How to best protect data when engaging in third-party marketing

Share this content:

When attempting to comply with CAN-SPAM requirements that prevent advertisers from sending e-mail to consumers who have unsubscribed, many share their physical suppression lists or opt-out lists with their third-party advertising partners. That's risky and unwise. What's even riskier is many of these suppression lists are lists of physical e-mail addresses associated with individuals who do not want to receive e-mail. The fines for failing to comply with CAN-SPAM are hefty, but the impact of list theft and abuse on your brand could be far worse. When a consumer unsubscribes, they want to receive less e-mail. When suppression lists are abused, typically, consumers receive even more invasive, irrelevant, unwanted junk. Those that steal it understand the lists represent active e-mail addresses.

There are two ways to protect consumer data securely when managing e-mail suppression lists across multiple entities. The first is list scrubbing. Instead of downloading a list of e-mail addresses not to mail, e-mail partners upload their mailing list(s) to a neutral third party to be "scrubbed" against an advertiser's suppression list or lists. The suppression list never leaves the third party's secure environment.

After the data are scrubbed, the e-mail partner can either download a scrubbed, mailable list, or a list of matching records who are not to be mailed to. Either way, consumer data has not been exposed to the third party. If your e-mail partner's policy requires that they not relinquish their customer data to any third party, the neutral party may allow hashes of e-mail addresses to be uploaded for scrubbing.

Another option is MD5 distribution. This is a one-way hashing algorithm that renders e-mail addresses useless for mailing by converting plain-text e-mail addresses into 32-character hashes — a sequence of letters and numbers representing an e-mail address. Advertisers can use MD5 to encrypt their suppression lists before sending to third parties. Third parties then encrypt their mailing list and compare the MD5 hashes in their list against the MD5 hashes in the suppression list. If a match is found, the mailer removes the corresponding e-mail address in their list.

Now you know how to securely manage suppression list exchanges. If you are not following the practices outlined above, assess if you can do so internally or if outsourcing is a more efficient and less risky way to manage this.

Todd Boullion is president of UnsubCentral. Reach him at


Next Article in Email Marketing

Sign up to our newsletters

Company of the Week

USAData helps businesses find new customers and grow their current customers through a combination of data and digital marketing services, and easy-to-use SaaS technology products. We enrich customer data so businesses can more effectively target and communicate with customers, and connect them with their best look-alike prospects through digital and traditional channels. We make it easy through simple, self-serve applications and APIs, as well as through full-service programs managed by our Data and Digital experts. 

Find out more here »

Career Center

Check out hundreds of exciting professional opportunities available on DMN's Career Center.  
Explore careers in digital marketing, sales, eCommerce, marketing communications, IT, data strategies, and much more. And don't forget to update your resume so employers can contact you privately about job opportunities.

>>Click Here

Relive the 2017 Marketing Hall of Femme

Click the image above