| FOR IMMEDIATE
RELEASE
Email Database Security Audit
Reveals Widespread Risk to Online Corporations:
93% Vulnerable To Hackers, FTC Fines
TUCSON, Ariz – (July 8, 2004) - Online
corporations are widely vulnerable to the potential
of having their in-house email databases destroyed
by simple hacker scripts, says a new study.
Authored by permission email marketing developer
Mike Adams, president of Arial Software, the study
covertly audited the email subscription process
handling of 1,057 prominent online organizations
(including many Fortune 500 firms) and found that
93% are vulnerable to hacker attacks that would
pollute or destroy the integrity of their in-house
email databases.
The study, titled "2004 B2C CAN-SPAM
Compliance Audit" cites security risk
concerns stemming from the failure of online organizations
to engage in a practice called "double-confirm
email processing," meaning that when end
users subscribe to an email newsletter, they are
sent a confirmation email containing a unique
hyperlink that must be clicked to confirm their
subscription. Only 7% of online organizations
use double-confirm processing, according to the
study.
The other 93% are vulnerable to hacker attacks
that can pollute or destroy the integrity of their
in-house permission email databases. Because they
don't confirm email subscriptions, a hacker could
easily write a script that generates and posts
the entire dictionary of names and email domains
to the databases of these organizations. The next
time one of these targeted organizations sends
out an email newsletter, they will effectively
be spamming hundreds of thousands of end users
with unsolicited email. In response to such widespread
spamming, the Federal Trade Commission (FTC) could
justifiably fine these companies hundreds of thousands
of dollars for violating the federal CAN-SPAM
Act.
Even some of the largest Fortune 500 firms remain
vulnerable. Study author Mike Adams subscribed
BillGates@microsoft.com to Coca-Cola's email alert
list, with no questions asked. "A malicious
script could theoretically fill Coca-Cola's database
with ten million spam emails purchased off a $99
spam CD," explains Adams. "For sending
an email message to this list, Coca-Cola's liability
could amount to millions of dollars in fines."
Even more alarming, when the bounty hunter provisions
of the CAN-SPAM Act are put into place, every
end user who receives an unsolicited email from
such circumstances could demand a cash settlement,
creating a legal and financial nightmare for firms
caught in the act.
Yet tools are readily available that automate
and simplify the double confirm subscription process.
Zeop (www.Zeop.com) offers a tool that works on
any website and costs nothing. Other tools are
detailed in the report.
The complete "2004 B2C CAN-SPAM Compliance
Audit" is available for viewing or downloading
at http://www.ArialSoftware.com
###
About Arial Software
Founded in 1993, Arial Software is widely considered
the leading industry pioneer in permission email
marketing software. The company’s products
are used by thousands of businesses, non-profits,
associations and other groups to compose and send
email newsletters and personalized messages directly
to subscribers, customers, prospects and members.
Contact: Steve Delgado, Media Relations, 1-520-615-1954,
ext. 15. |
