Some of my colleagues have signed up for the Plaxo shared business card / contact management service, and I’m wondering if it’s possible to get spam because I’m a member of the Plaxo service?
Interesting that you’d ask that as there’s been a big discussion on this very topic on the My LinkedIn Power Forum and by coincidence, last night I just received a spam query from a Plaxo member too!
Here’s what I received:
Now you might look at that and say “that looks like someone who knows Dave all right” but a closer examination will reveal that just about every bit of data is extracted from some spammer database: I did write for InfoWorld, but that was at least seven years ago. I did have that Post Office box in Menlo Park, California, but that was over ten years ago.
There are also three different phone numbers listed – none of which ever got ahold of me – and they’re spread across three different states here in the USA. (415 = the San Francisco area of California, 201 = New Jersey and 303 = Colorado).
But what I like the most about this is that some poor guy with the same name at SMC is tied into this too: I’ve never had an email address @smc.net nor has smc.net been where you could find me on the Web.
So here’s how I think this sort of thing works: a spammer uploads as much data as is easily found on tens of thousands of people, then triggers Plaxo sending out an “update your contact information” message. Clueless or overly busy people see the contact info, say “woah! let’s update that, it’s way wrong” and never ask themselves if they actually know the person sending the request.
I can speak categorically that I have never met or interacted with the woman in question. So why am I in her Plaxo database and why is she sending me a query? So she can mark my email address as “live” and sell it to spammers, along with a few thousand other she’s harvested through this tricky but slimy spam trick.
I’ve already had a policy of never updating Plaxo data unless it’s from a close friend or colleague anyway, but this kind of thing makes me even less likely to pay attention to Plaxo, a good idea gone terribly wrong as spammers have taken over.
I encourage you to also be very reticent about whose Plaxo address books you help update with your correct contact information.
i have a problem with long text messages from facebook to my Iphone 3gs… at the middle of the message it says (reply “n” for next). i have tried everything so i have to go to my computer to see the rest of the message.
thank you
I know this post is from a long time ago, but I just made an interesting discovery with Plaxo that I would like to share. Plaxo permits the creation of a public profile. When I signed up, I figured the public profile was for work experience and such (like the Linked In or Unyk one). Only today did I realize that the public profile has my email adress on it!!!! We’re talking perfect prey to spybots! No wonder I have been overloaded with spam lately…
I just realized why the contact info had those weird phone numbers! It was driving me nuts; why would that lady, who apparently actually exists, have phone numbers and an address that wasn’t ever yours? It’s because the piad version of Plaxo “merges duplicates”(a useful tool if you have LinkedIn, Xing and/or Plaxo contacts that you want to merge into your outlook address book), and I’m sure there was another Dave Taylor who in her book. Stacy has a point, you know; there’s easier ways to figure out if an email address is “live”; why would someone go through all that trouble? I’m sure it was an honest mistake. I’m still going to tell my clients that a condition of setting them up on Plaxo is that they not send out any update requests, and if they do, they must at least call and leave that person a message telling them how they know them.
I’m a new Plaxo user, and Ijust read that it hit 15 million in users. I loaded in my contacts, (but didn’t send out update requests) and about 1 out of every 4 contacts were in there already. I think that it’s usefulness will grow exponentially with more users, like Stacy was saying -soon you won’t have to send out update requests at all- I certainly won’t, and I advise my clients not to.
I know this is an old post but I thought anyone reading may be interested in something that I have experienced recently with Plaxo. I have a work colleague who uses Plaxo and on receiving yet another request for update spam, I set up a sting.
I updated with a newly-created email address on a previously unused domain set up just to handle email for this experiment.
Within 48 hours, spam started arriving. Initially 10 per day, it climbed to over 100 per day within 2 months. Point proven, I closed the email account and provided logs to my colleague. He still insists that Plaxo could not be at fault. For me, the coincidence is too strong, particularly as the spam was frequently addressed in my name. New domain, new email address, secure server, and the address provided only to one Plaxo member via the update.
I don’t care what the Plaxo privacy guy says – after this it would take one whole lot of evidence that Plaxo was not responsible for this spam.
Thanks for posting this. I am going to cross post this to my blog http://crusaderx.blogspot.com
Eric
Stacy, Is it your full-time job to respond to blogs that suggest Plaxo might not be the best idea for managing contact info? I think if people realized that all day long you are searching the web for negative press to respond to, they might not be so impressed with your canned responses.
You post basically the same invalid points over and over again everywhere I look.
Stop trying to legitimize your services by comparing yourself to other services such as Yahoo, MSN, etc.
I use the mentioned services, but only for personal email (who’s addresses get abandoned every couple years due to spam).
I use my work address for work… while corresponding with people who have work addresses, not Hotmail or Yahoo. That’s why I don’t want it on Plaxo. Nobody reputable uses these services for business email.
All I would like is for Plaxo to TELL someone that I have refused the service when they try to update my information. Instead, they just black-hole the message if I’m “opted-out”. The person on the other end is left to assume that I got their message, but chose not to respond.
Stacy told me that they do not have that capability. If that’s the case, how capable are they of protecting the countless emails stored on their ONLINE servers? They have been exploited in the past, and are too good a target to avoid it in the future.
Spam from the Gizmo Project?
Dave, you wrote earlier about getting spam through the Plaxo system [see Can I get Plaxo Spam?], but I’m wondering if other systems could also be used to generate spam, and if so, how?…
Jeff – I’m sorry that a member’s poor etiquette has soured your potential relationship. Personally, I envision a time when Update Request emails, whether they be sent through Plaxo or some other manner, are no longer necessary or used. Plaxo is about keeping people connected automatically (not through email). Our mission is for people to never lose touch with others they wish to stay in touch with. The ideal situation is where a person updates their own contact details, and everyone they have allowed to connect with them is automatically updated as well. This is how the service works for known contacts who are both Plaxo members.
As for the question of trust, I simply wish to raise the point that managing information within Plaxo is similar to maintaining the same type of information within the online address books of services such as Yahoo!, AOL, Gmail, MSN, etc… I’m not sure if you feel the same about these services as well, but the issues of privacy, security, and trust are similar. We each must take appropriate steps to ensure the integrity and privacy of our member’s information is secure, and work to earn each user’s trust. If you have specific suggestions on how we can improve our service and earn your trust, please let me know.
I just terminated a relationship with a vendor for spamming me with update requests. We were working on a 2 -3 million dollar deal. Now they are blacklisted by our servers. Now I just can’t wait for the flood of spam I will get. I have already traced several emails back to the address they submitted to plaxo.
I don’t care what the privacy officer says, I don’t trust this kind of thing at all. It’s way too easy for a dusgruntled plaxo employee to sell off the info. So what if they are certified by whom ever, these companies do not do audits so basically you pay them to put their logo on your webpage and the clueless assume you are legit.
I also don’t buy the investor excuse. Most of the large investors read the business plan before investing, they probably don’t even know how or have ever used the service. Citibank is a very reputible company, but I’m sure their business plan didn’t include a employee selling customer info.
And another person was right on the money, for a vendor to piss me off right off the bat by sending me endless update requests sours the relationship from the start.
(Reader) Dave – Somehow I feel that the true benefit of Plaxo may be getting lost. Plaxo is not about sending update requests emails but rather keeping people connected automatically WITHOUT the use of email or manual data entry.
Of course this can only be done when two people are both Plaxo members. But when two Plaxo members are connected to each other, as one member updates their own contact details, Plaxo automatically updates the address book of the other connected Plaxo member.
We have many members who feel this has tremendous benefits to them as a business user and individual consumers alike. Perhaps this is type of service you yearn for.
But when only one person is a Plaxo member, Update Request emails are oftehn the most efficient and effective manner in which to stay connected. But update requests are entirely optional. We have many members who do not send any update requests at all. They simply use Plaxo to connect to those contacts who are also Plaxo members and automatically stay in touch.
Like the ‘main’ Dave, who runs this place and answered the question originally, this ‘reader’ Dave who posted the “don’t use” recommendation above thanks you, Stacy, for your very through response.
Also, in spite of many attempts in the past to contact someone at Plaxo who would respond to my concerns, it is a nice suprise to see that Plaxo does seem to be run by humans. Some day even non-accomplished bloggers and ‘ordinary’ Net people may earn a resonse as well .. at least Dave Taylor was able to be heard.
Indeed the size and scope of your response is exactly the reason I made my do not use recommendation and I still stick by it.
Any service that requires an explanation of that length and requires the significant disclaimers you had to insert is not a service attuned to the needs of business users.
As long as the average user perceives requests for updates as possible spam then the value to a business professional is significantly reduced, if not completely negated. I was just handicapped today in trying to find contact info for someone important, and how I yearn for a service like Plaxo that could somehow be ‘spam free’, but in today’s internet world I can’t conceive of one that would work for business persons whose business is not flogging services on the Net to others on the Net … which most of the luminaries you mentioned are engaged in … there is a whole world out there that only does business using the Net as a communications medium, not a place of actual business transactions. Plaxo does not facilitate this type of business in any meaningful way, sadly.
Thanks for that incredibly detailed response, Stacy. I appreciate that you are on top of this problem and Plaxo, as a company, is focused on ensuring that people don’t get spam from Plaxo members or inadvertently feed their contact information to spammers. I’m also all too aware of how spammers are a relatively unruly lot and are always eager to subvert things and get whatever advantage they can out of the tools that the rest of us enjoy and appreciate.
Nonetheless, I was never a part of NATPE, have no relationship with anyone who works on Hollywood movie web sites and still have no idea who Laura is. Is that a critical flaw in Plaxo? Of course not. But reasonable requests from unknown people is the kind of thing that makes it hard to be too invested in any of the social networking and data management tools out there. It’s bad enough spammers know my name, address, city, state, and more, but it’s doubly disturbing when the implicit trust of a LinkedIn or Plaxo is corrupted by unknown contacts.
Ah well, life in the Information Age.
Thanks again for your answer and detailed explanation.
Dave � Thank you for the invite and pointer to this post. I am the Privacy Officer here at Plaxo and I’m happy to add to the discussion. I think there are really number issues and questions here which I’ll attempt to address. I apologize ahead of time, for what may be a lengthy response.
Let me start with the original question asked by your user which was “is it possible to get spam because I’m a member of the Plaxo service?”
The answer to this question is NO.
As we have outlined in our Privacy Policy, Plaxo does not send spam, maintain spam mailing lists, nor support the activities of spammers. Plaxo will not sell, exchange, or otherwise share a member’s information, including the information maintained within the member’s address book, with any third parties, unless required by law or in accordance with the member’s instructions. Furthermore, Plaxo does not include any spyware, adware, or malware components.
As with any company, our business is based on trust. We have millions of people using the Plaxo service each and every day and I’m sure you would agree it would undermine that trust to violate the provisions outlined in our own privacy policy. We are backed by some of the most respected investors and companies in the industry (Tim Koogle – former President and CEO for Yahoo! Inc., Ram Shriram – former VP of Amazon and Netscape, Ben Golub – Plaxo CEO and former VP of Verisign, Mike Moritz – partner for Sequoia Capital (Google, Yahoo, eBay), Globespan Capital Partners, Cisco Systems, and AOL). I do not believe these individuals or companies would risk their investment or reputations on an operation that did not uphold the same standards that also made them successful.
As for the message that you received, this is referred to as a Plaxo Update Request message. Update Requests are a way Plaxo members use to stay in touch with non-Plaxo members. Update requests provide a simple and straightforward way for contacts to stay in touch without both parties needing to be Plaxo members.
It works like this: A Plaxo member selects someone from their address book they wish to stay in touch with by sending them an Update Request message. The Plaxo member can include a personalized message within their update request or use our provided default text. The Plaxo member then chooses what of their own contact details they wish include within the message in order to update and stay in touch with the recipient, before finally approving the action to send the update request message. Plaxo then processes the update request through the Plaxo service. The message is formatted into a standard template that includes the member’s personalized message, the member’s contact details, as well as what information the member currently maintains for the contact. Our processing also inserts a standard header and footer into the message before it is finally delivered to the specified recipient. Upon receipt of the update request, the contact can update their own address book by simply clicking on the vcard attachment. This allows them to easily update their address book and stay in touch with the sending Plaxo member without the need to become a Plaxo member. The recipient can also optionally respond to the update request. When responding, the recipient is directed to a secure web form on the Plaxo web site. Any updated contact information the recipient chooses to submit is automatically inserted back into the requesting member’s Plaxo Address Book. This information is ONLY used to update the requesting Plaxo member.
Each update request also includes an opt-out link, which can be used to instruct us, as the service provider to block further communications sent to their email address through Plaxo. The recipient can choose to block further update requests from a single Plaxo member or all Plaxo members, depending on their preference.
The main point I wish to emphasize is these messages are sent by Plaxo members to selected contacts within their own address book. Plaxo does not send update requests. We only processes these messages and any responses the Plaxo member may receive similar to how Yahoo processes messages a Yahoo user may send or receive.
But admittedly, some people do treat update requests as spam. As you have expressed, often this is the result of receiving a message from someone they do not recognize or understand why they wish to stay in touch. Unfortunately, it is beyond our service to determine how the member may have initially acquired your contact information, or why they might wish to stay in touch with you. But I’ve generally found there is some reasonable explanation.
Regardless of the reason, Plaxo members are expected to abide by our Terms of Service and follow proper Plaxo Etiquette. Our Terms of Service specifically prohibits members from using Plaxo to send spam which includes sending commercial solicitations, or sending requests to people the member does not recognize or whom are unlikely to recognize the member as a known contact. Our Plaxo Etiquette – http://www.plaxo.com/privacy/manners – reemphasizes these points as well as advises members to include personalized messages that tell the recipient who they are and why they wish to stay in touch. Plaxo members are expected to respect the privacy of others. Reports of possible abuse may be submitted to my department (abuse @t plaxo.com) for investigation and follow up.
Does this mean people always follow proper etiquette? Unfortunately, no. As with any new technology, abuses – intentional or unintentional – will occur. I recall in the early days of cell phones how people would let them ring during movies and then answer them from their seats. Etiquette violations such as this continue today, but thankfully, people are more aware of the proper etiquette, and it occurs much less frequently. The same is true for Plaxo. Our job is to continue to educate people on the proper etiquette for staying in touch. In my experience, it is common for people to not realize what contacts they maintain within their own address books. We all have a certain amount of “poor” or “loose” contacts within our address books. Some of these contacts may be of people they had a brief exchange with years ago, met at a trade show, or may have been added automatically by our mail client with each message we sent or received. What ever the reason, sometimes it is not appropriate to try to stay in touch with every single contact we have within our address books.
In the case of the update request you received, I reviewed the activity of the Plaxo member and spoke with her directly. Her account and activity did not display characteristics of spammer or abuser (large address book size, incomplete contact details for entries, excess update requests, etc…). She does indeed maintain an entry for you in her local address that has likely existed there for many years. Like many people, she enters in the contact details of people she meets and exchanges business cards with. According to the member, you were likely someone she had met within the last 10 years. She has gone through a number of jobs during that time where she used to be IT, ran a large ISP that hosted movie sites such as the Titanic, and others from Fox, and Paramount. She noted that she may have met in relation to NATPE. While it is apparent she does not know you personally, she is confident that you have previously met and she’s sorry her update request to you caused any inconvenience. Some of the information maintained within your entry may have been generic to others that she met at the same time.
As for your concern about Plaxo being used by spammers, certainly this is concern for any service provider, as it is for Plaxo. In general though, all a spammer does by sending a Plaxo Update Request to someone is alert that recipient that they have their email address. If the spammer wishes to verify an email address is “live”, they can do this much easier by simply sending a message directly from their own system which likely does not have the same controls, throttles and limitations found within Plaxo. It’s been my experience that spammers don’t really bother to determine if an email address is truly “live”. It doesn’t cost them much more to send 100K messages vs. 10K messages since they are unconcerned with the bounces. But if they want to determine if an email is live, this can be more easily achieved by including a web-beacon within their message or including an enticing URL that immediately verifies the recipient’s email address when clicked. I’m skeptical a spammer would use Plaxo and bring attention to their activities and information.
But certainly the possibility does exist, and we must always be diligent. We have a number of controls and internal processes to identify and handle potential cases of abuse that I’ve briefly described here – http://blog.plaxo.com/archives/000033.html. People can also report suspected abuse to our Plaxo Abuse Department at abuse @t plaxo.com.
I hope this helps. If you have any questions, comments, or suggestions regarding our policies, please let me know.
Stacy Martin
Plaxo Privacy Officer
privacy @t plaxo.com
Indeed there do seem to be some problems with Plaxo, although I have never had anything as blatant as your example.
I did, however, quit Plaxo because many of my contacts seemed so concerned about Plaxo scam that the service was useless for keeping in touch. In fact as a sales professional it was worse that useless, it’s hard enough building rapport with prospective clients without antagonizing them before you even get to make a pitch.
My vote … if you are in business, don’t use Plaxo.
Best regards
Dave
Yes, you can, and not just for updates. Once in someone’s database, it takes a while for some folks to give up on you. I have some examples over here. Cheers.