How to best protect data when engaging in third-party marketing

Share this content:

When attempting to comply with CAN-SPAM requirements that prevent advertisers from sending e-mail to consumers who have unsubscribed, many share their physical suppression lists or opt-out lists with their third-party advertising partners. That's risky and unwise. What's even riskier is many of these suppression lists are lists of physical e-mail addresses associated with individuals who do not want to receive e-mail. The fines for failing to comply with CAN-SPAM are hefty, but the impact of list theft and abuse on your brand could be far worse. When a consumer unsubscribes, they want to receive less e-mail. When suppression lists are abused, typically, consumers receive even more invasive, irrelevant, unwanted junk. Those that steal it understand the lists represent active e-mail addresses.

There are two ways to protect consumer data securely when managing e-mail suppression lists across multiple entities. The first is list scrubbing. Instead of downloading a list of e-mail addresses not to mail, e-mail partners upload their mailing list(s) to a neutral third party to be "scrubbed" against an advertiser's suppression list or lists. The suppression list never leaves the third party's secure environment.

After the data are scrubbed, the e-mail partner can either download a scrubbed, mailable list, or a list of matching records who are not to be mailed to. Either way, consumer data has not been exposed to the third party. If your e-mail partner's policy requires that they not relinquish their customer data to any third party, the neutral party may allow hashes of e-mail addresses to be uploaded for scrubbing.

Another option is MD5 distribution. This is a one-way hashing algorithm that renders e-mail addresses useless for mailing by converting plain-text e-mail addresses into 32-character hashes — a sequence of letters and numbers representing an e-mail address. Advertisers can use MD5 to encrypt their suppression lists before sending to third parties. Third parties then encrypt their mailing list and compare the MD5 hashes in their list against the MD5 hashes in the suppression list. If a match is found, the mailer removes the corresponding e-mail address in their list.

Now you know how to securely manage suppression list exchanges. If you are not following the practices outlined above, assess if you can do so internally or if outsourcing is a more efficient and less risky way to manage this.

Todd Boullion is president of UnsubCentral. Reach him at


Next Article in Email Marketing

Sign up to our newsletters

Company of the Week

Since 1985, Melissa has helped thousands of companies clean, correct and complete contact data to better target and communicate with their customers. We offer a full spectrum of data quality solutions, including global address, phone, email, and name validation, identify verification - available for batch or real-time processes, in the Cloud or on-premise. Our service bureau provides dedupe, email/phone append and geographic/demographic append services for better targeting and insight. For direct mailers, Melissa offers easy-to-use address management/postal software, list hygiene services and 100s of specialty mailing lists - all with competitive pricing and excellent customer service.

Find out more here »

Career Center

Check out hundreds of exciting professional opportunities available on DMN's Career Center.  
Explore careers in digital marketing, sales, eCommerce, marketing communications, IT, data strategies, and much more. And don't forget to update your resume so employers can contact you privately about job opportunities.

>>Click Here

Relive the 2017 Marketing Hall of Femme

Click the image above