Address book importing. Odds are good that if you aren’t doing it you know a business that is. You may even be thinking about doing it for your business. Evite services, e-card services, campaign services, and really any service that wants to monetize your contacts are all the sorts of businesses that will encourage users to import their address books. In fact it’s a fairly common practice. Unfortunately, it’s also an awful practice.
What is Address Book Importing?
Address book importing is the practice of having a user import all of the addresses in their email address book into your system, and then sending out invitations or other email to all of those addresses, in the user’s name, so that the sending system is, in theory, immunized from spam complaints, because hey, “they came from your friend, not us.” But make no mistake about it – it doesn’t matter what’s on the “from” address, if your system is sending out hundreds or thousands of messages, all to people who did not request them, it’s spam. (And actually, with the “from” address not being your own, in this context, technically it’s spoofing, as well, which is another big no-no.)
There are a couple of different ways to do address book importing, but by far the most common (and worst) variation is this: a user signs up at a website, and as soon as they create their account, the very next page they see is a request that they “invite all their friends to use this great service”, or that they “tell all their friends where their new social networking account is”, or that they “share this great newsletter with all their friends.” Then the user is presented with the login page for their email account, which often looks for all the world like their inbox provider has approved this! The inbox providers this is most often done with are AOL, Hotmail, Yahoo, and Gmail. The inbox provider’s logo is usually there (used without the their permission), and the familiar “username” and “password” boxes are there, in fact often it is made to look so much like the mailbox provider’s login page that users are tricked into thinking that their inbox provider has approved it. Only, they haven’t.
Like we said, this is one of the worst versions of address book importing. More recently , as more and more places have APIs, it may be the actual login for the mailbox provider, but that still doesn’t mean that the inbox provider approves of whomever importing all of your contacts. In fact for the most part they very much don’t approve of it.
From an Internet and email practice and policies perspective this is a spectacularly Bad Practice because, among other things, it trains users to give up their passwords to third parties! Now, we think that we can all agree that giving your password to someone you don’t know (heck, even giving your password to someone that you do know) is a Very Bad Idea. To train an entire generation of Internet users that it’s perfectly ok to provide your password to some third-party service for which you just signed up goes against all Internet safety and security practice (and logic).
But here is another, more immediate, reason why it’s such a bad idea:
It builds your service or site a reputation as a spammer.
Because those thousands of individuals who are going to get that ‘invitation’ from “your user” – they know, they’re not stupid. They know that your user – their friend – was just a mere tool in your plan for world domination and that you really sent that email. And make no mistake, it WILL hurt your reputation.
Don’t believe me? Just check out the comments (and the number of user views) on this article:
Another, slightly more benign, variation on address book importing is the practice of importing only your users’ local address books – i.e. the one that resides on their own computer (rather than at their ISP) – such as their Outlook address book. With this variety of address book importing the users have the ‘opportunity’ to ‘invite’ all of their friends, but you aren’t having them log into their AOL, Hotmail, or other account to do it. Doing it this way at least does away with the issue of your having your users gives their passwords to a third party site, although it does still suffer from the other problems.
So if the practice of address book importing is so problematic, why do sites do it? Pure and simple: greed. Oh, they say it’s so they can quickly build a mailing list or to quickly populate a community, but why are they trying to build their list or community so quickly?
And they rationalize it by saying “everybody is doing it.”
Don’t be everybody. Be smart. And be right.