Help! Being threatened with lawsuit!

[Miss Betsy]

Yes, it makes sense about the updates. Since I don't want the updates, even as experiment, I am going to take your word that they are confirmed subscription.

I don't understand how it explains this: "You then allow anyone logging into the new web site send email to the registered address which you have never take the time to validate. Those emails are actually sent from the SMTP server of the person actually sending the message, but you are the one providing the bogus email address to be used." Is that the 'product' being sold? - to get emails from strangers?

Miss Betsy

[dbiel]

To reply to Stan:

My main company website is greenwoodhealth.com

This whole episode has absolutly nothing to do with our main (Greenwood) site.

The email that generated the original false spam complaint was promoting an entirly different site.

The fact that we choose to permit individuals to purchase our products through the Greenwood site without verifying their email address is standard business practise.

You chose to identify greenwoodhealth.com as your main company website. It is true that this topic has nothing to do with greenwoodhealth.com other than the implied child relationship to the parent (main) web site.

It only seemed sensible to see how the main web site function to determine what if any underlying problem exist.

As you have stated, there are varing opinions regarding the MLM marketing model. Your does not appear to contain the misleading and unacceptable practices tied to man MLM schemes.

The only thing that does not make sense about yours (from what I have seen) is that you permit anyone to set up an MLM relationship with you via web contact only when all of the information provided by the user is bogus. Example: Invalid mailing address, bogus phone number, unvalidated email address (can be a totally invalid address. Based on that limited information you create a web site for that user using the registered name as an email link for anyone to click on.

Not a very sound business model from my point of view.

Back to the spam issue. At this time it must be said that you do NOT spam from your main web site. You just have a very bad policy of how you accept and process email addresses.

You do send out a confirmation email when a new member registers which contains only one minor flaw which can result in you being report as a spammer. The following tracking URL http://www.spamcop.net/sc?id=z982338669zb6...354a19d7bbf519z is a copy of the welcome letter I received. Please note that the reports were cancelled. This is just the simplest way of posting the information.

The minor defect is the lack of the following information near the top of the message

After acknowledging who the message was sent to should be a statement to the effect:

If you have received the message in error, we apologize for the inconvenience. This is a one time acknowledgement sent to the email address entered on our web site. Simply delete this message, no reply is required and no additional messages will be sent.

The next problem will your email address processing is the method use to permit users to change their address. You do require the use of a password to be able to change any personal information, including the email address. But you do not send any message to the email address on file that it has been changed.

Another very poor business practice. Any change in personal data should be confirmed with an email sent to the address you had on file prior to the change. Due to the insecurity of email the specific details of the change should not be included in the email message. But a method of how to contact you to report an unauthorized change should be included in that message.

So back the the original issue, your claim that you require confirmed opt-in is only partially true. Do do require it prior to adding the address to your mailing list - which is good. but you do not require it went setting up the initial relationship or when allowing changes to personal data.

[StevenUnderwood]

So back the the original issue, your claim that you require confirmed opt-in is only partially true. Do do require it prior to adding the address to your mailing list - which is good. but you do not require it went setting up the initial relationship or when allowing changes to personal data.

dbiel:

Keep an eye on the addresses receiving spam recently. The address I used (but never even completed the signup) to start testing this site got it's very first message today. It is possible gmail had a dictionary attack, but it is coincidental.

http://www.spamcop.net/sc?id=z983926792z6b...e328ede79dd450z

[dbiel]

So far I have not received any mail to the new discardable address I used when signing up with the exception of the initial registration message (the second time I signed up) and the emails that are generated when clicking on the user Name that appears of the web site they create for each new user.

Note: the first registration message was never received due to the fact that I miss typed the email address but it allowed me to change the address. It was strange that it allowed me to register a second new account using the same User Name and password but registering from a different IP address which they do track.

[Telarin]

So basically, I would say there would not be enough information to support any kind of action against the OP (even if there was basis to begin with). While not obviously nefarious, the websites in question do not track enough information to prove that the OP was definitely the party who signed up.

They maintain the IP address, which may or may not be traceable back to the person who entered the email address, depending on how long their ISP keeps DHCP logs (I've found most only keep this information for 15-30 days). However, they do not do email address verification to determine that the person signing up actually has control of the email address the entered.

Does that sound like a fair summary for the OP?

[dbiel]

Does that sound like a fair summary for the OP?

It sure does.

[Merlyn]

Does that sound like a fair summary for the OP?

Yes it does. Good job. It still looks like it all started with a carttoney!

[Multiglow]

So far I have not received any mail to the new discardable address I used when signing up with the exception of the initial registration message (the second time I signed up) and the emails that are generated when clicking on the user Name that appears of the web site they create for each new user.

Even if this had been a real enrolment in our company, you would never receive another email for us unless you had placed a product order.

The only emails that are sent automatically are order conformation / receipt notifications.

We have also deleated these test memberships today, which totally removes your details from our system. Well almost, as we do have our server logs tarred for 12 months.

This post ends my involvement in this discussion.

Take care everyone,

Stan.

PS: An earlier post suggested that we put a notification at the top of the original welcome email that is sent to our new customers / members advising them that if they have received the email as a result of their address being used incorrectly, it will be a one time mailing.

We are in the process of implemting that policy........so thanks for the tip, it make sense.