My blog postings about the DMA (initial and followup) got picked up at The Consumerist and got over 5,200 views, which is a respectable take, but not nearly as good as when Continental lost my daughter :-). You will also find on The Consumerist a rebuttal from the DMA which doesn’t actually respond substantively to any of my complaints.
My detailed analysis of everything that’s wrong with the DMA’s Web site from a security point of view was published in the RISKS Digest.
After my complaints were published on my blog and at The Consumerist, I continued to have additional problems with the Web site. I contacted the DMA through the form on the site and asked for assistance, and they did not respond. Apparently, they’ve decided that they don’t actually have to support users whom they don’t like.
I’ve figured out why I was able to register successfully with one particular email address but not with the other one. The first email address I was able to register was 30 characters long, and the one that would not work was 31 characters long. Apparently, there is a bug in their application which causes it to choke on email addresses longer than 30 characters. Note that it must be a bug in the application, and not a restriction in the underlying database, because a DMA customer service representative was able to modify one of my accounts to change its username to the 31-character email address I was not able to register with.
Unfortunately, the bug not only affects the new-account registration section of the application, it also affects the profile editing screen. Once the customer service representative changed one of my accounts to have a 31-character email address, I was able to log in, but I was not able to modify the settings on the account to either switch to a shorter email address or change my password.
If you try to log into the site with an old username (i.e., from before they started using email addresses as usernames), you are brought directly to a screen which requires you to enter an email address to replace the old username. This screen allows you to enter email addresses longer than 30 characters, which then locks your account into the problems described above (i.e., you can’t edit your profile or change your password).
If the account activation email sent by the site is lost, e.g., it gets blocked by your spam filter or (in my case) you forgot to run “newaliases” after creating the email address you gave to the site, there’s no way to get the site to generate another activation email — you are locked out of the account completely for 30 days, after which the account is apparently deleted or something and you can register again. Perhaps the DMA’s customer service people can unlock the account or generate another activation email, but I wouldn’t know, since (as noted above) they’ve stopped responding to requests from me for assistance.
I asserted in one of my previous blog entries that when you remove all the sugar-coating, the real reason why www.dmachoice.org exists is to make it seem like the DMA and its members actually care about consumer preferences to prevent the government from deciding to regulate the direct-marketing industry. Lo and behold, on the www.dmaccc.org home page, they actually admit it! “Effective self-regulatory actions will directly respond to the advocates and regulators who otherwise would respond with their own initiatives.”
To be honest, the DMA’s opt-out list is effective, to a certain extent. When I added myself and my family to it, the amount of junk mail we were receiving decreased. This does not change the fact that the hoops they make people jump through to get onto the list and stay on the list are so absurd, and the Web site so badly designed and supported, that it is reasonable to believe that they don’t actually want it to be easy for people to opt out of junk mail. Although I suppose it is also possible that the people at the DMA who designed, implemented and support the site are simply incompetent.