ForHacSec

I received the below email with nice friendly information and updates regarding the popular WordPress plugin Wordfence, a very popular and familiar to some, Security oriented plug-in for WordPress. However, this email had a nasty bite to it. In the form of having been sent to a mailing list of 5000+ recipients without using the ‘BCC’ field. There really isn’t enough spam in the world already!

From: <NAME REMOVED> <?????@wordfence.com>
Date: 13 December 2012 11:24
Subject: Wordfence mailing list

Hi All,

Just a quick note that I’ve created a Wordfence mailing list which I’ll use to let our members know about WordPress security alerts, product updates, announcements re the coming licensing change and our affiliate program which should be ready soon.

http://www.wordfence.com/subscribe-to-the-wordfence-email-list/

I’m using Aweber to manage the list, so if you see that domain name on the confirm page, don’t think you’ve been taken somewhere you shouldn’t be.

I already sent an email inviting my personal contacts a few days ago and I’ve done my best to filter out those folks and existing members, but I do apologize if you have already received this or shouldn’t have received this. I’ve created the list so I can avoid sending out these “All Contacts” emails in future – so this will be the last one from my personal inbox.

I hope Wordfence is keeping your sites secure and you’re having a great week.

Kind regards,

<NAME REMOVED>
Wordfence creator and Feedjit Inc. CEO.

This was very promptly followed 9 minutes later by –

From: <NAME REMOVED> <?????@wordfence.com>
Date: 13 December 2012 11:35
Subject: I’m an idiot. Apologies.
To: <NAME REMOVED> <?????@wordfence.com>>
You just received an email from me suggesting you join the Wordfence mailing list.

It came from my personal inbox and instead of using the BCC function to send the email, I put the emails of almost 5000 people in the “To” field so that everyone can see everyone else’s email address.

I can’t tell you how bad I feel about this. It’s a newbie mistake and something I’ve never done before. I won’t bore you with how gmail’s interface led me into the trap.

So firstly I’d like to apologize to all our customers. A guy who makes what is supposedly the best security product available for WordPress should not be making mistakes like that.

Secondly I’d ask you to do me the courtesy of not “Replying All” and pointing out the mistake. And also please respect the privacy of everyone who received the email and do not store those emails.

If anyone is sent unsolicited email from someone who was on the list, please let me know and I’ll have a polite word with them.

Once again, my humble apologies. If nothing else, this will hopefully serve to save you making the same idiotic mistake I just made.

Have a great week,

Regards,

<NAME REMOVED>
Wordfence creator and Feedjit CEO.