I was briefly registered at Randstad in Belfast when I was looking for work, so I wasn’t surprised when I got this email today in my Gmail inbox:

Nothing wrong with that message, right? A mass mailing to their whole email database, that sounds like a good idea on the surface. What better way to get a good response than to blast it out to all your contacts?

But look a little closer…. That link at the top saying ’show details’, where in Gmail you can see to what email addresses the message was sent….

Surely a professional organisation like Randstad wouldn’t just put all email addresses of a mass mailing in the To: field? Surely they’d use BCC or an email marketing system?

Wrong:

All addresses were put in the To: field. The image above is just a tiny sample. There are no less than 1273 email addresses right there, visible for all recipients.

One of those 1200 recipients, someone greedy and web savvy, could easily sell that list to spammers for a few bucks. Or if any of those 1200 recipients has a virus or malware program running on their PC that harvests email addresses for spammers, all those addresses are going to end up on spam lists around the world in no time.

So what have we learned today, kids? That’s right, never use the To: field when sending out mass emails.

P.S. anyone want to buy a good list of 1200 email addresses?