Page 1 of 2 12 LastLast
Results 1 to 10 of 12
  1. #1
    Junior Member
    Join Date
    Oct 2011
    Posts
    7

    Default Advertising via Infusionmail/Infusionsoft

    Hi Westhost,

    I recently received what I think is the second instance of a "appears to be arranged by and sent on behalf of Westhost" advertising related email from a host in the infusionmail.com domain and which had links to and HTML images pulled from Infusionsoft.com. It was sent to one of my most private "only extremely rarely given out so as to remain zero spam" email addresses that I gave to you for account related correspondence. This email had a subject of "7 days left to protect your brand from .XXX". The From field jives with a young Westhost Brand Manager. I'm posting here rather than privately emailing him because this appears to be an instance of a somewhat wider issue... and threat... that I care about and think worthy of a post. Hopefully it will be taken, by all, as an attempt at constructive comment.

    One aspect to this issue is the opt-in vs opt-out nature of non-essential, for secondary purposes type email from a company such as yours to its clients. I can't remember what options were presented to me when I signed up (over a decade ago) and I'd have to go fishing to see if there is a way to log into an account page to check and adjust my email preferences. Asking upfront, providing an interface to make changes, and providing a link to a Westhost-hosted opt-out page would seem desirable. The opt-out link in this email looks user-specific and takes you to an Infusionsoft page. I for one would rather have no contact with, let alone confirm a working email address to, such an entity. Having touched upon that, the main point of this message...

    In this case it appears that a (well protected/private) email address I gave to you ended up in the hands of, and used by, a third party (Infusionsoft) marketing/CRM firm. Like millions of other Internet users, I have been burned by that type of sharing before. Where it wasn't the company I trusted with my email address but rather the third-party marketing/CRM firm they chose to use that leaked my email address, etc. Epsilon being but one recent, higher profile example of this type of thing. When an email address is shared with such a third-party it generally increases the attack vectors and puts personal information at greater risk. They are high-profile targets. It also often, depending on the specific circumstances, puts one's privacy at greater risk for these marketing/CRM firms technically gain awareness of and sometimes other visibility into one's relationship with numerous companies.

    I suppose you would like to focus on your core business rather than developing secondary solutions. However, you are in the hosting and email business and I very strongly suspect you could very easily carry out a mass mailing on your own! We trust our hosting to you, our email to you, and by extension in some cases client information to you. It would nice if you made every effort to earn and protect that trust including avoiding/eliminating unnecessary client information sharing with third party companies. I think, at least.

    So having shared my point of view, I hope you will consider it and I'll watch the thread to see what the comments are. Thanks for everyone's time.

  2. #2

    Default

    Hi, thanks for the comments on the recent email message we sent out. I can assure you this email was 100% from us, sent by us (I personally hit send) and that your email address has not been sold/given/leaked to any person or any company. Infusionsoft simply provides a Software as a Service (Saas) solution that we started to use to send messages to our clients. No one at Infusionsoft sends emails for us or helps us do so in anyway. We decide what we send or don't send; end of story.

    I am sorry this came at a surprise to you and hope your excuse our dust, figuratively speaking, while we move forward with better emails.

    For the last couple years we've used a different SaaS email provider and sent you and all other clients many messages through them. Recently found that Infusionsoft helped us managed things much more efficiently with better subscription options (like you mentioned and we will be setting up) and other features that help us protect your privacy, permissions and messages.
    Jake Neeley
    Social Media Manager | WestHost

  3. #3
    Junior Member
    Join Date
    Oct 2011
    Posts
    7

    Default

    Hi Mr. Neeley, thank you for the reply. Judging from the email headers (redacted)...
    Code:
    Return-Path: mailer@infusionmail.com
    Received: from mta-c-24-43.infusionmail.com ([208.76.24.43])
    	by XXXXXXXXXXXXXXXXXXXX Fri, 21 Oct 2011 22:33:00 +0000
    Return-Path: <mailer@infusionmail.com>
    Pool-Debug: hsi value
    Pool-Name: default_value
    x-sieve: XXXXXXX
    Pool-Version: X
    Received: from [10.0.0.229] ([10.0.0.229:51875] helo=chase)
    	by sureshot (envelope-from <mailer@infusionmail.com>)
    	(ecelerity 3.2.2.42971 r(42971)) with ESMTP
    	id 47/24-05108-04XXXXXE4; Fri, 21 Oct 2011 18:33:36 -0400
    Date: Fri, 21 Oct 2011 18:33:36 -0400 (EDT)
    From: Jake Neeley <XXXXXXXXXXXXXXXXXXX>
    Sender: mailer@infusionmail.com
    To: XXXXXXXXXXXXXXXXX
    Message-ID: <XXXXXXXX.XXXXXXXXXXXXXXXXX.JavaMail.tomcat@chase>
    Subject: 7 days left to protect your brand from .XXX
    Errors-To: mailer@infusionmail.com
    MIME-Version: 1.0
    Content-Type: multipart/alternative; 
    	boundary="----=_Part_55440_2047595246.1319236416502"
    X-MailSentId: XXX
    X-campaignid: infusion_hsiXXX
    BatchId: XXX
    X-BatchId: XXX
    X-InfApp: hsi
    X-InfContact: XXXXX
    X-InfSent: XXXXX
    Package: value
    X-inf-package: value
    X-inf-source: MBFR
    X-inf-uflags: SO
    X-inf-iflags: SO
    The web bug (redacted)...
    Code:
    <img height="1" width="1" style="display: block;" src="https://hsi.infusionsoft.com/app/emailOpened/XXXXX/XXX">
    and opt-out link (redacted):
    Code:
    https://hsi.infusionsoft.com/app/optOut/8/XXXXXXXXXXXXX/XXXXXX/XXXXXXXXXXXXXX
    I'm inclined to think that it is Infusionsoft's systems which executed the campaign. Based on a quick review of the Infusionsoft product, it appears to me that client data would be imported into their system in order to carry out such campaigns. So while you may have been the one to prepare the campaign and no human at Infusionsoft may have been actively involved with the campaign, it appears to me that Westhost client information was provided to Infusionsoft [systems] and could still reside on Infusionsoft systems in the form of an active people database and/or log files from the campaign.

    It is this last bolded part that I was referring to. Are you saying that didn't happen? Does Westhost own/protect/operate mta-c-24-43.infusionmail.com, hsi.infusionsoft.com, and mailer@infusionmail.com?

  4. #4
    Moderator wildjokerdesign's Avatar
    Join Date
    Jun 2003
    Location
    Kansas City Mo
    Posts
    5,720

    Default

    No you are right the database would be housed on the Infusionsoft servers since they provide the service that WestHost is using.but that is not any different then the last service they used. This is pretty normal for companies to do. In fact I often suggest to clients that instead of trying to handle their email programs themselves that they use services like this. In the long run it is more efficient and secure. The companies are in the business of sending out emails so their systems are optimized for it. They are not going to sell these databases off to other people because it would hurt their own business that also means they are going go to great lengths to protect the database.
    Shawn
    Please remember your charity of choice: http://www.redcross.org

    Handy Links: wildjokerdesign.net | Plain Text Editors: EditPlus | Crimson

  5. #5
    Junior Member
    Join Date
    Oct 2011
    Posts
    7

    Default

    I am aware it has become common and I can actually think of some reasons why such a service might appeal to some companies. I place a high priority on privacy/security though, and tend to emphasize related fundamentals: minimize access to (sharing of) information, honor the information owners' preferences, need to know, compartmentalization, utilize physical protection mechanisms where possible, when you release information you lose control over it and can never get that control back, those sorts of things.

    I'm curious, how do you determine if it is "more secure" if your clients utilize one of these services.

  6. #6
    Moderator wildjokerdesign's Avatar
    Join Date
    Jun 2003
    Location
    Kansas City Mo
    Posts
    5,720

    Default

    Quote Originally Posted by WH_Client_N View Post
    I'm curious, how do you determine if it is "more secure" if your clients utilize one of these services.
    Because most of my clients are not technically inclined and thus would not know best how to keep the data secure.
    Shawn
    Please remember your charity of choice: http://www.redcross.org

    Handy Links: wildjokerdesign.net | Plain Text Editors: EditPlus | Crimson

  7. #7
    Junior Member
    Join Date
    Oct 2011
    Posts
    7

    Default

    What would be your fall-back if all such services went away? Have you ever looked into turnkey VPS solutions that are pre-configured to be very secure and just perform the functions needed?

  8. #8
    Moderator wildjokerdesign's Avatar
    Join Date
    Jun 2003
    Location
    Kansas City Mo
    Posts
    5,720

    Default

    Well I really doubt that all such services are going away any time soon. Also remember that I said that the people I suggest this to are not internet or computer savvy. These are people who can't even remember to keep such things as form, CMS or blog programs on their hosting accounts updated. I doubt they could handle keeping a VPS up to date.
    Shawn
    Please remember your charity of choice: http://www.redcross.org

    Handy Links: wildjokerdesign.net | Plain Text Editors: EditPlus | Crimson

  9. #9
    Junior Member
    Join Date
    Oct 2011
    Posts
    7

    Default

    Right, so how can that problem be solved? I suppose a managed VPS would be one option. Another option would be some kind of turnkey VPS with a one-click update/migration mechanism. I thought you might be familiar with what is and isn't available and/or might have some specific thoughts on the subject.

  10. #10
    Moderator wildjokerdesign's Avatar
    Join Date
    Jun 2003
    Location
    Kansas City Mo
    Posts
    5,720

    Default

    Well yes you could use a company like vps.net which is a sister company of WestHost. I have not explored their "turnkey" options recently so not sure what they offer in terms of bulk mail programs. You still would be spreading your user data to another server/company though just like if you used a service. Even with managed options at vps.net you have more responsibility for managing the program. While they may do the dirty work you would still have to let them know what you want to do. It is one reason people go with a vps enviroment. With the service the running and management of the program is completely out of your hands. All you have to worry about is sending out emails to your customers. For many that is the best situation.

    Also Infusionsoft is more then just a bulk mail system. It is a marketing service for increasing sales. I for one have no real marketing training. I have some knowledge of how a car works (or at least I did) but I still go to a service station when I need work on my car done not only because they specialize in it but because they have all the right tools to do the job. I consider using a service like this as kind of the same thing.
    Shawn
    Please remember your charity of choice: http://www.redcross.org

    Handy Links: wildjokerdesign.net | Plain Text Editors: EditPlus | Crimson

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •