The spam email sent by the New York Times (click to enlarge)
On Wednesday morning, I received an email from the New York Times asking me to reconsider my recent decision to cancel my home delivery subscription. The email included a toll-free number for me to call to renew my subscription at an “exclusive” discounted rate.
There is one big problem here: I’ve never had a home delivery subscription to the New York Times. And also, no one picked up when I called the toll-free number, which does not seem to be listed to the NYT.
Apparently, I’m not the only one who has received a bogus email. In Tweets sent Wednesday morning, New York Times spokesman Robert H. Christie answered scores of confused messages from customers by saying the emails are likely a “spam” issue and that the paper was looking into the problem.
A closer look at the email’s details (which can be accessed by clicking “show details” on Gmail) reveals that the email’s DomainKeys Identified Mail, or “DKIM” was not signed, which is an indication that the email is not on the up-and-up. The message was also apparently sent by bfi0.com, a mail server that’s registered to Epsilon Data Management, division of Alliance Data Systems that manages email marketing campaigns. It’s still early to tell, but it looks like Epsilon has been contracted by the NYT to do its email marketing campaigns, and that Epsilon’s security has been compromised.
This wouldn’t be the first time a big email list run by Epsilon Data Management has been broken into by an unauthorized third party. Earlier this year, customer email lists belonging to JP Morgan Chase, TiVo and 38 other companies were affected when hackers broke into Epsilon’s systems and accessed names and email addresses. Epsilon sends more than 40 billion emails per year for dozens of big name clients in the worlds of finance, retail, hospitality and the like. More sensitive details such as credit card numbers were not accessed in that breach back in March, but an unauthorized third party posing as a company like JP Morgan could result in some customers fall victim to phishing attacks where they give up more personal or financial data.
We’ve reached out to the New York Times for comment on the spam issue and whether they contract their email campaigns to Epsilon Data; this post will be updated with any details we receive.
Related research and analysis from GigaOM Pro:
Subscriber content. Sign up for a free trial.