Last year, I ran in the 5K that accompanied the Illinois Marathon and half-marathon. I registered for the event ahead of time and used the online registration through Active.com. The event was fun and well coordinated. Unfortunately, months after the event, it wasn’t quite so coordinated.

I use an e-mail service called OtherInbox, which I’ve recommended previously, that allows me to create e-mail addresses on the fly. For example, when registering for the aforementioned 5k I registered with 5k@[MyDomain].com. The Active.com registration for the Illinois Marathon’s 5k is the only thing I have ever used that address for. Before the event, I received pertinent e-mails about times, dates, parking, routes, and more welcome messages. Afterwards I started receiving messages that bordered on spam with sales pitches about buy photos of crossing the finish line and such. Since then, I’ve recently started receiving messages that were just blatant spam and gave me nothing out of them. I have “unsubscribed” from every message but they still come with at least one message each day.

This system allows me to pretty much confirm that the Illinois Marathon / Active.com has sold my information to spammers or is at least letting them run email marketing campaigns with the lists of those people that have registered for 5K’s, half-marathons, triathlons, and full marathons through the site. The agreement that I made when registering mentions nothing about selling or leasing a registered user’s information. It also seems to contradict the Mission of the Illinois Marathon:

I should have had a clue after registering because the site certainly seems very scam-like with the default magazine offers during registration and the “premium” ActiveAdvantage Trial after registering:

Finally getting to the core of the problem, we can look at Active’s Privacy Policy. It seems to have these two tidbits of information:

When Active does share your information with our subsidiaries, affiliated companies and trusted businesses or persons, we require that these parties agree to process such information based on our direction and in compliance with appropriate confidentiality and security measures.

Note that’s a when not an if.

If you are using our services to register for an event, program or to purchase a third party product, Active shares the personal information you provide to applicable third party(ies) to fulfill your request. Each such party operates independently from Active and maintains its own privacy and security policy. Active bears no responsibility from the activities of any such third party to whom Active provides information to process your request and you should contact those third parties directly regarding your preferences for the use of your personal information.

I am only using Active’s services to register for an event, the Illinois Marathon 5k, but I didn’t request any 3rd parties to be involved. Active only needed to provide the information back to the Illinois Marathon. This is a company I’m trusting with my credit card information. I’d like to know with whom they’re sharing my information. Looking at the spam messages, they’re all coming from different addresses at delivery.net, such as:

• RunnersWorld@runnersworld.delivery.net
• Prevention@prevention.delivery.net
• RodaleBooks@rodalebooks.delivery.net
• MensHealth@menshealth.delivery.net

(And that’s just what came in this last week, with some duplicates). At the bottom of these e-mails is a link to the Rodale Inc. Privacy Policy. How did my information make the jump from Illinois Marathon to Active.com to Rodale?

Well, it’s time again to register for the Illinois Marathon and I’ll be running the 5k again. I followed the same registration process as last year and used a unique e-mail address to see how my information flows again. I guess I should have just used the mail-in form for registration.