I today received a mail from a well-known opt-in massmailer company (that sells your email address faster than you can blink with your eyes). It contained a ‘remove me from newsletter’ link in the following format:
http://www.xxxnameofcompanyxxx.com/index.php3?url=mailoff_m.php3&b_id=3963990
and I couldn’t believe it: incrementing or decrementing the ‘b_id’ parameter and pressing the ‘Remove’ button reveils the email addresses and usernames of more than 4.000.000 newsletter subscribers. Including mine.
What to do now? Contact them? contact the press? Any hints?
[update:] I sent them a mail and they modified their script and stop showing the email address. the username is still shown and it is still possible to remove everyone from the newsletter.
This work, unless otherwise expressly stated, is licensed under a Creative Commons Attribution-Share Alike 3.0 Unported License.
Happy ham remover
Tim wrote about How to not be removed from a newsletter. I just searched for mailoff_m.php3 and found points24.com. According to Tim they have 4.000.000 subscribers. More or less willingly, if you read this thread (including unwillingly Tim). So he is …