How to best protect data when engaging in third-party marketing

Share this content:

When attempting to comply with CAN-SPAM requirements that prevent advertisers from sending e-mail to consumers who have unsubscribed, many share their physical suppression lists or opt-out lists with their third-party advertising partners. That's risky and unwise. What's even riskier is many of these suppression lists are lists of physical e-mail addresses associated with individuals who do not want to receive e-mail. The fines for failing to comply with CAN-SPAM are hefty, but the impact of list theft and abuse on your brand could be far worse. When a consumer unsubscribes, they want to receive less e-mail. When suppression lists are abused, typically, consumers receive even more invasive, irrelevant, unwanted junk. Those that steal it understand the lists represent active e-mail addresses.

There are two ways to protect consumer data securely when managing e-mail suppression lists across multiple entities. The first is list scrubbing. Instead of downloading a list of e-mail addresses not to mail, e-mail partners upload their mailing list(s) to a neutral third party to be "scrubbed" against an advertiser's suppression list or lists. The suppression list never leaves the third party's secure environment.

After the data are scrubbed, the e-mail partner can either download a scrubbed, mailable list, or a list of matching records who are not to be mailed to. Either way, consumer data has not been exposed to the third party. If your e-mail partner's policy requires that they not relinquish their customer data to any third party, the neutral party may allow hashes of e-mail addresses to be uploaded for scrubbing.

Another option is MD5 distribution. This is a one-way hashing algorithm that renders e-mail addresses useless for mailing by converting plain-text e-mail addresses into 32-character hashes — a sequence of letters and numbers representing an e-mail address. Advertisers can use MD5 to encrypt their suppression lists before sending to third parties. Third parties then encrypt their mailing list and compare the MD5 hashes in their list against the MD5 hashes in the suppression list. If a match is found, the mailer removes the corresponding e-mail address in their list.

Now you know how to securely manage suppression list exchanges. If you are not following the practices outlined above, assess if you can do so internally or if outsourcing is a more efficient and less risky way to manage this.

Todd Boullion is president of UnsubCentral. Reach him at


Next Article in Email Marketing

Sign up to our newsletters

Company of the Week

PAN Communications is an award-winning integrated marketing and public relations agency for B2B technology and healthcare brands. PAN's data-driven approach allows the firm to specialize in public relations, social media, content and influencer marketing, and data and analytics. PAN partners with brands to create unique, integrated campaigns that captivate audiences and drive measurable results. PAN services clients out of the firm's four offices: Boston, San Francisco, New York City and Orlando.

Find out more here »

Career Center

Check out hundreds of exciting professional opportunities available on DMN's Career Center.  
Explore careers in digital marketing, sales, eCommerce, marketing communications, IT, data strategies, and much more. And don't forget to update your resume so employers can contact you privately about job opportunities.

>>Click Here

Relive the 2017 Marketing Hall of Femme

Click the image above