OpenTable - an online restaurant reservation system - is wide open for spamming.
This discovery comes after a flood of mobile phone spam to one of my email addresses - the kind that costs a mint thanks to embedded images and all sorts of other useless but bandwidth-intensive eye candy.
The OpenTable system is wide open for spamming thanks to the company's failure to require confirmation for sign ups. This is a fairly typical oversight when greed trumps common sense.
Sign up for an OpenTable account, sign up for all of their many newsletters, add someone else's email address in the contact field, and the fun begins: OpenTable will start mindlessly spamming your victim.
If the first email or any change of email address required the recipient - or victim- to confirm the validity of the email address, this spam wouldn't be possible. It's also worth noting that unlike most legitimate online registration systems, OpenTable doesn't use a Captcha or any similar technique to try to separate human from machine registrations. This is generally a sign that greed is on the ascendant and common sense got buried in among the dirty laundry.
So what if you're the victim of this type of spam, and don't find much joy in having your cellphone's inbox filled with unwanted ads for restaurants half a planet away THAT YOU GET TO PAY FOR AS PART OF YOUR MOBILE BANDWIDTH FEES?
You can try the unsubscribe link on the junk mail OpenTable sends to you, but that only works per newsletter and OpenTable has a bunch of them. If you've been signed up for more than one, the only way to get at the list is to liberate the offending account. Otherwise, you'll have to wait while OpenTable spams you with each of their newsletters and unsubscribe one at a time. No, it's time to act.
Here's how:
OpenTable uses the email address in each account as the username.
Go to the OpenTable page and click on the Login link. You may have to type in your email address in the username field. That would be the email address that OpenTable has been happily spamming.
Then follow the instructions for re-setting the password. This will generate a reset password email that will arrive in your inbox in a few minutes.
Open this email - click on the Reset Password link - and this will take you to an OpenTable page where you can change the password to whatever you wish.
Once you've done that, you can now log into the offending OpenTable account.
The first tab to head for is My Account: this is where you'll find the list of OpenTable newsletters you're signed up to receive. Uncheck them and - if you're lucky and OpenTable doesn't pull the old 'we reset your account because we know you want to pay for our advertising'...
Finally, prepare an invoice for the data charges incurred when OpenTable spammed your mobile phone without permission, and for the time required to put a stop to it, and mail it to:
OpenTable Inc.
799 Market Street
4th Floor
San Francisco, CA 94103
What's sad is that all of this could be easily avoided if OpenTable applied commonly used techniques to verify that signups are, indeed, both human and valid. They've clearly chosen the more spammy option.-g
Linux and Windows web hosting plans start at just $7.95/mo.