Updated (3:38 p.m.): Actually, The New York Times did send that email -- it sounds like it was a classic case of the old accidental "reply-all" syndrome. Times media reporter Amy Chozick (obviously) got the scoop, which she broke in a tweet: "The email was sent by the NYT," a spokeswoman said. Should've gone to appx 300 people & went to over 8 mil." Oops! A few moments later we received the full explanation from Times spokesperson Danielle Rhoades Ha in our own inbox:
An email was sent earlier today from The New York Times in error. This email should have been sent to a very small number of subscribers, but instead was sent to a vast distribution list made up of people who had previously provided their email address to The New York Times. We regret this error and we regret our earlier communication noting that this email was SPAM.
Original Post: If you were anywhere near Twitter at about 2 p.m. on Tuesday afternoon, you already know that the email from The New York Times to you, "Home Delivery Subscriber," is a fake. Moments after the email started to appear in what seems to be thousands of inboxes, the paper's communication department rushed to alert its readers and followers that the email asking recipients who had recently cancelled their Times subscriptions to "reconsider" was not sent by The New York Times. If you received an email that looks something like the one below, do not click any of the links. Computer viruses will inevitably ensue.
It's unclear from whom the email came, though the reply to address reads "The New York Times <firstname.lastname@example.org>." Indeed, The Times owns that domain, which redirects to its website, NYTimes.com, but it's pretty easy to fake the From: field in an email blast. As The Times's own Media reporter Amy Choznick explains, "The e-mail, which the Times’s spokeswoman Danielle Rhoades Ha said was spam, went out to home subscribers and others who had never purchased delivery, urging them to reconsider at '50% off for 16 weeks.'"
Then again, it might just be a regular old mistake. Washington Post developer Yuri Victor -- conspiracy theorists start your engines! -- traced the metadata in the email back to Epsilon, a third-party email service that's authorized to send emails on The New York Times's behalf. Reading Victor's tweets from Monday afternoon reveals an interesting sort of digital savvy Sherlock Holmes technique of piecing together the clues of what happened. His conclusion, luckily for the Times readers who received the spammy message and embarrassingly for The Times and Epsilon, Victor's conclusion is dead simple. "BTW: It looks as though @NYTimes gave Epsilon permission to send emails on its behalf. So this was likely just a mistake." However, GigaOm's Colleen Taylor contends that Epsilon has a troubled history of security breaches and hackers may have simply broken into the service once again to play a prank on The Times. Everyone agrees that it's too soon to tell exactly what happened, but we've reached out to The Times to learn more about the spam or, as some have suggested, the potential hack. We'lll update you when we hear back.
About an hour later, The Times sent this correction email. It went straight into our Junk folder, for some reason: