Viral Optin Generator Warning

 

Another tell-a-friend like Facebook / Myspace / Linkedin etc script seems to have launched today

http://www.viraloptingenerator.com/index.php

This script is different to Optin Accelerator in a number of ways

  • The script is hosted 100% on your server
  • No subscription fee
  • It doesn’t “send home” any date, so it is 100% your responsibility

In theory that makes it almost exactly the same as the scripts used by the big boys of Web2.0 though their servers are less likely to conk out the first time someone with 200 contacts in Gmail uses the script if you are on shared or even most reseller hosting. You would probably have problems on most virtual servers as well.
I don’t know if the service can be configured to use a 3rd party SMTP, whether it uses sendmail, phpmailer, or swiftmailer.

If you are a smart programmer, picking this up might give you a few ideas, but remember

  • It is still against the published ToS of Aweber
  • You are still encouraging people to do something that is unsafe if running an internet business
  • Legal liability – it is you sending the emails – in some ways I would be worried about the claims on the sales letter that it doesn’t keep a record – if you are sending emails there is always a record somewhere, though you are best advised to keep a record of every email you send anywhere.
  • The script needs to be maintained for updates – maybe it will be updated over time, but best to allow for programming time to keep it working.
  • The Plaxo option is free, and maybe safer

I have thought a little more about the suggestion Aweber make about forwarding emails – that is actually unsafe for most email lists, because many readers will also forward unsubscription information. What happens if they forward it when you are price testing? Forwarding effectively encourages public posting.
Maybe it is better to mail the person sending when they use a standard TAF with a letter encouraging they forward that to friends and also the message that goes to their friends.

It is still TAF though, so check with your email service provider.

 

Liked this post? Follow this blog to get more. Follow

Comments

  1. says

    Hi Andy,

    Ken Reno here, partner on the Viral Optin Generator.

    First of all, I thank you for your review of this product,
    it’s always good to get an objective perspective.

    I would like to add some information for you that I think
    may be helpful in your assessment in regards to your warning.

    # It is still against the published ToS of Aweber

    Viral Optin Generator has no interaction with aWeber.com,
    and aWeber.com, nor any autoresponder is used for this script.

    # You are still encouraging people to do something that is unsafe if running an internet business

    The tell-a-friend process has been around for a decade now
    online, and is used on perhaps millions of websites, blogs,
    and newsletters. It’s not just the major players using this technology, it is now available to the masses.

    There is risk at every level of communication online, but
    the messages sent using our script are only to existing
    contacts in users address book.

    # Legal liability – it is you sending the emails – in some ways I would be worried about the claims on the sales letter that it doesn’t keep a record – if you are sending emails there is always a record somewhere, though you are best advised to keep a record of every email you send anywhere.

    Sure Andy, I would always worry about that too, but I think
    the misunderstanding is that our claim is not that it keeps
    “no records” (because as you said – everything online has a
    record) – but the fact is, that our script collects no
    records, and stores no information that is pit in the form.

    The information is the user’s email login, and password.
    That is not stored, and no records of that information is
    kept by this script, ever.

    # The script needs to be maintained for updates – maybe it will be updated over time, but best to allow for programming time to keep it working.

    Any software that interacts with another website will need
    possible updates over time.

    We will be supporting this script, and issuing any needed
    update immediately if there is ever a login change at any
    of the mail providers.

    Both my partner and myself have been in the marketing world
    for several years, and assure you that we are here to work
    with our customers, and provide solutions that we can be
    proud of, and that help our clients reach their online business
    goals.

    Thank you for pointing out that our script is 100% hosted
    on users server, and that no information is ever sent to
    us at any time, for any reason. The script is unencrypted,
    so this can be easily verified.

    Again, thank you for the review Andy, I hope my response
    has given you a better understanding of exactly how our
    script differs with every other solution out there. Please
    know that our aim is to follow feedback, and make this the
    best product it can be, and a step above the competition.

    Yours Truly,
    Ken Reno

    • says

      Ken I know you have been around a long time, but scripts like this are dangerous.

      I didn’t check the terms and conditions of each service as Robert Plank did with Optin Accelerator, but by giving a Gmail password you are also giving access to everything to do with your online business.

      Email
      Adwords
      Adsense
      Google Analytics
      etc etc

      I have spoken out about this regarding LinkedIn, they added a contacts import facility which at least is a small step in the right direction, but I strongly advise all my readers never to give anyone their login details, even if they are trusted.

      I have passwords such as Google access encrypted on my HD with a 16 character key.

      You are selling this to internet marketers who generally haven’t got a clue about security.
      Frequently they are running other insecure scripts on their servers, such as WordPress.
      As it happens Anik just reviewed a blog on BlogClassroom, and he forgot to spot all the viagra spam from the blog being hacked. I think Anik knows more than your average internet marketer.

      If someone hacking discovered a script like this on a server, they would be crazy to spam it with viagra links.
      Far better to hack the script to send the password details to a remote server and have some fun with them.

      Last person I know who had their Gmail hacked had their blog domain transferred to another owner and held effectively for ransom. He was lucky…

      If at some time in the future all the major email services offer a token system to access contact information under Data portability agreements, then this kind of script might be viable, because then it is just the email contacts that might be accessed.

      Until that time, you don’t give a baby razor blades to play with.

    • says

      The tell-a-friend process has been around for a decade now
      online, and is used on perhaps millions of websites, blogs,
      and newsletters. It’s not just the major players using this technology, it is now available to the masses.

      If I asked you for your Gmail username and password, are you going to tell me? Is my server safe and secure? what if I was to hack your script so it did store the passwords? here is an interesting question, if I did modify the script and some one sued you how would you react?

      Sure Andy, I would always worry about that too, but I think
      the misunderstanding is that our claim is not that it keeps
      “no records” (because as you said – everything online has a
      record) – but the fact is, that our script collects no
      records, and stores no information that is pit in the form.

      You are aware there are a host of legal reasons why you have to maintain records, from data retention laws here in the UK, to CAN-SPAM and COPPA regulations in the US. Without maintaining such records you leave yourself open to law suit. So while it would not be wise to record the passwords the actual mail and information sent out should be recorded, of course then you get into the realm of data privacy.

  2. says

    I haven’t even heard of this type of generator before.. but I guess that’s why I read you blog Andy!

    However, it looks fantastic as I’ve often wondered about how MySpace/Facebook/etc does it.

    Will look into and may purchase!

  3. says

    Andy, interesting points. You are, by nature, much more cautious then I. :-)

    The most likely problem someone will encounter running a script like this is having their domain on the SPAM blacklists, as people receive the messages sent by their friends and then marking as SPAM, and that’s something one needs to consider before implementing such a script. It can keep you from getting in touch with valid, interested recipients later on down the line.

    There’s a lot of other things that *could* happen, (hacking a server, hacking another insecure script to gain access to server, etc.) but I don’t believe it’s Ken’s responsibility to account for it all (that would be impossible).

    That being said, *I* don’t give my Gmail login info out, anywhere. :-)

    -Michelle

    • says

      Certainly there is a lot to be said in risk taking.

      I am the guy who packed his bags and moved to Poland

      I know Reed’s script is being used in one upcoming product launch, which is the primary reason I haven’t written about it.

      I think there is a big difference between finding friends you already have on a particular social network, and using it to encourage others to join.
      Recent social networks doing something similar indiscriminately got totally slammed.

      I am sure something like this will work gangbusters on your Myspace clients.

      Just imagine something like this was stuck on a “mail this link to a friend” for a blog post – it would be fairly devastating to all but a dedicated server.

      I can just see it coming – 3 friends is just not enough

      “Mail this to at least 100 of your friends to receive the second part of this tutorial where we reveal….”

      Add in an Ajax counter to see how many you have ticked so far, and also send the emails without refreshing the page, with the reward link appearing immediately.

      Add in a “Downspam” where they only have to send 50, and they just get the audio without transcript.

      Add in the “Upspam” for those who sent the message to 100, as they might send you another 100.

      Wouldn’t it be so much easier to say on the thank you page “Refer 50 friends and get a free upgrade to Gold member status, just forward the introductory email we sent you to them” ?

  4. says

    # Andy Beard: It is still against the published ToS of Aweber.

    # Ken Reno: Viral Optin Generator has no interaction with aWeber.com, and aWeber.com, nor any autoresponder is used for this script.

    Ken,
    so what? Did you read Aweber’s ToS, policies, and comments from their top level executives on their Blog? I personally did, and I had correspondence with AWeber in that matter.

    Bottom line: Everybody, who uses TAF in any way to drive visitors to an AWeber opt-in form bears the risk of loosing the AWeber account. It’s not YOUR definition Ken, it’s AWeber’s.

    It drives me mad that so many TAF script/service providers claim, “This works with AWeber…”, and herein put their users in a potentially dangerous situation. That sucks, sorry.

    On the other hand I have to blame AWeber for not stating their TAF terms precisely enough! There is indeed some room for speculation and interpretation. –John

  5. says

    Thanks for all the feedback guys!

    I agree that there are risks with any online script,
    and there is a *potential that this product could
    be abused – just like any other ethical marketing
    tactic.

    There’s a ton of great info to read here on your blog
    Andy, I’m glad I discovered it!

    If you, or anyone, has any suggestion to improve this
    product, please contact me directly – my toll free #
    is on the site, as well as my helpdesk link.

    Thanks again Andy for sharing your expertise, I look
    forward to being a daily reader to your blog. :-)

    Talk soon!
    Ken

  6. says

    We have great respect from all of you that have commented here, so, your opinions matter.

    We looked at this and ran the other way! Why take the risk when there are far better options available?

    Ken you have a lot of great products that we use, but, like Michele, we will walk the edge only when it is pretty solid ground.

    Great topic Andy!

  7. says

    My advice is never to give out your login details. It may in many cases also violate the TOS, since you are most often not allowed to give out your login data. Furthermore, I would certainly not trust a person who makes my emailaddress available to send mass mail.

    To use this kind of script on your server you certainly need to be a security expert, to prevent the script from beeing hacked. Security is a very complex task.

    It is also a huge risk that your mailserver ends up on Spamhaus and SpamCops backlists.

  8. says

    I agree with Karl. Giving your login/contact details to any program/service, except the one the details are created in the first place is a bad idea least to say. Not storing data is a poor excuse for lack of security. Problem is not that you can compromise yourself through such a service. It’s your head you can bash it wherever you want, but you can compromise your contacts too. I’ve had one of my servers hacked several months back and I have since reviewed many security issues throughly and not taking any risks especially conceptual ones.

Trackbacks