Permission, Part 2

Permission Part 1 I talked about the definition of permission as I use it. Before we can talk about how to get permission we need to clarify the type of email that we’re talking about in this post. Specifically, I’m talking about marketing and newsletter email, not transactional email or other kinds of email a company may send to recipients. Also, when I talk about lists I include segments of a database that fit marketing criteria as well as specific list of email addresses.

There are two ways that recipients give permission to receive newsletters or marketing email, explicit permission and implicit permission. Recipients give explicit permission to receive marketing email when they sign up for such email. Implicit permission covers situations where a user provides an email address, either during the course of a purchase, a download or other interaction with a company. There may be some language in the company’s privacy policy explaining that recipients may receive marketing email, but the recipient may not be aware they will receive email.

The easier situation is explicit permission. There are two basic ways a company can gather explicit permission to send marketing email: single opt-in and double (confirmed) opt-in.

Single opt-in: Recipient provides an email address to the sender for the express purpose of receiving marketing email.

Double (or confirmed) opt-in: Recipient provides an email address to the sender for the express purpose of receiving marketing email. The sender then sends an initial email to the recipient that requires a positive action on the part of the recipient (click a link, log into a web page or reply to the email) before the address is added to the sender’s list.

There can be problems with both types of opt-in, but barring fake or typoed email addresses being given to the sender, there is an social contract that the sender will send email to the recipient. I’ll talk about single and double opt-in in later posts.

Implicit permission covers a lot of situations where email is commonly sent in response to a recipient giving the sender and email address. In these cases, though, the recipient may not be aware they are consenting to receive email. This behavior may annoy recipients as well as causing delivery problems for the sender. Common cases of implicit permission include website registration, product purchase and free downloads.

More responsible companies often change implicit opt-in to explicit opt-in. They do this by making it clear to users that they are agreeing to receive email at the point where the user gives the company an email address. Not only is the information about how email addresses will be used in the company’s privacy policy, but there is a clear and conspicuous notice at the point where the user must provide their email address. The recipient knows what the sender will do with the email address and is given the opportunity to express their preferences. If users do agree to receive email, the company will send a message to that recipient with relevant information about how their email address will be used, how often they will receive email and how they can opt-out.

Explicit opt-in is the best practice for building a list, however, there are still companies that successfully use implicit opt-in to build marketing lists. Companies successfully using implicit opt in usually are collecting emails as part of a sales transaction. There is very little incentive for their customers to give them an email address not belonging to the customer.

Outside of purchasers, however, implicit opt-in leaves a company open to getting email addresses that do not actually belong to the person providing the company with the email address. This most often occurs when the sender is providing some service, be it software downloads, music or access to content, in return for a “payment” of a valid email address. In order to protect against users inputting other, valid addresses into the form, the sender must verify that the address actually belongs to their user before sending any sort of marketing email. The easiest way for senders to do this is to send a link to the recipient email. This link can be the download link, or the password to get to restricted content. Because the recipient must be able to receive and act on email, the only addresses the sender has belong to actual users of the site.

In some rare cases, implicit opt-in can be used to build a list that performs well. However, senders must be aware of the risks of annoying their customer base and the recipient ISPs. Mitigating these risks can be done, but it often takes more effort than just using explicit opt-in in the first place.


Your email address will not be published. Required fields are marked *

  • OTA joins the ISOC

    The Online Trust Alliance (OTA) announced today they were joining forces with the Internet Society (ISOC). Starting in May, they will operate as an initiative under the ISOC umbrella. “The Internet Society and OTA share the belief that trust is the key issue in defining the future value of the Internet,” said Internet Society President and CEO, Kathryn Brown. “Now is the right time for these two organizations to come together to help build user trust in the Internet. At a time when cyber-attacks and identity theft are on the rise, this partnership will help improve security and data privacy for users,” added Brown.No Comments

  • Friday blogging... or lack of it

    It seems the last few Friday's I've been lax on posting. Some of that is just by Friday I'm frantically trying to complete all my client deliverables before the weekend. The rest of it is by Friday I'm just tired. Today had the added complication of watching the Trumpcare debate and following how (and how soon) it would affect my company if it passed. That's been a bit distracting, along with the other stuff I posted about yesterday. I wish everyone a great weekend.1 Comment

  • Indictments in Yahoo data breach

    Today the US government unsealed an indictment against 2 Russian agents and 2 hackers for breaking into Yahoo's servers and stealing personal information. The information gathered during the hack was used to target government officials, security employees and private individuals. Email is so central to our online identity. Compromise an email account and you can get access to social media, and other accounts. Email is the key to the kingdom.No Comments