I'd think opening a PDF in your browser would be at the same risk-level you associate with going to any random URL. On Firefox at least, I'm pretty sure the built-in PDF viewer is simply JS parsing and rendering the PDF anyway -- nothing with elevated permissions:
> I'd think opening a PDF in your browser would be at the same risk-level you associate with going to any random URL.
Probably pdf.js is more secure, as it is more modern than the HTML/js engine, it contains less legacy code, it is written in a higher level language, and they could implement a safer subset of the pdf standard, than they could do with the HTML/js standards.
If you're sending to recruiters, they do. That's an expected part of their job.
If you're sending to people who currently aren't hiring, or are never part of the hiring process, and didn't ask for your resume -- I hope they don't open it, but they probably will.
I have a Powerautomate workflow setup that downloads all email attachments I receive to Onedrive. The onedrive folder later gets cleared every month to keep it clean.
I don’t mind cold emails. I tend to read them and sometimes find interesting products and opportunities. I know that many of these emails are automated; it’s too bad that they’re not more personalized on average but I understand the need to scale a BD team.
But sometimes I come across a company that has set up an automation flow where you get a dozen emails over the span of a couple of weeks. This needs to stop. The only thing incessant spam will do is guarantee you get on my auto-delete list. A couple times a year is one thing. A couple times a week is unacceptable.
For example, I run a software co-op and I'd like to get some new gigs for me and my engineers. I already have contacted my entire warm network (coworkers, former bosses, people I met at hackathons and meetups), and that did turn up a couple gigs that we've now finished (and followup work is many months out), so at this point we're considering cold emailing. Sounds like that's not the move by your book, so what would you do in my shoes?
I "report spam" on almost all emails formulated along these lines, both for my own sanity and in the hope of reducing the burden for future targets. The senders often don't realise that their emails constitute spam and will send it from their regular addresses at their company domains and probably will later ask their IT teams why their important emails to clients aren't being received.
This advice might work against an executive who is used to wheeling and dealing to get ahead but if your target is developers you might want a more nuanced strategy.
I agree with the sentiment since I block unsolicited emails but..you and I are not the intended subjects of the OP's post. They are talking about sending a topic or idea or suggestion to someone rich and/or powerful and/or otherwise impacting or leading many people perhaps.
"If it contains only transactional or relationship content, its primary purpose is transactional or relationship. In that case, it may not contain false or misleading routing information, but is otherwise exempt from most provisions of the CAN-SPAM Act."
A cold email is unsolicited mail, akin to "cold calling" or what Jehovas witnesses attempt at your doorstep. It's called cold because it's done without any prior warming up, similar to the experience of jumping into cold water without getting your feet wet first.
With the current state of LLMs, not so much. I've tried building cold e-mails with various language models and they all suck. They give you the typical marketing BS that is too generic to be of any interest. Probably there's not so much data on this to go on, or the models are intentionally hampered down to avoid facilitating spam.
- Short and grabs attention: Single paragraph - good.
- Super clear on who you are: A Nigerian prince obviously
- Value prop for the receiver: Millions of dollars!
- Has a specific ask: Access to your bank account, easy
The key point here is the credibility part. The Nigerian prince has no credibility. If you are approaching someone looking to solve a problem and you demonstrate competance via an extensive Github profile / blog your chances of a response are enormously increased I'd have thought.
I've read (in Freakonomics I think) scam emails often have deliberately low credibility to "improve" the quality of warm leads.
High credibility emails that deceive digitally savvy people can create a lot of warm leads who take expensive resources in phone calls and human interaction, but often fail to convert to paying victims. At some point down they funnel they realise it's a scam.
Low credibility emails generate replies from less digitally literate people who're easier to convert into a paying victim when they reply. The response rate is lower of course, but sending another email is free.
Some do, others ruthlessly murder their rivals to get to be prince (in the sense of ruler, not 'son of the king'). Others have to win a power struggle to maintain the accident of birth that put them there.
They're a prince. Of course they have credibility. Of a country as populous and gifted in natural resources as Nigeria, even!
But I get your point, and eagerly await my spam with deposed princes' githubs profiles not stolen from MIT licenced projects, and blog photos not written by GPT and illustrated by DALL-E.
Perhaps what we need is a credibility coin, based on blockchain. Or a national ID card system. To prove I am who I am. As without it, I am not.
You also need to end with "God Bless" or similar - it wastes less time on the scammers part because people who fall for that line are more gullible[1].
[1] Can't remember where I read it; was a short study on how skepticism is inversely correlated to getting scammed. A different reading some years later showed that religious believers have lower skepticism when dealing with other believers of the same faith.
You just have to pretend to be of the same belief as the mark.
People who are good at something you want to be good at. People who invented or popularised techniques you like. Many of them I've come across have published their emails, if nothing else as a "if you have feedback on this book, reach out to name@example.com".
You can build your own list (capture emails on a subscription
form on your website like I do), some people buy them from people who sell such things (although Im certainly not advocating for this, just answering your question), or use tools like LinkedIn sales navigator, etc.
I'm not advocating, or not advocating for any of these approaches. I'm just answering the commenter question.
Also, due to the downvote I suspect at least one person is focusing on the fact that yes, in some circumstances buying contact lists can be annoying and frowned upon.
In other cases, it's how business is done. I'll give a real world example from a guy I actually met. Say you're the head of sales for the largest independent lolly pop manufacturer in the US. How do you let all the corner stores in the US that they should sell your lollies? Buy a list, send them letters/email, whatever. People can be annoyed by it, but it's what keeps the post office in business and is half of what all marketing and sales folks do half the time.
Another example is in the insurance industry, it's common practice to sell your client list when you retire in many of those spaces.
Again, I'm not Advocating or not advocating for any of this, just answering someone's question.