Online dating site Quechup bills itself as the "social networking site that's sweeping the globe," but what it doesn't tell you is that it does so by spamming every Web email address in a member's contact list with invites to join the network, often without their knowledge or permission.


U.K.-based Quechup has quickly garnered a less-than-tasty reputation for sending mass invite mailings that appear to be from the email of a trusted friend.

When a new user signs up with Quechup, they are offered the option to check if any of their friends are already in the network. If a user agrees to import their email contacts into the network, Quechup then automatically mails every Web email address with an invite to join from the user's email, claiming that the user has sent the invite.

Filmmaker and blogger CC Chapman tried out Quechup and found two people on it he knew.

"Fast forward a few minutes and my inbox starts filling up with auto return messages, out of office messages, and all sorts of other things," he wrote on his blog. I couldnt figure out what was going on and it turns out that this system just sent invites to my whole address book without my permission."

I received an invite to Quechup yesterday, which clearly states that "[your friend] has invited you as a friend on Quechup." The invite continues, "You received this because [your friend] knows and agreed to invite you."

As I was already aware of what the online world is calling "the Q virus," I declined the invitation and asked him if he meant to send it.

"No, I did not intend to spam my email list like that. Sorry about the inconvenience," he said.

Taking Advantage Of Trust

Although virtually all of the major social networks require personal information to create accounts, and many offer the ability to import address books and contact lists into user profiles, Quechup actively harvests this information in order to get more members signed up, and uses email accounts from trusted friends and colleagues to do it.

Glenn Finch, vice-president of Quechup's parent company iDate, defended the company's practices in a debate with a columnist for InfoWorld.

"[W]e have never used the words "Share address book" has always been check an address book for who is on Quechup," he wrote. Finch claimed that "[w]e have recently changed how our system works and the wording," but did not provide specifics.

Buried within Quechup's privacy policy are several points which could imply that the user may be agreeing to Quechup's practices when they sign up.

Under "How We Use Your Information," Quechup states that "You agree that we may use personally identifiable information about you to improve our marketing and promotional efforts, to analyse site usage, improve our content and product offerings, and customize our Site's content, layout, and services."

"You agree that in order to assist our members to meet each other we may feature members' profiles on our site and in our editorials and newsletters that we send out from time to time to our members," according to the company's policy.

iDate is also upfront about its efforts to aggressively market Quechup and other products.

"As we move into new markets and add new languages and features, we will launch targeted web sites aimed at new audiences," the company promised. "These will be made available via different domain names, details of all new sites, together with links and descriptions will appear on this website."

Although the connection between improving marketing efforts and sending mass spam emails seems dubious at best, Quechup's actions are marginally legal under British and European Union laws.

Although Quechup's spoofing users' email addresses may violate the EU's directives to protect privacy, actually enforcing the regulations is difficult due to differing regulations between each country regarding "opt-out" versus "opt-in" privacy practices.

What You Can Do


• Be Careful What You Sign Up For. Before giving away any personal information to any online business or social network, go over their privacy policy and terms and conditions with a fine-tooth comb. Don't be afraid to contact them and ask what they do with your data. If they sell it, share it, store it, or do anything you are not comfortable with, don't sign up.

• Check E-mails Carefully. If you receive an email that appears to be from a friend or family member soliciting you to join a network or try out a product, don't respond to that email or open any links in the email itself. Instead, write a separate email to your friend confirming that they sent you the message. If they did not, send the initial email to your "Spam" folder.

• Use Multiple E-mail Addresses. If you're worried about spam or want to retain some email privacy, use one email for friends, one for business, and a "disposable" account that you can use for signing up for online services, conducting banking or shopping online, and so on.

• Let People Know. Quechup's dubious advertising practice has gotten it mountains of bad online and print press. Don't hesitate to write a blog post, send an email, or contact a company to let them know you disapprove of their privacy practices.


More Scam Alerts ...