Author: Jeff Wilbur
This summer the email marketing industry suffered a setback due to “list bomb” attacks in which thousands of targeted users were unknowingly subscribed to tens of thousands of mailings. In these attacks, ESP infrastructure and highly-reputed brands were used as a means to effectively create a “denial of service” against user inboxes, and email originating from many ESPs and brands was blocked by Spamhaus until the situation was better understood. Could this have been prevented?
Investigation into the list bomb attacks pointed to two key points – the bulk of the subscriptions were automated and few used “confirmed opt-in” (COI) to verify the subscriptions. This put users on the defensive, forcing them to unsubscribe from each bogus subscription to stop the inbox barrage.
As part of its recently released 3rd annual Email Marketing and Unsubscribe Audit report , OTA looked at the signup and verification practices of the top 200 online retailers. Only 3% of retailers used a CAPTCHA to prevent automated signups and only 6% used COI to confirm subscriptions. While use of such methods does increase signup friction, it also prevents bad actors from using the email marketing infrastructure as an attack tool. OTA encourages marketers to examine their use of CAPTCHA and COI to protect themselves and consumers from attack, and even offer verbiage on signup pages to explain how these practices help protect all involved.
Other key findings in the report were mixed – on the whole, retailers are honoring unsubscribes faster than ever (86% stopped sending immediately), yet 6% did not stop sending at all (up from 2% last year), violating CAN-SPAM and CASL. Of the ten best practices scored in the Audit, adoption rose for five – use of the unsubscribe header, ability to opt out of all email, use of a confirmation web page, use of a branded unsubscribe page and immediately stopping the subscription. Adoption dropped for the other five criteria – clear and conspicuous presentation of the unsubscribe link, text that is easy to read, use of commonly understood “unsubscribe” language, use of preference centers or opt-down choices during the unsubscribe process and solicitation of customer feedback on why they are unsubscribing. Surprisingly, 6% of retailers either never responded to the subscription or sent a confirmation but then never sent a newsletter or promotion email, thereby wasting the opportunity.
OTA encourages marketers to review the Audit results and take a close look at their own practices in light of the recent list bomb attacks, the practices of other retailers, and shifts in the regulatory environment. By making conscious choices about the entire process – from signup to mailing to unsubscribes – potential attacks and associated disruptions will be reduced and consumers will be better engaged. The resulting benefits are broad, not only to users and your brand, but also to the integrity of the email channel and the resiliency of the internet itself.