How to Properly Use 3rd Party Web Services

Today I got an email marketing message from Fido, my cellphone provider.

Probably.

Unfortunately, Fido used a third party email and contest manager that makes me unsure if the email is real or a scam.

The email “from” line looks good: fido.communication@fidomobile.ca.

But it’s trivial to fake a “from” line.

The email “reply-to”: fido.communication(xxxxxx)@mail.konversation.com

I removed the x’s which I suspect are unique to my email address and used for mail list management.  It doesn’t really matter.  Is this address confidence inspiring to the non-technical user? Nope.

Worse, the email is about a contest.  In the email there is a link to enter the contest:

http://kmkapp01.konversation.com/Fido/eNewsletter/Default.aspx?langue=en

What is Konversation.com?  And why should I enter my phone and other info into a website that doesn’t even spell conversation properly? (That’s a joke, I realize it’s a cute mispelling used for a website name).  Sure, there are Fido logos in the email and on the web page.  But who knows?  I’ve seen fake bank websites that also look authentic.  It’s easy to copy logos and verbage.

In the end, I decided to skip this contest.  Who knows if it’s a real contest or not.  Besides, I never win prizes anyway.

What should companies do?  Use their own domain for everything because they’re much harder to use fraudulently.  If they choose to outsource bulk email, use a provider that can use “bulkmailer.example.com” for their messages.  For contests?  “contests.example.com”.  For surveys, “surveys.example.com”.

In fact, that’s exactly what we offer with the custom survey domain feature of PapayaPolls.com.  We have several clients who host surveys using a subdomain of their primary domain.

It works for everyone.  The end survey respondents are confident that the survey is legitimately from our customer.  Our customers are happy that their survey respondents are confident, and thus willing to answer the survey.  And we’re happy to have paying customers.

So there you go.  A rant and an advertisment for one of our websites all rolled into one.  Not bad for a Friday afternoon.

Tags: , , , , , , , ,

7 Responses to “How to Properly Use 3rd Party Web Services”

  1. bunnyhero Says:

    i got the same email tonight, and wondered the exact same thing. googling ‘konversation’ and ‘fido’ led me to your blog post. i completely agree with your sentiment.

  2. vanc Says:

    just got the same email and stumbled on ur blog while searching for it
    i think it’s real but im not gonna take risk

  3. bongo Says:

    Got one from Aliant, a local phone company in Nova scotia. Interestingly, pinging mail.konversation.com never echoes back.

    And off to Junk it goes.

  4. Me Says:

    I got this as soliciting donations. I do not know either person involved, and it seemed very odd.

    Usually, I delete junk mail immediately, but this one used my FULL name, which is not published anywhere attached to this email addy.
    It started out:
    Dear XXX XXXXX (my real name),

    It’s Beth from CA – this is my fundraiser for Kathy Johnson. Please renew or buy magazines for yourself or as a gift and part of the proceeds go directly to Kathy. Please forward the email to your friends and family, so that they can contribute as well!

    You can help by inviting your friends and family to shop at our online magazine store. They can choose from over 650 magazine subscriptions at up to 85% savings, and our group will get 40% of each purchase amount!

    It went on to give links, and ALL the links pointed to the same site:
    http://t.konversation.com/app/t/lvl/p/q/p9xgjd/q/tj0g/t.htm
    Which I did not click on.

    I do know know a Kathy Johnson nor do I know the “Beth” that supposedly wrote it.

    Be careful of this domain.

  5. Me Says:

    In the last paragraph above, I meant to say that I do NOT know a Kathy Johnson… sorry for the typo.

  6. zed5000 Says:

    I got a the following very similar message :

    *******************************************************
    “Your trust is very important to us”
    At Fido, we care about your privacy. So we value your
    e-mail address as an important sign of your trust in us. That’s why [blah blah blah]….
    Since the choice is always yours, we’d like to know if you still wish to be informed of Fido news and exclusive on-line offers.

    If you dont want to stay in touch click here.

    Hovering the mouse over the ‘here’, Fido logo, unsubscribe, privacy policy hyperlinks all point to t.konversation.com/etc.etc.
    ********************************************************
    If this is not a phishing / email address trolling attempt then it sure looks like one. Interestingly my yahoo email account identified this email as spam!
    A company of Fido’s size should surely use their own domaim.

    z

  7. » FidoListens.ca? Who are you? &raquo the Perceptus blog Says:

    […] firm.  A little over a year ago I ranted about another Fido survey attempt in my blog post, How to Properly Use 3rd Party Web Services, I didn’t feel comfortable with the firm that […]

Leave a Reply