Boy, spammers these days are getting creative and sneaky. I just received an email that told me someone had sent me a greeting card using GreetKing.net. Now, the first thing that made me suspicious is that the e-mail didn't say who the card was from-- didn't offer a hint of any kind. Well that, and the fact that I've never heard of GreetKing.net. Ok, so I click through (I was hoping this would be 'safe', since the URL was just an HTML page-- although, it is possible they could track that click-through and verify that my email address was valid, etc.) and am presented with a page that requires me to enter my e-mail address "for verification".
Before continuing, I decide to browse around their main site-- it immediately asks you to "login" using your e-mail address. If you aren't a registered user, just enter your e-mail address anyway. Starting to see a pattern here-- they really, really want e-mail addresses. Also, the "login" page didn't have any password field-- it just wanted your e-mail address. So, I login with "firstname.lastname@example.org" and am then presented with a demographic survey where I must specify the following fields: age, gender, marital status, education level, residential status, annual income and at least one thing from their list of interests. First and last name were the only fields not required-- I guess they don't want to get that personal.
After this, I get a page of several (8) greeting cards of varying subjects-- "Friend", "Romantic", "Mother", "Father", "Son", "Daughter", "Brother", "Sister" are the headings. Each card had a mini-form underneath for you to quickly provide first and last name, e-mail address and a short message to accompany your card. For those mini-forms, the only field that is required is e-mail address of course-- submitting the information immediately brings you right back to the same page so you can send out some more greeting cards.
So I decide to try something-- I went back to the "greeting card collection" page I went to at first, and entered my "email@example.com" e-mail address to collect my card. I was expecting to see some error like "The e-mail address you have entered does not match the retrieval code you provided." or something along those lines. Instead, I saw "my" greeting card-- it simply had the message "This card is too funny. Enjoy. PS. Pass it on.". The card was from "Database Error: Illegal characters in field [sender_name]"-- how convenient. Oh, and the card that I got was the one for the "Sister" category-- last time I checked, I'm not anyone's sister.
Then I tried retrieving the card using some other address-- like "firstname.lastname@example.org". This time, instead of showing me the card, it presented the same demographic survey (since the e-mail address wasn't already in their system I suppose).
I did a WHOIS lookup on greetking.net and found a contact name and e-mail address there. So I decided to register them for their own site. They weren't already registered, so I filled out the form on their behalf-- I made their name "Stupid Spammer" to kind of get my point across. I also checked each of the interest fields (I hope there is a separate spam database behind each of those!).
Anyway, my point to all of this is that you need to be very careful when disclosing your information to sites like this, especially if you came across the site by means of spam. If they spam, then chances are that entering your information (and/or the information of your friends and family) will only increase the amount of spam you receive.
I should point out that GreetKing.net does at least have a privacy statement. Here are some excerpts:
Greetking.net automatically collects and/or tracks (1) the home server domain names, IP address, e-mail addresses, type of client computer, and type of Web browser of visitors to Greetking.net's Web site, (2) the e-mail addresses of visitors that communicate with Greetking.net via e-mail, (3) information such as personal, financial or demographic information, knowingly provided by the visitor in on-line forms, registration forms, surveys, and sweepstakes entries, and (4) information, either in the aggregate or user specific, on what pages visitors access.
Will GreetKing.net use my e-mail address for additional marketing?
Personal data collected by Greetking.net will be used by Greetking.net for ... marketing and promotional purposes ...
Will they share my personal information with others? Why yes, of course:
Greetking.net reserves the right to post collected data on Greetking.net's Web site, or share, rent, sell, or otherwise disclose data it collects to third parties.
Well, at least their privacy statement is honest.