I had an email from a local Estate Agent with whom I've had dealings,
asking if I was still looking. Unfortunately the entire circulation
list of 460 email addresses was included by mistake.
Twice, a recall was attempted, but of course this doesn't work in most circumstances. And the recall messages also included the 460 addresses.
Then the agent apologised (without the inclusion) and said they were
seeking advice from the Information Commissioner's Office. Then a
further apology, saying the ICO advised that the Agents 'do not need to report the breach of data'.
Well, mistakes happen, move on. But under what circumstances would the
ICO get involved, and what could they do anyway?
I had an email from a local Estate Agent with whom I've had dealings,
asking if I was still looking. Unfortunately the entire circulation
list of 460 email addresses was included by mistake.
Twice, a recall was attempted, but of course this doesn't work in most circumstances. And the recall messages also included the 460 addresses.
Then the agent apologised (without the inclusion) and said they were
seeking advice from the Information Commissioner's Office. Then a
further apology, saying the ICO advised that the Agents 'do not need to report the breach of data'.
Well, mistakes happen, move on. But under what circumstances would the
ICO get involved, and what could they do anyway?
I had an email from a local Estate Agent with whom I've had dealings,
asking if I was still looking. Unfortunately the entire circulation
list of 460 email addresses was included by mistake.
Twice, a recall was attempted, but of course this doesn't work in most circumstances. And the recall messages also included the 460 addresses.
Then the agent apologised (without the inclusion) and said they were
seeking advice from the Information Commissioner's Office. Then a
further apology, saying the ICO advised that the Agents 'do not need to report the breach of data'.
Well, mistakes happen, move on. But under what circumstances would the
ICO get involved, and what could they do anyway?
On 14/12/2024 12:54, Clive Arthur wrote:
I had an email from a local Estate Agent with whom I've had dealings,
asking if I was still looking. Unfortunately the entire circulation
list of 460 email addresses was included by mistake.
Twice, a recall was attempted, but of course this doesn't work in most
circumstances. And the recall messages also included the 460 addresses.
Then the agent apologised (without the inclusion) and said they were
seeking advice from the Information Commissioner's Office. Then a
further apology, saying the ICO advised that the Agents 'do not need to
report the breach of data'.
Well, mistakes happen, move on. But under what circumstances would the
ICO get involved, and what could they do anyway?
There is a flow-chart for such breaches. (Sorry, I don't have an easily accessible copy to link with the post, but you can follow the rationale
using the ICO's Self-Assessment Tool for Data Breaches [^1]).
The path for this particular data breach is as follows:
Assumption: One or more of the e-mail addresses contains the name of a
living identified or identifiable individual (e.g. an e-mail address
similar to {firstname}{surname}@{domainname},
{firstname}@{surname}.{TLD}, etc.).
This is a "Personal Data Breach" (PDB) which is broadly defined as "a security incident that has affected the confidentiality, integrity or availability of personal data."
The "personal data" being the e-mail addresses of the recipients and the breach being that the confidentiality of that personal data has been compromised.
Twice, a recall was attempted, but of course this doesn't work in most circumstances. And the recall messages also included the 460 addresses.
On Sat, 14 Dec 2024 12:54:33 +0000, Clive Arthur wrote:
Twice, a recall was attempted, but of course this doesn't work in most
circumstances. And the recall messages also included the 460 addresses.
I've given up with people who believe this is a magic wand.
It only takes one hop in the process that doesn't honour the (optional) process of email recall and you are stuffed.
Similar for delivery and read receipts.
Many years ago when I worked in corporate culture, I set my Outlook up to preview mails in the preview pane. This prevented emails from being
recalled (although to be fair the sender was informed of the failure).
Usually this merely led to amusing sentences being rewritten. But on at
least one occasion it was an accidental "sent to all" email with *very* sensitive information. Most recipients were unaware. But I wasn't.
On 14/12/2024 12:54, Clive Arthur wrote:
I had an email from a local Estate Agent with whom I've had dealings,This happens all the time, I'm afraid, so you can see why the ICO CBA.
asking if I was still looking. Unfortunately the entire circulation
list of 460 email addresses was included by mistake.
Twice, a recall was attempted, but of course this doesn't work in most
circumstances. And the recall messages also included the 460
addresses.
Then the agent apologised (without the inclusion) and said they were
seeking advice from the Information Commissioner's Office. Then a
further apology, saying the ICO advised that the Agents 'do not need to
report the breach of data'.
Well, mistakes happen, move on. But under what circumstances would the
ICO get involved, and what could they do anyway?
On 14/12/2024 14:42, Roger Hayter wrote:
On 14 Dec 2024 at 14:29:23 GMT, "Simon Parker" <simonparkerulm@gmail.com>
wrote:
On 14/12/2024 12:54, Clive Arthur wrote:snip
I had an email from a local Estate Agent with whom I've had dealings,
asking if I was still looking. Unfortunately the entire circulation
list of 460 email addresses was included by mistake.
Twice, a recall was attempted, but of course this doesn't work in most >>>> circumstances. And the recall messages also included the 460 addresses. >>>>
Then the agent apologised (without the inclusion) and said they were
seeking advice from the Information Commissioner's Office. Then a
further apology, saying the ICO advised that the Agents 'do not need to >>>> report the breach of data'.
Well, mistakes happen, move on. But under what circumstances would the >>>> ICO get involved, and what could they do anyway?
There is a flow-chart for such breaches. (Sorry, I don't have an easily >>> accessible copy to link with the post, but you can follow the rationale
using the ICO's Self-Assessment Tool for Data Breaches [^1]).
The path for this particular data breach is as follows:
Assumption: One or more of the e-mail addresses contains the name of a
living identified or identifiable individual (e.g. an e-mail address
similar to {firstname}{surname}@{domainname},
{firstname}@{surname}.{TLD}, etc.).
This is a "Personal Data Breach" (PDB) which is broadly defined as "a
security incident that has affected the confidentiality, integrity or
availability of personal data."
The "personal data" being the e-mail addresses of the recipients and the >>> breach being that the confidentiality of that personal data has been
compromised.
Surely the personal data includes the fact that they are on that particular >> email list, so, for instance, lists concerned with health or criminal justice
may be much more serious breaches?
The assessment you have detailed above would be part of the analysis of
the two points that followed in my PP (namely, the severity and
potential or actual impact on the individuals as a result of the breach
and the risk to individuals' rights and freedoms as a result of the breach).
Others in the locality learning that one is considering purchasing a
property is not likely to be considered to have a severe impact on the individuals concerned. However, the impact on the individuals concerned
of others learning that they suffer with a particular health condition
or are being dealt with by the criminal justice system would likely
result in a different conclusion as to the impact of the breach would
would similarly affect whether it ought to be reported.
As I said in my PP, even if the initial assessment is that the matter
does not need to be reported to the ICO at present, this assessment may change in light of events following the breach.
Regards
S.P.
Some mail clients are particularly stupid about not querying an attempt
to send an email CC'd to all and sundry rather than BCC which should
IMHO be the (safe) default.
On 14/12/2024 12:54, Clive Arthur wrote:breach-assessment/
I had an email from a local Estate Agent with whom I've had dealings,
asking if I was still looking. Unfortunately the entire circulation
list of 460 email addresses was included by mistake.
Twice, a recall was attempted, but of course this doesn't work in most
circumstances. And the recall messages also included the 460
addresses.
Then the agent apologised (without the inclusion) and said they were
seeking advice from the Information Commissioner's Office. Then a
further apology, saying the ICO advised that the Agents 'do not need to
report the breach of data'.
Well, mistakes happen, move on. But under what circumstances would the
ICO get involved, and what could they do anyway?
There is a flow-chart for such breaches. (Sorry, I don't have an easily accessible copy to link with the post, but you can follow the rationale
using the ICO's Self-Assessment Tool for Data Breaches [^1]).
The path for this particular data breach is as follows:
Assumption: One or more of the e-mail addresses contains the name of a
living identified or identifiable individual (e.g. an e-mail address
similar to {firstname}{surname}@{domainname},
{firstname}@{surname}.{TLD}, etc.).
This is a "Personal Data Breach" (PDB) which is broadly defined as "a security incident that has affected the confidentiality, integrity or availability of personal data."
The "personal data" being the e-mail addresses of the recipients and the breach being that the confidentiality of that personal data has been compromised.
The severity and potential or actual impact on the individuals as a
result of the breach is low and the likelihood of this occurring is low meaning the breach is not likely to be a high risk to individuals'
rights and freedoms. [^2]
Similarly, it is unlikely that the breach will result in a risk to individuals. [^2]
As the breach does not present a high risk to individuals' rights and freedoms and is unlikely to result in a risk to individuals, there is no requirement to notify the ICO, but the data controller should keep an internal record of the breach (as detailed in Article 35(5) of the
GDPR), including what happened, the effects of the breach and remedial
action taken along with a note of how and why these decisions were
arrived at.
Should new information which affects the circumstances of the breach
come to light, (e.g. if one of the data subjects informs the data
controller that they have been contacted by someone as a result of the breach), the data controller should reassess the risk and determine if
it has become reportable at that point.
Regards
S.P.
[^1]
https://ico.org.uk/for-organisations/report-a-breach/personal-data-
[^2] In assessing this, "This risk exists when the breach may lead to physical, material or non-material damage for the individuals whose data
have been breached." [^3])
[^3] From the Article 29 Working Party [^4]
[^4]
https://ec.europa.eu/newsroom/article29/item-detail.cfm?item_id=612052
On 14 Dec 2024 at 14:46:37 GMT, "Jethro_uk" <jethro_uk@hotmailbin.com>
wrote:
On Sat, 14 Dec 2024 12:54:33 +0000, Clive Arthur wrote:
Twice, a recall was attempted, but of course this doesn't work in most
circumstances. And the recall messages also included the 460
addresses.
I've given up with people who believe this is a magic wand.
It only takes one hop in the process that doesn't honour the (optional)
process of email recall and you are stuffed.
Similar for delivery and read receipts.
Many years ago when I worked in corporate culture, I set my Outlook up
to preview mails in the preview pane. This prevented emails from being
recalled (although to be fair the sender was informed of the failure).
Usually this merely led to amusing sentences being rewritten. But on at
least one occasion it was an accidental "sent to all" email with *very*
sensitive information. Most recipients were unaware. But I wasn't.
When you talk about one hop not "honouring" the process, surely it only
works at all if all parties' email is part of the Microsoft mail system?
It doesn't seem to be part of any open source email server I've casually looked at. Is it part of any universal email standards?
On Sat, 14 Dec 2024 14:08:39 +0000, Martin Brown wrote:
Some mail clients are particularly stupid about not querying an attempt
to send an email CC'd to all and sundry rather than BCC which should
IMHO be the (safe) default.
Why can't the server do it ?
On Sat, 14 Dec 2024 15:51:57 -0000 (UTC), Jethro_uk <jethro_uk@hotmailbin.com> wrote:
On Sat, 14 Dec 2024 14:08:39 +0000, Martin Brown wrote:
Some mail clients are particularly stupid about not querying an attempt
to send an email CC'd to all and sundry rather than BCC which should
IMHO be the (safe) default.
Why can't the server do it ?
Because in order to do so, the server would first need to accept the mail, read the headers, and then reject it on the basis that it's over-cc'd. But then the client would need to be able to understand that rejection and present an appropriate message to the user. If the client is programmed to
do that, then it might as well check the headers itself.
Also, if the server was to reject a message with too many addresses in the cc, then there would need to be some way to instruct it to ignore that if
you really did want to cc a lot of people. And that, too, would require a client-side change. So, again, it's better off all being done client side.
Mark
On Sat, 14 Dec 2024 14:51:26 +0000, Roger Hayter wrote:
On 14 Dec 2024 at 14:46:37 GMT, "Jethro_uk" <jethro_uk@hotmailbin.com>
wrote:
On Sat, 14 Dec 2024 12:54:33 +0000, Clive Arthur wrote:
Twice, a recall was attempted, but of course this doesn't work in most >>>> circumstances. And the recall messages also included the 460
addresses.
I've given up with people who believe this is a magic wand.
It only takes one hop in the process that doesn't honour the (optional)
process of email recall and you are stuffed.
Similar for delivery and read receipts.
Many years ago when I worked in corporate culture, I set my Outlook up
to preview mails in the preview pane. This prevented emails from being
recalled (although to be fair the sender was informed of the failure).
Usually this merely led to amusing sentences being rewritten. But on at
least one occasion it was an accidental "sent to all" email with *very*
sensitive information. Most recipients were unaware. But I wasn't.
When you talk about one hop not "honouring" the process, surely it only
works at all if all parties' email is part of the Microsoft mail system?
It doesn't seem to be part of any open source email server I've casually
looked at. Is it part of any universal email standards?
It's an extension and so can be ignored without breaking any RFC
standards.
A lot of people (even techs) mistake "Microsoft does it" as some sort of industry standard, when usually the reverse is true.
I once had the pleasure of highlighting a senior developers incompetence
as they decided that email addresses couldn't have apostrophes. Which any fool who has read the RFC(5322) would know is incorrect. It wouldn't have mattered, but when Lord O'Grady can't register their £5mill portfolio
with the software you supplied, it becomes a very hot issue immediately.
The sort of issue that needs a fix within hours.
On 14 Dec 2024 at 17:46:09 GMT, "Mark Goodge" ><usenet@listmail.good-stuff.co.uk> wrote:
Because in order to do so, the server would first need to accept the mail, >> read the headers, and then reject it on the basis that it's over-cc'd. But >> then the client would need to be able to understand that rejection and
present an appropriate message to the user. If the client is programmed to >> do that, then it might as well check the headers itself.
Also, if the server was to reject a message with too many addresses in the >> cc, then there would need to be some way to instruct it to ignore that if
you really did want to cc a lot of people. And that, too, would require a
client-side change. So, again, it's better off all being done client side.
An in-house Microsoft-style interactive client-server arrangement ought to be >able to do it as a matter of policy, don't know if it can easily be set to do >so.
On 14/12/2024 12:54, Clive Arthur wrote:
I had an email from a local Estate Agent with whom I've had dealings, >>asking if I was still looking. Unfortunately the entire circulation
list of 460 email addresses was included by mistake.
Twice, a recall was attempted, but of course this doesn't work in
most circumstances. And the recall messages also included the 460 >>addresses.
Then the agent apologised (without the inclusion) and said they were >>seeking advice from the Information Commissioner's Office. Then a
further apology, saying the ICO advised that the Agents 'do not need
to report the breach of data'.
Well, mistakes happen, move on. But under what circumstances would
the ICO get involved, and what could they do anyway?
The ICO are worse than useless. Much like (In)Action Fraud.
Some mail clients are particularly stupid about not querying an attempt
to send an email CC'd to all and sundry rather than BCC which should
IMHO be the (safe) default.
It drives me crazy when CC circulated emails to larger groups come back >quoted in full several times and sent to all on the list with a "+1" or
"I agree" added at the bottom. YMMV
Funniest one was when the police neighbourhood watch coordinator for my
area was making exactly the same mistake (way back when email for most >ordinary consumers was newish).
On 14 Dec 2024 at 17:01:58 GMT, "Jethro_uk" <jethro_uk@hotmailbin.com>
wrote:
On Sat, 14 Dec 2024 14:51:26 +0000, Roger Hayter wrote:
On 14 Dec 2024 at 14:46:37 GMT, "Jethro_uk" <jethro_uk@hotmailbin.com>
wrote:
On Sat, 14 Dec 2024 12:54:33 +0000, Clive Arthur wrote:
Twice, a recall was attempted, but of course this doesn't work in
most circumstances. And the recall messages also included the 460
addresses.
I've given up with people who believe this is a magic wand.
It only takes one hop in the process that doesn't honour the
(optional)
process of email recall and you are stuffed.
Similar for delivery and read receipts.
Many years ago when I worked in corporate culture, I set my Outlook
up to preview mails in the preview pane. This prevented emails from
being recalled (although to be fair the sender was informed of the
failure).
Usually this merely led to amusing sentences being rewritten. But on
at least one occasion it was an accidental "sent to all" email with
*very*
sensitive information. Most recipients were unaware. But I wasn't.
When you talk about one hop not "honouring" the process, surely it
only works at all if all parties' email is part of the Microsoft mail
system?
It doesn't seem to be part of any open source email server I've
casually looked at. Is it part of any universal email standards?
It's an extension and so can be ignored without breaking any RFC
standards.
A lot of people (even techs) mistake "Microsoft does it" as some sort
of industry standard, when usually the reverse is true.
I once had the pleasure of highlighting a senior developers
incompetence as they decided that email addresses couldn't have
apostrophes. Which any fool who has read the RFC(5322) would know is
incorrect. It wouldn't have mattered, but when Lord O'Grady can't
register their £5mill portfolio with the software you supplied, it
becomes a very hot issue immediately. The sort of issue that needs a
fix within hours.
Quite a lot of Internet forms won't accept an email username consisting
of one letter. They have no obvious basis for refusing to. My late wife preferred her one letter username.
On 14 Dec 2024 at 17:01:58 GMT, "Jethro_uk" <jethro_uk@hotmailbin.com> wrote:
On Sat, 14 Dec 2024 14:51:26 +0000, Roger Hayter wrote:
On 14 Dec 2024 at 14:46:37 GMT, "Jethro_uk" <jethro_uk@hotmailbin.com>
wrote:
On Sat, 14 Dec 2024 12:54:33 +0000, Clive Arthur wrote:
Twice, a recall was attempted, but of course this doesn't work in most >>>>> circumstances. And the recall messages also included the 460
addresses.
I've given up with people who believe this is a magic wand.
It only takes one hop in the process that doesn't honour the (optional) >>>> process of email recall and you are stuffed.
Similar for delivery and read receipts.
Many years ago when I worked in corporate culture, I set my Outlook up >>>> to preview mails in the preview pane. This prevented emails from being >>>> recalled (although to be fair the sender was informed of the failure). >>>>
Usually this merely led to amusing sentences being rewritten. But on at >>>> least one occasion it was an accidental "sent to all" email with *very* >>>> sensitive information. Most recipients were unaware. But I wasn't.
When you talk about one hop not "honouring" the process, surely it only
works at all if all parties' email is part of the Microsoft mail system? >>> It doesn't seem to be part of any open source email server I've casually >>> looked at. Is it part of any universal email standards?
It's an extension and so can be ignored without breaking any RFC
standards.
A lot of people (even techs) mistake "Microsoft does it" as some sort of
industry standard, when usually the reverse is true.
I once had the pleasure of highlighting a senior developers incompetence
as they decided that email addresses couldn't have apostrophes. Which any
fool who has read the RFC(5322) would know is incorrect. It wouldn't have
mattered, but when Lord O'Grady can't register their £5mill portfolio
with the software you supplied, it becomes a very hot issue immediately.
The sort of issue that needs a fix within hours.
Quite a lot of Internet forms won't accept an email username consisting of one >letter. They have no obvious basis for refusing to. My late wife preferred her >one letter username.
Quite a lot of Internet forms won't accept an email username consisting of one
letter. They have no obvious basis for refusing to. My late wife preferred her
one letter username.
I did, once, have an email address that was only six characters long in
total - one character in the username and four in the domain.
On 14 Dec 2024 18:52:51 GMT, Roger Hayter <roger@hayter.org> wrote:
On 14 Dec 2024 at 17:01:58 GMT, "Jethro_uk" <jethro_uk@hotmailbin.com> wrote:
On Sat, 14 Dec 2024 14:51:26 +0000, Roger Hayter wrote:
On 14 Dec 2024 at 14:46:37 GMT, "Jethro_uk" <jethro_uk@hotmailbin.com> >>>> wrote:
On Sat, 14 Dec 2024 12:54:33 +0000, Clive Arthur wrote:
Twice, a recall was attempted, but of course this doesn't work in most >>>>>> circumstances. And the recall messages also included the 460
addresses.
I've given up with people who believe this is a magic wand.
It only takes one hop in the process that doesn't honour the (optional) >>>>> process of email recall and you are stuffed.
Similar for delivery and read receipts.
Many years ago when I worked in corporate culture, I set my Outlook up >>>>> to preview mails in the preview pane. This prevented emails from being >>>>> recalled (although to be fair the sender was informed of the failure). >>>>>
Usually this merely led to amusing sentences being rewritten. But on at >>>>> least one occasion it was an accidental "sent to all" email with *very* >>>>> sensitive information. Most recipients were unaware. But I wasn't.
When you talk about one hop not "honouring" the process, surely it only >>>> works at all if all parties' email is part of the Microsoft mail system? >>>> It doesn't seem to be part of any open source email server I've casually >>>> looked at. Is it part of any universal email standards?
It's an extension and so can be ignored without breaking any RFC
standards.
A lot of people (even techs) mistake "Microsoft does it" as some sort of >>> industry standard, when usually the reverse is true.
I once had the pleasure of highlighting a senior developers incompetence >>> as they decided that email addresses couldn't have apostrophes. Which any >>> fool who has read the RFC(5322) would know is incorrect. It wouldn't have >>> mattered, but when Lord O'Grady can't register their £5mill portfolio
with the software you supplied, it becomes a very hot issue immediately. >>> The sort of issue that needs a fix within hours.
Quite a lot of Internet forms won't accept an email username consisting of one
letter. They have no obvious basis for refusing to. My late wife preferred her
one letter username.
I did, once, have an email address that was only six characters long in
total - one character in the username and four in the domain.
Mark
In message <vjk3ha$1a7j$1@dont-email.me>, at 14:08:39 on Sat, 14 Dec
2024, Martin Brown <'''newspam'''@nonad.co.uk> remarked:
On 14/12/2024 12:54, Clive Arthur wrote:
I had an email from a local Estate Agent with whom I've had dealings,
asking if I was still looking. Unfortunately the entire circulation
list of 460 email addresses was included by mistake.
 Twice, a recall was attempted, but of course this doesn't work in
most circumstances. And the recall messages also included the 460
addresses.
 Then the agent apologised (without the inclusion) and said they were
seeking advice from the Information Commissioner's Office. Then a
further apology, saying the ICO advised that the Agents 'do not need
to report the breach of data'.
 Well, mistakes happen, move on. But under what circumstances would
the ICO get involved, and what could they do anyway?
The ICO are worse than useless. Much like (In)Action Fraud.
That's only because Action Fraud don't properly explain what their
function is, and therefore people assume their function is something different.
Some mail clients are particularly stupid about not querying an
attempt to send an email CC'd to all and sundry rather than BCC which
should IMHO be the (safe) default.
Unfortunately, lots of email systems have somewhat broken anti-spam
measures which result in bcc'd messages being dropped. As a sender, it's
a virtually guaranteed way to ensure only a few of them are actually delivered.
On 14 Dec 2024 18:52:51 GMT, Roger Hayter <roger@hayter.org> wrote:
On 14 Dec 2024 at 17:01:58 GMT, "Jethro_uk" <jethro_uk@hotmailbin.com> wrote: >>
On Sat, 14 Dec 2024 14:51:26 +0000, Roger Hayter wrote:
On 14 Dec 2024 at 14:46:37 GMT, "Jethro_uk" <jethro_uk@hotmailbin.com> >>>> wrote:
On Sat, 14 Dec 2024 12:54:33 +0000, Clive Arthur wrote:
Twice, a recall was attempted, but of course this doesn't work in most >>>>>> circumstances. And the recall messages also included the 460
addresses.
I've given up with people who believe this is a magic wand.
It only takes one hop in the process that doesn't honour the (optional) >>>>> process of email recall and you are stuffed.
Similar for delivery and read receipts.
Many years ago when I worked in corporate culture, I set my Outlook up >>>>> to preview mails in the preview pane. This prevented emails from being >>>>> recalled (although to be fair the sender was informed of the failure). >>>>>
Usually this merely led to amusing sentences being rewritten. But on at >>>>> least one occasion it was an accidental "sent to all" email with *very* >>>>> sensitive information. Most recipients were unaware. But I wasn't.
When you talk about one hop not "honouring" the process, surely it only >>>> works at all if all parties' email is part of the Microsoft mail system? >>>> It doesn't seem to be part of any open source email server I've casually >>>> looked at. Is it part of any universal email standards?
It's an extension and so can be ignored without breaking any RFC
standards.
A lot of people (even techs) mistake "Microsoft does it" as some sort of >>> industry standard, when usually the reverse is true.
I once had the pleasure of highlighting a senior developers incompetence >>> as they decided that email addresses couldn't have apostrophes. Which any >>> fool who has read the RFC(5322) would know is incorrect. It wouldn't have >>> mattered, but when Lord O'Grady can't register their £5mill portfolio
with the software you supplied, it becomes a very hot issue immediately. >>> The sort of issue that needs a fix within hours.
Quite a lot of Internet forms won't accept an email username consisting of one
letter. They have no obvious basis for refusing to. My late wife preferred her
one letter username.
I did, once, have an email address that was only six characters long in
total - one character in the username and four in the domain.
While we are on the subject, why do people write address forms that
won't work without a street name, when the postcode database has many
such addresses? And if they work from the postcode database then proceed
to mangle the address?
While we are on the subject, why do people write address forms that
won't work without a street name, when the postcode database has many
such addresses? And if they work from the postcode database then
proceed to mangle the address?
On 14/12/2024 12:54, Clive Arthur wrote:
I had an email from a local Estate Agent with whom I've had dealings,
asking if I was still looking. Unfortunately the entire circulation
list of 460 email addresses was included by mistake.
Twice, a recall was attempted, but of course this doesn't work in most
circumstances. And the recall messages also included the 460 addresses.
Then the agent apologised (without the inclusion) and said they were
seeking advice from the Information Commissioner's Office. Then a
further apology, saying the ICO advised that the Agents 'do not need
to report the breach of data'.
Well, mistakes happen, move on. But under what circumstances would
the ICO get involved, and what could they do anyway?
The ICO are worse than useless. Much like (In)Action Fraud.
Some mail clients are particularly stupid about not querying an attempt
to send an email CC'd to all and sundry rather than BCC which should
IMHO be the (safe) default. It drives me crazy when CC circulated emails
to larger groups come back quoted in full several times and sent to all
on the list with a "+1" or "I agree" added at the bottom. YMMV
Funniest one was when the police neighbourhood watch coordinator for my
area was making exactly the same mistake (way back when email for most ordinary consumers was newish).
On 2024-12-15, Mark Goodge <usenet@listmail.good-stuff.co.uk> wrote:
I did, once, have an email address that was only six characters long in
total - one character in the username and four in the domain.
Why so long and verbose?
On 15/12/2024 10:08, Roland Perry wrote:
In message <vjk3ha$1a7j$1@dont-email.me>, at 14:08:39 on Sat, 14 Dec
2024, Martin Brown <'''newspam'''@nonad.co.uk> remarked:
On 14/12/2024 12:54, Clive Arthur wrote:
I had an email from a local Estate Agent with whom I've had
dealings, asking if I was still looking. Unfortunately the entire >>>>circulation list of 460 email addresses was included by mistake.
Twice, a recall was attempted, but of course this doesn't work in >>>>most circumstances. And the recall messages also included the 460 >>>>addresses.
Then the agent apologised (without the inclusion) and said they
were seeking advice from the Information Commissioner's Office.
Then a further apology, saying the ICO advised that the Agents 'do
not need to report the breach of data'.
Well, mistakes happen, move on. But under what circumstances
would the ICO get involved, and what could they do anyway?
The ICO are worse than useless. Much like (In)Action Fraud.
That's only because Action Fraud don't properly explain what their >>function is, and therefore people assume their function is something >>different.
They might as well be called "bitbin for the great unwashed".
Some mail clients are particularly stupid about not querying anUnfortunately, lots of email systems have somewhat broken anti-spam >>measures which result in bcc'd messages being dropped. As a sender,
attempt to send an email CC'd to all and sundry rather than BCC which >>>should IMHO be the (safe) default.
it's a virtually guaranteed way to ensure only a few of them are
actually delivered.
But that is an argument for fixing broken antispam measures.
At this time of year they cause endless chaos for accountants chasing
in info from their clients some of whom have seriously broken SPF
records and so traffic in one or both directions is silently dropped on
the floor.
No I haven't had your reply/seen you urgent email. etc.
In message <vjn2sa$lps0$1@dont-email.me>, at 17:15:52 on Sun, 15 Dec
2024, Martin Brown <'''newspam'''@nonad.co.uk> remarked:
On 15/12/2024 10:08, Roland Perry wrote:
In message <vjk3ha$1a7j$1@dont-email.me>, at 14:08:39 on Sat, 14 Dec
2024, Martin Brown <'''newspam'''@nonad.co.uk> remarked:
Some mail clients are particularly stupid about not querying an Unfortunately, lots of email systems have somewhat broken anti-spam
attempt to send an email CC'd to all and sundry rather than BCC
which should IMHO be the (safe) default.
measures which result in bcc'd messages being dropped. As a sender,
it's a virtually guaranteed way to ensure only a few of them are
actually delivered.
But that is an argument for fixing broken antispam measures.
No-one has a big enough finger to stick in that hole in the dyke.
At this time of year they cause endless chaos for accountants chasing
in info from their clients some of whom have seriously broken SPF
records and so traffic in one or both directions is silently dropped
on the floor.
No I haven't had your reply/seen you urgent email. etc.
Especially if the accountants are using gmail, which I would thoroughly recommend they don't. Not just the over-active spam filters, but the threading of the user interface is *appalling*.
On 16/12/2024 15:43, Roland Perry wrote:
In message <vjn2sa$lps0$1@dont-email.me>, at 17:15:52 on Sun, 15 Dec
2024, Martin Brown <'''newspam'''@nonad.co.uk> remarked:
On 15/12/2024 10:08, Roland Perry wrote:
In message <vjk3ha$1a7j$1@dont-email.me>, at 14:08:39 on Sat, 14
Dec 2024, Martin Brown <'''newspam'''@nonad.co.uk> remarked:
Some mail clients are particularly stupid about not querying an >>>>>attempt to send an email CC'd to all and sundry rather than BCC
which should IMHO be the (safe) default.
No-one has a big enough finger to stick in that hole in the dyke.Unfortunately, lots of email systems have somewhat broken
anti-spam measures which result in bcc'd messages being dropped. As
a sender, it's a virtually guaranteed way to ensure only a few of >>>>them are actually delivered.
But that is an argument for fixing broken antispam measures.
At this time of year they cause endless chaos for accountants
chasing in info from their clients some of whom have seriously
broken SPF records and so traffic in one or both directions is
silently dropped on the floor.
No I haven't had your reply/seen you urgent email. etc.
Especially if the accountants are using gmail, which I would
thoroughly recommend they don't. Not just the over-active spam
filters, but the threading of the user interface is *appalling*.
The accountants *are* using properly compliant software it is the mom &
pop small local businesses that make and sell things using gmail. They
simply don't understand IT at all - they expect it to just work and be
free. (much more of a problem now that most correspondence is by email)
| Sysop: | Keyop |
|---|---|
| Location: | Huddersfield, West Yorkshire, UK |
| Users: | 497 |
| Nodes: | 16 (3 / 13) |
| Uptime: | 29:47:14 |
| Calls: | 9,797 |
| Calls today: | 16 |
| Files: | 13,749 |
| Messages: | 6,188,690 |