You need to manually cut and paste your list and my browser was crashing when we tried to do 500 or more. And you need to type out the same silly message over and over about the list details every time you cut and past.

We asked about having them do the list upload and got a boilerplate response like a day and a half later about cutting and pasting which we were already trying to do.

In my view Aweber gives us the sense of being more geared towards folks peddling ebooks, information reports, etc.

We went with iContact which has a discount ending today and so far great.

These folks have their own survey built in. Aweber uses a jury-rigged solution patched into another software that is clumsy in my view. Finally Aweber’s security breach and the way they handled it sealed our decision to stay away.

We checked out GetResponse but their terse support messages which we were able to dig up turned us off.

MailChimp looks good but the name just does not ring a dignified tone for a well established business ;o)

Infusionsoft being one that I have confirmed.

I suspect all these service make use of some a common 3rd party product, which is what aweber is blaming for the breach.

Yes – they owned up to the source of the problem. That’s admirable.

Yes – they posted a detailed blog post going into the specifics about how it happened and what was being done to prevent
further issues. Great.

However, where they completely missed the ball was in actually empathizing with the IMPACT this admittedly inadvertant slip-up
has caused their customers and the subscribers of their customers.

I got the AWeber announcement within minutes of it being posted on Twitter. The original blog post didn’t even have an
apology on it at all – no ‘sorry’ (the lame ‘We’re sorry’ was only added later).

However, in their defence I guess that they had 1001 fires to put out then (and now) at AWeber so they likely weren’t thinking
fully straight at the time.

Sorry doesn’t cut it. So what does?

Empathy.

Let me dimensionalize the impact this AWeber faux pas has had on me and likely to some of my subscribers as well.

For years I’ve had a 100% spam-free private e-mail address that is now receiving not just spam, but foul pornographic spam.

I used to have peace of mind that I could open up my private e-mails and no spam would be present.

That’s now gone.

My vital business and previously spam free e-mail addresses of support@domain.com, paypal@domain.com, etc are now receiving
the same pharam spam.

Before this issue, I knew that if my iPhone beeped, either an order had just come in or a valued customer required support.

Now that’s gone too.

I can’t terminate these vital business e-mails without major disruption in the interim.

My GMail addresses are also getting spam too.

Comprende now AWeber?

Can you see how AWeber’s blog apology of ‘We’re very sorry this occurred and may have affected you.’ is almost completely
inadequate?

If there’s a real issue – address it. Don’t shine over it with inane one liners.

In addition to lacking empathy, AWeber’s response time to the issue was too long. Note that I was not expecting a definitive
answer within minutes, but I was expecting a Blog or Twitter post on Friday/Saturday saying that they were aware there was
a problem – somewhere – and they were taking their time to thoroughly investigate the root of the problem to see if they
were even the source.

Making the correct diagnosis on Monday was great. But not acknowledging a problem existed in the meantime was not a
good idea from a customer relationship point of view.

So, more communication so customers don’t feel in the lurch whilst the issue is being investigated and dealt with.

A simple ‘We’ve heard there could be a problem. We don’t know if we’re even the source. We’ll report back as soon as
we know.’

(That’s 140 characters and could fit on a Tweet!).

Here’s what else AWeber could have done but as yet have not.

They could have proposed some potential solutions that their customers could implement to deal with the spam that AWeber’s
inadvertent system lapse has caused.

Yes the spam horse has bolted but there are ways of dealing with it.

Admit the problem – yes. But also point to useful solutions for customers too.

(As a former engineer, I’m decent at problem identification but I’m also obsessed with the more important part of actually
finding solutions).

For example, here’s ONE potential solution that I’m testing to clean my own inbox of the pharma spam from this issue…

(It’s worked with one of my forwarding e-mail addresses so I’ll transfer the others over today).

GMail seems to be very effective at picking up the spam and consigning it to their spam folder. Luckily, the current spam is
so blatant that it’s all getting filtered by GMail into spam automatically – so far.

Therefore, I’ve created a unique GMail account to ‘wash’ the mail.

Here’s specifically what I’m doing:

1. Forward E-mails from My Domains to GMail

I’m forwarding all of my own domain e-mails to the newly created GMail account. This ensures that the current spam gets filtered
into the GMail spam folder.

2. Forward E-mails from GMail to Unique Domain E-mail

I’ve now created a unique e-mail address on my domain and all of the cleaned e-mails are being forwarded from GMail to my
new e-mail account.

So, the process is:

All Email -> Forward to GMail -> Forward to Unique Domain E-mail

Result: Cleaned up inbox once it gets to my end.

Sure it’s not ideal because I’m now relying on GMail in the process of getting my own e-mail but it’s working for the blatant spam
for now. This way, I don’t get to see the filthy spam (unless I go looking into my Gmail ‘washing’ account).

So, why couldn’t AWeber have suggested something like this?

Understandably too busy at the moment.

I began moving my lists over to Infusionsoft back in April and the transfer was fully completed around 2 weeks ago before this
AWeber issue even came up.

Ironically, AWeber is probably now one of the safest places to have your list from now on as I’m sure that they’ll be hyper-paranoid from
here and will have multiple systems in place to make sure that the locks are never off their doors again.

This could have happened to any third party autoresponder service.

Remember, that the spammers only have to be lucky ONCE and the service providers have to be luck ALL THE TIME.

I hope this post is helpful for you.

Dedicated to your success,

*Shaun O’Reilly

Best to have disposable webmail addresses for newsletters etc, which is what I do.

I won’t be unsubscribing from Problogger and I won’t be moving my business away from Aweber.

My concern is that as systems/databases become larger, and store more kinds of info about you, what is the potential harmful effect if it is “compromised!” In this case, not much.

Some of the “knee-jerk” unsubscribe actions are no lose… they were probably looking for a reason before the spam! As long as the responsible weakness has been identified and corrective action taken, ALL IS WELL again. 8-)

Unless we delve into the depths of a product or service (e.g. raw code), our knowledge and experience that lends to our recommendation can never be totally complete. Yes, we feel like we have let down our friends, known and unknown. Friendships and working relationships are based on trust, honesty and knowing that there is no ill intention.

Each of us still have a responsibility and the ability to go further in research if we truly want to know that a product or service is ‘completely’ secure. But we can’t stand guard on each and every one 24hrs/day.

Evaluate. Make Changes. Move On.

Thanks, Darren, for being honest and a good friend even if we don’t personally know each other. I remain SUBSCRIBED!

It’s like the old trick of submitting rebates or such with a different middle initial; if the only people who know me as “Eric Z. Larson” are the folks at Acme Corp. to whom I sent a rebate, and all of a sudden I start getting auto-parts catalogs sent to Eric Z. Larson, then I know that Acme Corp. sold my address to auto-parts companies.

It’s not an incredibly common practice, sure, but there are enough people out there who know the tricks of unique addressing (especially those of us who own our own domains) that it is indeed possible to see who’s SPAMming (or whose databases have been hacked).

The latter point is an interesting one; I’ve seen unrelated SPAM (ranging from useless to vile) coming from at least two legitimate (albeit small) companies from whom I’ve purchased products over the years. Obviously, something happened to their database the same way it happened to Aweber. I’ve turned off those addresses and chalk it up to life on the internet… because those companies don’t pretend to be “professionals” in the e-mail business. (But Aweber did claim that very thing, and was far from transparent when this story first broke.)

Anyway, I digress. :) That’s how your subscribers make the connection to your list: If they give you an address that they didn’t give to anyone else on the planet, and that address suddenly starts getting SPAMmed, you’re going to get blamed.

So, how is it possible that your list connects these spam with you, if no identifying info to Aweber, or you would be in the emails??

Just curious what is going on…

Thanks, Ruth

Aweber has helped make ALOT of $ for people, so while I believe they have a PR nightmare at present, they should be forgiven for this mishap…

Warm holiday greetings to ALL,
Brian-

I say chalk it up to ‘stuff happens’. Everyone has done the right thing. Transparency reigns, the truth is out and acknowledged and the problem attended to. The aftermath is being dealt with by those affected and will soon be past. This is not the first or last time this happened.

Thanks Darren

Alexander Irving

Anyway, nothing is perfect in this world. Hackers are getting smart day by day

After all this, I still believe AWeber is one of the best autoresponder service so far

They have fixed their system, right? I kind of hope they did…

-Kris Roxas

So, using a reliable service is vital…

Thanks for the update Darren!

Merry Christmas to you and your family from Singapore :)