is that you should READ what the page says as it is very clear. In any case there is a link which says "I don't have an address book"!... I can only say you should READ these things clearly in the future, it’s quite simple.

In their 17 September statement, Glen Finch, Chief Technology Officer stated

"It's important to confirm a few points. That the address book checker has always been an optional feature for members, they are under no obligation to use it and we provide relevant links for members to skip it. The explanatory text as to what it entailed and the terms of its use have always been stated directly on the page. We are well aware that Internet users frequently confirm they have read and agreed to lengthy all-encompassing terms and conditions rarely having actually read them. Therefore we deliberately included the explanation and terms of use directly on the page above the feature itself to avoid confusion."

This has raised the issue of users automatically 'opting in' without first understanding what they are accepting, rather than automatically 'opting out' of questionable features.

Response

Quechup responded by changing how it operated its service and belatedly reassuring customers it was not acting maliciously, even if irresponsibly.

  1. Quechup changed how its address book check worked within days, [8] clearly giving members the option of which contacts, if any, they wanted to invite.
  2. Quechup adopted Windows Live ID Delegated Authentication, enabling Live and Hotmail users to grant limited access by logging in directly on Microsoft's secure servers. [9]
  3. Quechup is a member of SenderScore [10] the world's most comprehensive database of email sender reputation.
  4. Quechup fully complies with Microsoft's Sender ID Framework for email authentication and uses SPF records. [11]

The Quechup affair encouraged calls for open authentication through an OpenID system such as Yahoo's BBauth, which would allow a user to grant limited access to their data, without providing passwords directly to a website. [12] Indeed, Quechup adopted Windows Live ID Delegated Authentication, an OpenID system for Windows Live and Hotmail users.

Fake invitations

In a more recent development, technology journalist Robert X. Cringely raised the possibility that Quechup may be sending fake dating invitations to subscribers that attempts to get them to sign up to a premium service. In his article, Cringely stated that it was not certain if these fake e-mails were the work of what he called a "rogue Quechup affiliate who gets a commission for sign ups" or a more sophisticated automatic spam operation. [13]

See also

Related Research Articles

<span class="mw-page-title-main">Email</span> Mail sent using electronic means

Electronic mail is a method of transmitting and receiving digital messages using electronic devices over a computer network. It was conceived in the late–20th century as the digital version of, or counterpart to, mail. Email is a ubiquitous and very widely used communication medium; in current use, an email address is often treated as a basic and necessary part of many processes in business, commerce, government, education, entertainment, and other spheres of daily life in most countries.

Various anti-spam techniques are used to prevent email spam.

<span class="mw-page-title-main">Email spam</span> Unsolicited electronic advertising by email

Email spam, also referred to as junk email, spam mail, or simply spam, is unsolicited messages sent in bulk by email (spamming). The name comes from a Monty Python sketch in which the name of the canned pork product Spam is ubiquitous, unavoidable, and repetitive. Email spam has steadily grown since the early 1990s, and by 2014 was estimated to account for around 90% of total email traffic.

Sender Policy Framework (SPF) is an email authentication method that ensures the sending mail server is authorized to originate mail from the email sender's domain. This authentication only applies to the email sender listed in the "envelope from" field during the initial SMTP connection. If the email is bounced, a message is sent to this address, and for downstream transmission it typically appears in the "Return-Path" header. To authenticate the email address which is actually visible to recipients on the "From:" line, other technologies, such as DMARC, must be used. Forgery of this address is known as email spoofing, and is often used in phishing and email spam.

A Joe job is a spamming technique that sends out unsolicited e-mails using spoofed sender data. Early Joe jobs aimed at tarnishing the reputation of the apparent sender or inducing the recipients to take action against them, but they are now typically used by commercial spammers to conceal the true origin of their messages and to trick recipients into opening emails apparently coming from a trusted source.

Email marketing is the act of sending a commercial message, typically to a group of people, using email. In its broadest sense, every email sent to a potential or current customer could be considered email marketing. It involves using email to send advertisements, request business, or solicit sales or donations. The term usually refers to sending email messages with the purpose of enhancing a merchant's relationship with current or previous customers, encouraging customer loyalty and repeat business, acquiring new customers or convincing current customers to purchase something immediately, and sharing third-party ads.

Email authentication, or validation, is a collection of techniques aimed at providing verifiable information about the origin of email messages by validating the domain ownership of any message transfer agents (MTA) who participated in transferring and possibly modifying a message.

<span class="mw-page-title-main">Message submission agent</span>

A message submission agent (MSA), or mail submission agent, is a computer program or software agent that receives electronic mail messages from a mail user agent (MUA) and cooperates with a mail transfer agent (MTA) for delivery of the mail. It uses ESMTP, a variant of the Simple Mail Transfer Protocol (SMTP), as specified in RFC 6409.

Email harvesting or scraping is the process of obtaining lists of email addresses using various methods. Typically these are then used for bulk email or spam.

A challenge–response system is a type of that automatically sends a reply with a challenge to the (alleged) sender of an incoming e-mail. It was originally designed in 1997 by Stan Weatherby, and was called Email Verification. In this reply, the purported sender is asked to perform some action to assure delivery of the original message, which would otherwise not be delivered. The action to perform typically takes relatively little effort to do once, but great effort to perform in large numbers. This effectively filters out spammers. Challenge–response systems only need to send challenges to unknown senders. Senders that have previously performed the challenging action, or who have previously been sent e-mail(s) to, would be automatically receive a challenge.

MailChannels is a Canadian technology company that specializes in email security for businesses and internet service providers (ISPs). Founded in 2004 by Ken Simpson and headquartered in Vancouver, British Columbia, the company operates in email security and the infrastructure market. The business provides a products and services designed to safeguard email systems against spam, phishing, and other harmful content. They guarantee the dependable delivery of legitimate messages and offer a mail relay API for numerous websites.

<span class="mw-page-title-main">Outlook.com</span> Microsoft webmail service

Outlook.com, formerly Hotmail, is a free personal email service offered by Microsoft. This includes a webmail interface featuring mail, calendaring, contacts, and tasks services. Outlook can also be accessed via email clients using the IMAP or POP protocols.

Backscatter is incorrectly automated bounce messages sent by mail servers, typically as a side effect of incoming spam.

<span class="mw-page-title-main">Gmail interface</span>

The Gmail interface makes Gmail unique amongst webmail systems for several reasons. Most evident to users are its search-oriented features and means of managing e-mail in a "conversation view" that is similar to an Internet forum.

Email spammers have developed a variety of ways to deliver email spam throughout the years, such as mass-creating accounts on services such as Hotmail or using another person's network to send email spam. Many techniques to block, filter, or otherwise remove email spam from inboxes have been developed by internet users, system administrators and internet service providers. Due to this, email spammers have developed their own techniques to send email spam, which are listed below.

The X-Originating-IP email header field is a de facto standard for identifying the originating IP address of a client connecting to a mail service's HTTP frontend. When clients connect directly to a mail server, its address is already known to the server, but web frontends act as a proxy which internally connect to the mail server. This header can therefore serve to identify the original sender address despite the frontend.

EmailTray is a lightweight email client for the Microsoft Windows operating system. EmailTray was developed by Internet Promotion Agency S.A., a software development d.

<span class="mw-page-title-main">Microsoft account</span> User account required for Microsoft-owned services

A Microsoft account or MSA is a single sign-on personal user account for Microsoft customers to log in to consumer Microsoft services, devices running on one of Microsoft's current operating systems, and Microsoft application software.

SmartScreen is a cloud-based anti-phishing and anti-malware component included in several Microsoft products:

A mailbox provider, mail service provider or, somewhat improperly, email service provider is a provider of email hosting. It implements email servers to send, receive, accept, and store email for other organizations or end users, on their behalf.

References

  1. Saul Hansell Social network launches worldwide spam campaign The New York Times, 13 September 2007
  2. Cashmore, Pete (2 September 2007). "Are You Getting Quechup Spammed?". Social Media. Mashable . Retrieved 3 March 2010.
  3. Had an invite from Quechup? Jemima Kiss Digital Digest Monday 10 September 2007 GuardianUnlimited , retrieved 23 June 2008
  4. The Quechup Social Networking Platform: IDate Corporation Updates Quechup's Address Book Feature Archived 1 January 2008 at the Wayback Machine Press release, Newbury – Berks – UK – 18 September 2007
  5. Quetchup = Kvetchup Archived 14 October 2007 at the Wayback Machine Saturday, 1 September 2007 Digital Flotsam , Digitalflotsam.com.
  6. Privacy policy quechup.com, retrieved 10 September 2007
  7. Quechup And Mass Hysteria Archived 5 October 2007 at the Wayback Machine Chrishambly.com, 2 September 2007
  8. Do social network sites genuinely care about privacy? Charles Arthur The Guardian Thursday 13 September 2007, retrieved 13 September 2007
  9. Windows Live ID Delegated Authentication grants limited access to users data without providing passwords directly to a website.
  10. Lookup for Quechup.com SenderScore reputation database covering email senders
  11. The Sender ID Framework is an e-mail authentication technology Archived 11 December 2008 at the Wayback Machine – Microsoft Sender ID, retrieved 9 December 2008
  12. OAuth: Open Authentication Comes Closer to Reality Archived 11 October 2007 at the Wayback Machine O'Reilly Radar Tuesday 09.25.07
  13. Robert X. Cringely Oops, you just spilled Quechup on your pants Archived 12 December 2008 at the Wayback Machine , InfoWorld, 7 April 2008
This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.