[davideous]

This is illegal in the United States under the CAN-SPAM law

From: http://www.business.ftc.gov/documents/bus61-can-spam-act-com...

"You can’t charge a fee, require the recipient to give you any personally identifying information beyond an email address, or make the recipient take any step other than sending a reply email or visiting a single page on an Internet website as a condition for honoring an opt-out request"

(My company provides email delivery software and consulting.)

[edit for typo]

[sidcool]

The link posted here redirects to a co.in domain. It's Citibank India. I have sent them a message on facebook, in an attempt to bring this to their attention.

[manas2004]

OP here. I sent them a tweet, and they replied with a link to a complaint form that - guess what - required me to enter my account number :)

[sidcool]

Really? That's wicked. But most of the times I have witnessed such things, the problem is with process and not people. Processes come from top down. Let's all try to bring this to the attention of the top brass.

[Silhouette]

If this is a legitimate concern and it's not being addressed after some reasonable initial contact, maybe you can get a mountain of retweets going with some unfortunate hash tag about the bank and a link to some reputable source about this issue. For better or worse, Twitter campaigns do seem to be somewhat effective against the PR machines of big businesses, as sooner or later someone important at the business often hears about them and starts damage limitation.

[miahi]

I guess they use the same form for every customer support issue.