How to Create a "Bcc" E-mail List

The simplest way to create an e-mail list for Internet activism is to use your regular e-mail software. The most common products you might use are Qualcomm's Eudora, Microsoft Outlook, or Netscape Mail. To create your own e-mail activism list, you will need to be familiar with two features of your e-mail software: the address book and the "Bcc" field.

Using Your E-mail Address Book
Most e-mail software programs have a feature that lets you set up an address book where you can store the e-mail addresses of friends, relatives, and business associates. Most e-mail address books will let you store hundreds or even thousands of names, making them a useful tool for creating a simple announcement-only e-mail list that you can use to send out action alerts, press releases or e-mail newsletters.

For example, if your organization occasionally sends out press releases, you can set up an address book entry labeled "Media" to store the e-mail addresses of reporters and editors so you won't have to send individual messages to each of them.

Using the "Bcc" Field
When the e-mail addresses have been entered in the address book, your list is ready to use. But you'll want to send messages to the list without disclosing any of the recipients' addresses. So if you haven't already been introduced to the "Bcc" field, it's time to get acquainted.

When you open a "New Message" window in your e-mail software, the message form will usually include a header that looks something like this:

To:
From:
Subject:
Cc:
Bcc:
X-Attachments

(Note: In some e-mail software, "Bcc" is not included in the default setting of the header display. If you don't see it, try looking for a "Preferences" or "Options" menu, or check the "Help" file or the User Manual that came with the software, or contact the software company's support service by phone or e-mail.)

Here is how you can send a message without revealing the recipients' e-mail addresses: Type "Alert List Example" in the "Bcc" field of the message header (instead of in the "To" field) and type your own e-mail address in the "To" field. When the message is sent, it will appear to have been sent from and received by you, and will look something like this:

To: janedoe@anygroup.org
From: janedoe@anygroup.org

Subject: Action Alert: Paratransit service threatened
Cc:
Bcc:
X-Attachments

Always use the "Bcc" field if you send e-mail to a list you've created in your address book!

Using the example above, if you had typed "Alert List Example" in the "To" or "Cc" field, all of the recipients' addresses would have been displayed when they opened the message. There are two problems with this. First, some people prefer not to disclose their e-mail address. Second, if the address list is long, the header will be long. This is annoying to some people because they have to scroll through screens full of addresses before they see the message. If your list contains several hundred addresses, just imagine how annoying it will be to scroll through all those screens! Here is an example of an e-mail message from someone who neglected to use the "Bcc" field:

From: "Jane Doe"
To: James King , Alan Williams ,Dave Garrison , "Jennifer Reilly" ,"George Kelly" , "Thomas Jones" ,Gina Rogers , Dan Stevens ,Vincent Davis , Ron Butler ,"Marc Smith" , Tony Altura , "Michael Milton" , Peter Boyd , "Susan Smith"

Here, we show the steps involved in setting up a distribution list in Outlook, and then generating a "Bcc" e-mail message.

Step 1: Click to open the address book. In the "Select Names" window, click "New." In the "New Entry" window, click "New Distribution List."

Step 2: In the Distribution List window, type in a name for the list. In the "Add New Member" list, type in a new name and e-mail address to add contacts that are not already in your contact list.

Step 3: To add names that are already in your contact list, click "Select Members," highlight the name you want to add, and click "Members."

Step 4: To send a message to the distribution list, click on the "Address Book," select the distribution list from the "Select Names" window, and click the "Bcc" button. Use your own address in the "To" field of the message.

Privacy, Security, Copyright, and Censorship

Privacy

Mailing list privacy issues
All mailing lists (also known as listservs) are managed via e-mail - a form of communication that is inherently insecure. Sending mail via the Internet is like sending a postcard through the post office - given the time and resources, anyone who wants to read your mail can do so. So the tips below will not completely ensure secure and private mailing lists.

One way that you can circumvent some security issues is by using Web-based commercial list services. These services often provide all the capabilities of commercial mailing list software - mass e-mailing, easy subscription and unsubscription procedures - with easier management, better security, and extra options like archival abilities. As noted, however, while these services are usually free there are some drawbacks. The companies that provide them attach short advertisements to the top or bottom of all mailings, and most include terms of use that give the service ownership of the content of your lists. You can find a listing of "community groups" in the Yahoo! Internet Directory.

Tips for operating your organization's list:

• Encourage people to use "disposable" e-mail addresses when signing up for your mailing list. (See "Tips for Mailing List Members," #1, below, for information on "disposable" e-mail addresses.) While this policy is impossible to strictly enforce, you can promote it by suggesting it on the mailing list sign-up page of your Web site and other written material that includes information about signing up for your organization's list.
• Hide the list membership when you configure the list. Unless the list administrator explicitly disables the ability for outsiders to view the list membership, anyone on the Internet can view the entire membership of a mailing list with a simple e-mail command.
• If your list is used for announcement purposes rather than open discussion among members, you'll want to configure your list to restrict posting privileges. Allow only staff members or trusted volunteers to post to the list, rather than allowing all subscribers to post. This will help prevent spammers or e-mail harassers from attacking your members.
• If your list is used for open discussion among members, you'll want to configure your list to be moderated. Designate a staff member or trusted volunteer to serve as moderator and approve every post before it is sent. This will help prevent spammers or e-mail harassers from attacking your members.

Tips for mailing list members:Use a "disposable" e-mail address when signing up for mailing lists. "Disposable" e-mail addresses minimize the risk in the event an unauthorized person gains access to the list membership.

A good "disposable" e-mail address has two characteristics: strangers cannot easily gain information about the sender merely by looking at the address, and the "disposable" address is separate from a personal or work e-mail address. The e-mail address "audrie@netaction.org," for example, would not make a good "disposable" address, because strangers can easily decipher that the address belongs to someone at NetAction whose first name is Audrie.Good places to obtain "disposable" e-mail addresses are web sites that offer free webmail, such as Yahoo! or Hotmail.

• Consider using a "screen name," rather than your real name or a combination of your initials and name, when subscribing to mailing lists or posting to newsgroups.

World Wide Web privacy issues
The Internet allows users separated by thousands of miles to communicate instantaneously, and the physical distance between users can lead to a false sense of security. In reality, the World Wide Web is highly insecure.

Secure Sockets Layer (SSL)

SSL is an Internet standard that provides for the safe transfer of personal information, such as a credit card number, over the Internet. It does this through encryption, a process that scrambles the information you type on a Web page into a code that can only be read by someone with the specific key to unlock that code. When directed to a Web page using SSL, your browser will automatically encrypt all information that you submit to the Web site. Any time you are asked to provide sensitive personal information on a Web site - such as your credit card numbers or home address - you should use a secure Web site, as explained below.

If you're using a web site for Internet advocacy, you may want to look into encryption of some or all information - names, credit card numbers, etc. - that people may type in on your site.

Web site privacy policies

Any Web site that asks you for information should explain its privacy policy and tell you up front what it intends to do with that information. A good privacy policy will tell you exactly what information the Web site collects from visitors, as well as how that information will be used. For example, if the Web site includes a mailing list sign-up form, the policy should disclose whether your address will be shared with other Web site operators without your permission.

Your web site should have a privacy policy, and state it clearly.

Examples of robust privacy policies include:

Computer Professionals for Social Responsibility (CPSR)
People for the American Way (PFAW)

Spam
When not referring to the canned pinkish meat, "spam" refers to the mass mailing of unsolicited e-mail. ("Spam" also refers to the unsolicited or junk e-mail itself.) Like traditional junk mail sent through the post office, spam is annoying and wasteful, and at times deceitful or offensive. Examples of spam include e-mail advertisements for consumer products, pornographic material, and get-rich-quick scams. Internet hoaxes, the virtual equivalent of urban legends, are another form of spam, as is unsolicited political e-mail.

Sometimes it can be hard to determine whether a particular e-mail message is spam or is useful, wanted information posted to a mailing list for outreach purposes. If you manage a mailing list for your organization or your own personal activism, use the tips below to make sure that you don't alienate your subscribers by sending them spam.

How to avoid becoming a spammer
Don't send out unsolicited mass e-mailings, or subscribe people to mailing lists without their permission.

Never post action alerts to e-mail discussion lists or news groups on unrelated issues. If your action alert is about clean air, you're likely to get flamed if you send it to a discussion list focused on free speech.

If you want to create your own mailing list, start by sending a message to appropriate discussion lists and newsgroups, announcing the new list and inviting people to subscribe. "Appropriate" means the topic of the discussion list or news group is related to the issue you address in your message. Be as specific as possible about the topic and how the list will operate. Will it be an unmoderated discussion list, or a moderated announcement list? Will there be several postings daily, or one posting every few weeks?

Avoid using the "To" and "Cc" fields when sending messages. Put your own e-mail address in the "To:" field and use the "Bcc" field for all the other addresses.

Security
As information technology has become increasingly important to the mission of many nonprofit organizations, so too has the need for computer security. Although the focus of computer security concerns has primarily been on the potential threat to corporate and government computer systems, computers are no less critical to the operations of nonprofit organizations devoted to serving the public interest. Moreover, many nonprofit organizations lack sufficient financial resources to recover from a cyber attack.

Some risks are obvious:

• Without daily backups, an organization may lose important data when a hard drive crashes.
• Without regular updates, anti-virus software cannot protect an organization's computers from newly released viruses and worms.
• Without a firewall, malicious hackers can use an organization's server as a spam relay or a launch pad for a distributed denial-of-service (DDOS) attack against a corporation or government agency.

Other risks may not be as obvious:

• Without adequate password protection a disgruntled employee could retrieve addresses from an organization's database and send threatening letters to donors.
• Without encryption, a nosy volunteer could access an organization's personnel records or confidential files.
• Without off-site storage of backups and a data recovery plan, electronic records could be permanently lost if an organization's computers were destroyed in a fire or other disaster.

In the winter of 2001-2002, NetAction conducted an online survey of security practices in nonprofit organizations to find out what nonprofit organizations are doing to prevent cyber attacks. We published the survey results in January 2002. Our checklist of cyber security practices can help you assess and improve your organization's computer security practices.

Copyrighted Material on the World Wide Web
Copyright laws apply to material published on the World Wide Web just as with books, articles, CDs, and videos. But many Web pages lack explicit copyright notices that inform visitors of what may or may not be downloaded or posted elsewhere, for public or private use.

When creating a Web site containing original material, it's a good idea to post a copyright policy in an easily noticeable spot. An example of an extensive copyright policy can be found at the Medical Library Association's Disclaimer and Notice of Copyright.

The "Digital Millennium Copyright Act" was enacted in October 1998 specifically to address Internet copyright issues. For more information on the DMCA, please visit the Association of Research Libraries' summary of the bill and an analysis of the bill.

What Web material is copyrighted?
Unless explicitly stated otherwise, all original content on a Web site is copyrighted to the creator or owner of that Web site. If you would like to use content, text, or graphics from someone else's web site, both common courtesy and the law dictate that you must first obtain that author's permission.

Web page addresses are merely links and cannot be copyrighted. However, a collection of links that an author compiled may be copyrightable, since it would be the author's original collection.

Because of the nature of the Web, it is not always easy to determine exactly what content on a Web site is subject to copyright laws. For some practical tips for dealing with copyrights on the Web, visit The Copyright Web site.

For more information on copyrights and the World Wide Web, see the following sites:

Business Resources: Understanding Intellectual Property - This site provides a brief overview of the concept of intellectual property and the practices employed to protect intellectual property rights.

Intellectual Property on the Web - This site addresses several problematic questions having to do with copyrighted material on the Internet.

Copyright and the World Wide Web  - The Information Architecture division of the Los Alamos National Laboratory has written this short article on copyrights and the World Wide Web.