E-Mail Security: Sending Newsletters
Recent reports of health clinics breaching the Data Protection Act through user error have highlighted a problem with the use of mass e-mail.
The news of yet another breach of the Data Protection Act, through improper handling of e-mail addresses, when sending newsletters to clients indicates a fundamental issue with the general understanding of proper methods for bulk e-mail distribution.
Don’t Use the To: Field
If you’re sending the same message to a group of users, you may be tempted to just add all their addresses to the standard ‘To:’ field. This may seem like a perfectly viable solution, after all, you’re sending the message to multiple people, right?
While you are sending the content of the message to multiple people, in most cases, you don’t want to disclose the addresses of every other recipient, as doing so may lead to an unintentional breach of the Data Protection Act.
If you’re not supposed to use the ‘To:’ field, what options do you have for safely distributing your newsletter to a large group of people?
Option 1: Use the BCC: Field
All e-mail clients give you the option of specifying addresses in what is known as the BCC (Blind Carbon Copy) field. This field serves the same purpose as the ‘To:’ and ‘CC:’ fields, but the individual recipients do not receive the value of this field in the messages that are delivered, so they do not know who else the message has been sent to.
This method allows you to continue to use your existing e-mail client to distribute your newsletters while protecting the e-mail addresses of the recipients from accidental disclosure. However, it isn’t the ideal method for the distribution of mass e-mail.
It falls short because your recipients have no easy way of telling you they no longer wish to receive your messages. This is where your second option comes into play: Mailing Lists.
Option 2: Set Up a Mailing List
There are many third-party services that make the process of setting up mailing lists easy. Many have integrated tools to help you track the effectiveness of your messages, acquire address information, and take care of the unsubscribe process.
Services like MailChimp and AWeber even have plugins available for Content Management Systems like WordPress, so visitors to your site can sign up to your mailing list.
They also allow you to test your proposed message, to see how it will look in a variety of e-mail clients, so you can avoid sending messages that are unreadable to some of your recipients.
Of course, if entrusting your newsletter distribution to a third-party is not an option for your specific usage scenario, you can still run mailing lists from your own servers, using Open Source software like MailMan.
While this post is in no way an endorsement of such services, they do provide an easy to use mechanism for managing your mass e-mail requirements, while also ensuring that you stand the best chance of remaining compliant with all relevant legislation.
Hopefully, the information in this post has helped you understand e-mail distribution a little better. If you have any questions, please leave a comment and I will be happy to answer them.