BINUS English Club (BNEC) sends marketing information without my permission.

From https://reinhart1010.id/blog/2021/10/27/bnec-marketing-without-permission. Scan the QR Code to view the article on your device or web browser.

QR Code
1 Content may subject to copyright. Visit the original website to view copyright and licensing information about this content. QR Code is a registered trademark of DENSO WAVE, Inc. in Japan and other countries. Generated on 2024-09-17 22:15:56.

It's a regular day at home, opening Zoom for attending classes, then I suddenly received a new email later on the day:

Oh hey, it's an email promoting one of the events organized by one of the official Student Organizations in BINUS University, and this time it's BINUS English Club (BNEC) for their National English Olympics (NEO) 2021!

Of course, they are sending this promotional email to my work email address. Yeah, that @binus.ac.id one. But soon, I realized I never give any of my email addresses, personal or work, to them or their websites! As some of you might know, BNEC manages a handful of events on their websites at www.mybnec.org, like:

The problem here is not just because they are sending promotional emails to me without permission, but also because they're sending it multiple times! The oldest email I got related to BNEC dates back to January 2021, while each year, official student organizations in BINUS University often change their leadership on early February. So there's an indication that BNEC have been practicing this trick for years, scraping a list of BINUS University student emails, and using a bunch of available email addresses from their activists just to send marketing information like this:

And surprisingly, I never received similar email addresses from other official Student Organizations, like BNMC (BINUS Mandarin Club) or BNCC (Bina Nusantara Computer Club) who are as active as BNEC in promoting their events. And if they have, they're most likely broadcast it through the official Microsoft Teams group to promote student organizations to freshmen in BINUS University's First Year Program (FYP).

Did I do the same thing in HIMTI BINUS University?

As the current Web Development Division manager of HIMTI (Computer Science Student Association), yet another official BINUS University Student Organization, I have to admit that we frequently collect email addresses through registration forms for our events. But unlike BNEC, we never send any marketing information to those email addresses, even though there's a couple of exceptions:

Why do I publish this complaint publicly?

I have sent my complaints to BNEC and respective individuals who are participating to send those emails for a total of three times, and none of them replied to me. While BNEC themselves ranks higher than HIMTI in general (according to internal rankings by BINUS University's Student Club and Activity Center), this is, again, a bad and malicious attempt of marketing. I have to point out that you might be sued if you do that amongst students in the European Union. No, seriously.

I've also shared similar complaints to other students (who are neither a BNEC leader nor activist), and one of their first replies is that, "are you just mad because HIMTI fails at event marketing?" No, this is entirely a different problem. It's something related to data protection. Even in recent months, the folks at HIMTI BINUS have been successfully promoting TECHNO 2021 to our freshmen of School of Computer Science, making TECHNO 2021 the largest, either online or as a whole, event (by number of attendees) in HIMTI BINUS University!

I'm also aware that official departments and "centers" (e.g. Student Development Center and BINUS Entrepreneurship Center) in BINUS University often send similar, marketing information to students like me as well. However, I don't consider that much as a problem since many of the emails received and events offered are related to my current college assignments, and they are organized by BINUS University (or the BINA NUSANTARA Education Foundation) and still regulated by them including things related to data collection and protection.

I was aware of a specific case where someone, allegedly working in the Admissions department, sent a WhatsApp message towards many students, just wanting them to "like" a specific Instagram post in order for him to win an internal competition in BINA NUSANTARA Education Foundation. Since the person have collected and used my personal data (which in this case is my WhatsApp phone number) for personal intentions, I have reported this incident to the competition organizers and they have forwarded the issue to the committees.

However, BNEC is not organized by them, and instead they are organized by a group of university students, aiming for bachelor degrees, while still being mentored by Student Club and Activity Center. If they're capable of scraping and marketing to BINUS University students this way, they're likely to do the same with the general public in the future.

As an additional proof of this, I also viewed their plain-text email headers just to find out that they never (or falsely) included recipient details, or in other words, they never state to whom they're sending it, specifically:

Content-Type: application/ms-tnef; name="winmail.dat"
Content-Transfer-Encoding: binary
From: SHARENDEEP <sharendeep@binus.ac.id>
Subject:
 =?utf-8?B?4p2X77iPIOKcqCBXRUJJTkFSOiBNQUtFIFlPVVIgT1dOIFBST0ZJVCwgQ0FQ?=
 =?utf-8?B?SVRBTCBNQVJLRVQ6IERFVkVMT1BJTkcgQU5EIFVOREVSU1RBTkRJTkcgSU5W?=
 =?utf-8?B?RVNUTUVOVCBBQ1VNRU4g4pyoIOKdl++4jw==?=
Thread-Topic:
 =?utf-8?B?4p2X77iPIOKcqCBXRUJJTkFSOiBNQUtFIFlPVVIgT1dOIFBST0ZJVCwgQ0FQ?=
 =?utf-8?B?SVRBTCBNQVJLRVQ6IERFVkVMT1BJTkcgQU5EIFVOREVSU1RBTkRJTkcgSU5W?=
 =?utf-8?B?RVNUTUVOVCBBQ1VNRU4g4pyoIOKdl++4jw==?=
Thread-Index: AQHXylG/basPtph3g0SwTw0mMxfHkQ==
Date: Tue, 26 Oct 2021 10:14:38 +0000
Message-ID:
 <SI2PR01MB39291354C733B35CA2E9F83581849@SI2PR01MB3929.apcprd01.prod.exchangelabs.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-Exchange-Organization-SCL: -1
X-MS-TNEF-Correlator:
 <SI2PR01MB39291354C733B35CA2E9F83581849@SI2PR01MB3929.apcprd01.prod.exchangelabs.com>
suggested_attachment_session_id: 62d27b03-8a1e-af01-0aae-e9bcd4516925
MIME-Version: 1.0
X-MS-Exchange-Organization-MessageDirectionality: Originating
X-MS-Exchange-Organization-AuthSource:
 SI2PR01MB3929.apcprd01.prod.exchangelabs.com
X-MS-Exchange-Organization-AuthAs: Internal
X-MS-Exchange-Organization-AuthMechanism: 04
X-MS-Exchange-Organization-Network-Message-Id:
 1198d830-ab51-4f22-d26a-08d998696d18
X-MS-PublicTrafficType: Email
To: Undisclosed recipients:;
Return-Path: sharendeep@binus.ac.id

And here's another sample who's sending the email to someone else, but BCC-ing to me as one of the secret recipients:

MIME-Version: 1.0
From: Miranda Carolina <mirandacarolina2002@gmail.com>
Date: Fri, 15 Jan 2021 12:55:03 +0700
Message-ID: <CAO0aZd-t-UYe2fM4BA83y0+sq+zFDWJuieG0-pzK1jUaTKfgJg@mail.gmail.com>
Subject: Webinar: The Secret of a Company-catching CV
To: rielcevo@gmail.com
Content-Type: multipart/mixed; boundary="0000000000004441f205b8ea04fc"
Bcc: ***@binus.ac.id
Return-Path: mirandacarolina2002@gmail.com

Compare it with our emails from noreply@himti.or.id, where we're honestly tell from who and to whom we're sending it:

Content-Type: multipart/alternative; boundary="===============0692422343=="
MIME-Version: 1.0
Subject: Don't forget to join TECHNO 2021: ERA this Saturday!
From: "HIMTI - TECHNO 2021: ERA" <noreply@himti.or.id>
To: ***@binus.ac.id
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - srv44.niagahoster.com
X-AntiAbuse: Original Domain - binus.ac.id
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - himti.or.id
X-Get-Message-Sender-Via: srv44.niagahoster.com: authenticated_id: noreply@himti.or.id
X-Authenticated-Sender: srv44.niagahoster.com: noreply@himti.or.id