-   FastMail Forum (
-   -   Fastmail giving out email addresses without permission (

ferrety 13 Apr 2018 02:36 PM

Fastmail giving out email addresses without permission
Fastmail gave out my main email address to a survey company without permission. I had made a point of not giving out my main email address to anyone. The only company that had it was Fastmail (obviously).
This morning I received mail at that address from surveygizmodo on Fastmail's behalf.

So the main email address & login for my account that I was keeping secure is now known to an American survey company & heaven only knows who else.

Terry 13 Apr 2018 02:49 PM

I dont think so.

Updated 14.04.18
My apology ferrety you were correct.

ferrety 13 Apr 2018 03:28 PM


Originally Posted by Terry (Post 606154)
I dont think so...:rolleyes:

You don't think so what?

pjroutledge 13 Apr 2018 06:36 PM

Just change it.

Happened to me a while back. Because the login username is a secret, changing it is no big deal. Just have to update any clients etc.

BritTim 13 Apr 2018 08:07 PM

Bear in mind that malware on one of your devices could be harvesting your data

brong 13 Apr 2018 08:16 PM

Just to provide more details for those reading this, our (FastMail) marketing team contacted a random sample of a few of our recent signups with a set of survey questions designed to understand why people choose FastMail, or choose not to remain at the end of their trial.

The survey company (SurveyGizmo) is only permitted to use that list of addresses for the explicit purpose of sending the survey we designed, and collecting the results of said survey.

SurveyGizmo have a privacy policy which allows you to see exactly what data they have on you, and allows you to request that all that data is wiped. We immediately requested that SurveyGizmo remove all data for the user ("ferrety" here) upon receipt of a request from that user.

The reason we chose to use a third party rather than building a survey tool inhouse was entirely around skill and time - it would have taken us inordinately long to build the tooling ourselves as opposed to paying experts to do it. We chose SurveyGizmo because they have a good privacy history, and provide tooling to allow non-programmers to extract useful data from the surveys.

In response to the complaint we received today, we are reviewing how we choose users to survey, and plan to require an opt-in of some sort.

The head of our communications team has been in direct contact with the user about this issue, and I expect further communications will continue there rather than on this public forum.


Bron (CEO, FastMail Pty Ltd)

misc 13 Apr 2018 08:18 PM

((( Comment deleted by myslef as it's obsolete after Bron's post )))

brong 13 Apr 2018 08:24 PM is their privacy policy. "ferrety" did the right thing in contacting us per that policy:


We acknowledge that Survey Respondents have the right to access their Personal Information. If you are a Survey Respondent and have any questions or concerns regarding our customers’ privacy practices, or if you seek access to or wish to correct, amend or delete inaccurate data, you should contact the entity from whom you received a survey.
And we have now done the right thing by requesting that all data for that user be deleted from our account.

ferrety 14 Apr 2018 03:01 AM

This situation has not been resolved & the last I heard from fastmail was this morning.

ferrety 14 Apr 2018 03:06 AM


Originally Posted by BritTim (Post 606160)
Bear in mind that malware on one of your devices could be harvesting your data

From this other company?

Originally Posted by pjroutledge (Post 606158)
Just change it.

Happened to me a while back. Because the login username is a secret, changing it is no big deal. Just have to update any clients etc.

They gave out your email too? My login name isn't secret anymore thanks to fastmail. If Experian can get hacked so can their survey company

17pm 14 Apr 2018 04:34 AM

I absolutely agree with ferrety here.

You shouldn't have to contact support in order to get a third party to delete our personal email address. Giving your costumers email address to a third party is something that I would never expect FM to do. I'm honestly very sadened by this.

Hopefully a lesson is learned here and all exchanges of information with third parties will require an opt-in in the future.

Also, was this really necessary? If so, you could've easily created a blog post asking users to answer a brief questionair. I am sure you'd have more than enough answers.

TenFour 14 Apr 2018 06:05 AM

Two things. A blog post questionnaire would not be accurate and is easily gamed. A professional survey company will choose a sample that more closely represents the users of Fastmail or whatever subgroup they wish to know more about. Second. There are so many ways to prevent problems with an email address, such as just blocking all incoming email to that address or creating another one since you don't use it for anything except logging in. Just as an experiment, keep this "compromised" address to see if it attracts any email for some reason. In any case, it seems like a mountain made out of a mole hill. I regularly use a Gmail address that has been in the wild since 2004 and has been used on literally thousands of different sites and services, and I have never had a problem. Use a strong password and 2FA and you are good to go.

ragnar 14 Apr 2018 08:33 AM

I'm a longtime lurker who never really intended to ever reply to a post here, but this made me angry enough to register for an account.

Those of you trying to trivialize ferrety's concerns and just telling him to block any new spam resulting from this screw-up by Fastmail are missing the point. As I suspect ferrety does, I have my own domain that I use for email addresses that I give out. My actual Fastmail username, i.e. the email with an address, is NEVER given out to anyone. It is kept strictly confidential and used only as my login username. Fastmail has now bypassed that extra bit of security by giving out that closely guarded secret to a third party without asking permission to do so.

That's outrageous. Fortunately I haven't received a survey request so I don't appear to be a victim of this debacle, but if I had, I would close my Fastmail account and move my domain over to my Runbox account. I may still do it anyway, I'm that angry about reading that Fastmail would do something stupid like that.

pjroutledge 14 Apr 2018 09:23 AM


Originally Posted by ferrety (Post 606176)

They gave out your email too? My login name isn't secret anymore thanks to fastmail. If Experian can get hacked so can their survey company

Not intentionally. There is a quirk with Fastmail Calendar invitations that reveals your login when you use a client rather than the Fastmail website, (confirmed by Fastmail when queried).

As mentioned, if your login was a secret that has been revealed, and that has reduced its value to you, it's simple to change it.

ferrety 14 Apr 2018 01:35 PM

The last contact that this Communications Manager made to me was at 07.33hrs UK time yesterday (16.30hrs Melbourne Australia time). They thought to tell me what I was feeling, apparently I would "be pleased to know" (I wasn't). Also I was told that it was fine because they had told the survey company not to contact me. They seemed to think that made it all ok.

Bron's post here was written nearly five hours later at 12.16hrs UK time (21.16hrs Melbourne time). Making it look like they were talking to me. Yet the CM had ignored me for five hours at that point, it is now over 22hrs since she emailed me. I've barely slept, it wouldn't have killed her to respond to my email were I answered her questions before they left for the weekend.

It is the forum members that have answered one of my questions about changing the primary email now Fastmail have given it out. Thank you to the forum members for that. I had asked the CM this but she hasn't answered.

I had no idea that this person was a CM I assumed from the way she was saying that it was fine because they told the survey company not to contact me that she was a normal support person. Another support person told me it was a phishing email. They said that I had to put the survey email a special folder so Fastmail could see it.
I pointed out that I had already forwarded the email to them with my initial complaint & that another support person had already said Fastmail was responsible.

What bothers me most is the initial response telling me just unsubscribe. I've just told you that you have compromised my account & that is the response.

All times are GMT +9. The time now is 03:42 AM.

Copyright 1998-2013. All Rights Reserved. Privacy Policy