You see this feature offered on many sites. I know they can capture the “friend’s” email address, but I wonder if they do.
Peace,
mangeorge
WAG: Yes, they do. Expanding their mail list gives them a larger potential customer base. They may use the address only for their own marketing, or they may sell or share their list.
I never use this option, as I think that friends don’t give out friends’ email addresses. Except once, last week. A friend spams me with so much right-wing email I removed him from my address book. (His emails go into my spam folder.) If he gets on a list, he deserves it. But he’s also likely to be interested in the stuff they (and their partners) send, and I thought it might give him a more legitimate means of entry to their industry show if the invitation came from their site. (In the past they’ve been a little selective. And he did register to attend.)
I can’t remember where, but I remember reading the fine print at one website that said they could do whatever they wanted with any email address you provided.
I’m getting to the point where I use hushmail or other throwaway accounts, even when I’m just signing up for something.
I’ve implemented this feature at least twice on highly-trafficked sites (once just a few weeks ago), and we didn’t collect them. That said, there’s no reason we couldn’t if we wanted to, other than not wanting to appear unscrupulous.
Definately hotmail accounts are the way to go. I make them in advance, like Markxxx1, Markxxx2, and so forth. I’ve then run PopPeeper to check them then when they’re spamed out I can always simply forward them into a another one and then delete it if needed
You can just get a gmail account and use yourname+foo@gmail.com where ‘foo’ is any arbitrary string. That makes it easy to filter compromised addresses. (A lot easier than setting up multiple accounts, anyway.)
What?
This feature is not unique to GMail—it’s part of the Internet standard for e-mail addresses. So your trick works with pretty much any e-mail client or webmail account that allows filtering (which, today, is probably all of them).
Unfortunately, a lot of clueless web programmers have no idea that “+” is a valid character to use in an e-mail address, and thus write their web forms such that they refuse to accept input with that character.
Read the privacy policy - it depends - the company I work for does not store the email addresses, when sending an invite to a friend of a user to a site we host, we rarely store the actual email addresses because our client’s privacy policies preclude it, although all actions and emails sent are logged, and if we really wanted to we could parse the logs to see if anything went wrong.
We first check to see if a user is already in the site, and then if they are not, we create a unique hash which is stored in lieu of the actual email address, then we check if this hash already exists in the previous invites from all users. If this hash is not in the database, we then store it and we can send an email.
Next we generate a token using the email hash & the user who sent the email’s information to put in the email which goes out to their friend. This info is stored in the user who sent the email’s information.
When their friend clicks the link in the email that token will be looked up and if that friend registers in the site we then look up that token in the database, and give the user who sent the invite credit for a referred friend.
The hash generated for the email address is using information from the website and is encoded in such a way (md5) that it would be VERY difficult to get the email address back out.
Unless something goes drastically wrong and a client’s IT department needs to see the logs, the client never can see the logs, nor a list of addresses of invitees to the site, only that userX sent 12 invites to friends and has 3 successful referrals.
It is quite infrequent that we have a client who wants to track the real email addresses, because the anti-spamming laws preclude them from sending unsolicited emails as does their own privacy policies.