How to best protect data when engaging in third-party marketing

Share this article:

When attempting to comply with CAN-SPAM requirements that prevent advertisers from sending e-mail to consumers who have unsubscribed, many share their physical suppression lists or opt-out lists with their third-party advertising partners. That's risky and unwise. What's even riskier is many of these suppression lists are lists of physical e-mail addresses associated with individuals who do not want to receive e-mail. The fines for failing to comply with CAN-SPAM are hefty, but the impact of list theft and abuse on your brand could be far worse. When a consumer unsubscribes, they want to receive less e-mail. When suppression lists are abused, typically, consumers receive even more invasive, irrelevant, unwanted junk. Those that steal it understand the lists represent active e-mail addresses.

There are two ways to protect consumer data securely when managing e-mail suppression lists across multiple entities. The first is list scrubbing. Instead of downloading a list of e-mail addresses not to mail, e-mail partners upload their mailing list(s) to a neutral third party to be "scrubbed" against an advertiser's suppression list or lists. The suppression list never leaves the third party's secure environment.

After the data are scrubbed, the e-mail partner can either download a scrubbed, mailable list, or a list of matching records who are not to be mailed to. Either way, consumer data has not been exposed to the third party. If your e-mail partner's policy requires that they not relinquish their customer data to any third party, the neutral party may allow hashes of e-mail addresses to be uploaded for scrubbing.

Another option is MD5 distribution. This is a one-way hashing algorithm that renders e-mail addresses useless for mailing by converting plain-text e-mail addresses into 32-character hashes — a sequence of letters and numbers representing an e-mail address. Advertisers can use MD5 to encrypt their suppression lists before sending to third parties. Third parties then encrypt their mailing list and compare the MD5 hashes in their list against the MD5 hashes in the suppression list. If a match is found, the mailer removes the corresponding e-mail address in their list.

Now you know how to securely manage suppression list exchanges. If you are not following the practices outlined above, assess if you can do so internally or if outsourcing is a more efficient and less risky way to manage this.

Todd Boullion is president of UnsubCentral. Reach him at todd@unsubcentral.com.

Share this article:
close

Next Article in Email Marketing

Sign up to our newsletters

Follow us on Twitter @dmnews

Latest Jobs:

More in Email Marketing

Email Opens Have Increased While Clicks Remain Static

Email Opens Have Increased While Clicks Remain Static

Open rates rose to 32.9% in Q1 2014, but clicks haven't changed for the past couple of years, a study says. But why?

Is Reliance on Email Stifling Lead Nurturing?

Is Reliance on Email Stifling Lead Nurturing?

Pressure to drive revenue has some B2B marketers looking to take a more multichannel approach to lead nurturing.

Blame Canada? CASL Leads to SPAM in the Short-Term

Blame Canada? CASL Leads to SPAM in the ...

In the email world, silence does not consent—at least not in Canada, where much fretted over anti-spam legislation went into effect on July 1.