Address harvesting through social networks

The next killer ap on the Internet seems to be social networking. Everyone has a great idea for the next facebook or or myspace. All of these sites, though, have to find users. The site will fail if there are no users. One way to get new users is to ask all your current users to invite all their friends to join. This tends to lead to the marketing / product decision to insert functionality into the social networking site which allows current users to upload their address book and the site itself will send out invitations to all your friends and contacts.
This is not actually as great as an idea as it sounds, however. First, you end up with situations like what happened to me this past week.  On Wednesday I received the following email:

Hi,
I looked for you on Reunion.com, the largest people search service — but you weren’t there.
See who else has been searching for you! Click here.
—Bob
Reunion.com – Life Changes. Keep in Touch.™
You have received this email because a Reunion.com Member sent an invitation to this email address. For assistance, please refer to our FAQ or Contact Us.
Our Address: 2118 Wilshire Blvd., Box 1008, Santa Monica, CA 90403-5784

Bob is actually a current client and I recognized his full name in the from address. Bob has my current information and we have had contact within the last few weeks so I know he is not actually using reunion.com to try and find me. I spend a few minutes poking at reunion.com trying to figure out how to make the mail stop and make sure they never bother me again, discover they do not want to make that easy and give up. I can always block them if their email becomes annoying.
The next day, I receive an email from Bob, it says:

All,
If you received an email from reunion.com on my behalf, please IGNORE it as that email was sent without my knowledge and I have not sent it willingly. This email was sent to all my contacts in my email address book.
I have already cancelled my account on that site and it is really weird that the site would do this without my permission.
The site is “force inviting” people from your contacts if you register on the site, which is very annoying.
Thanks,

Bob

Because of this behaviour, reunion.com has now lost one registered user, and he has told all his contacts to avoid the site in the future.
Reunion.com is not alone in their rush to grab any address they can get a hold of. Most sites will let you upload address books, or your account information so they can mail all your contacts introducing their new product. It is an attempt to appear to be organic viral marketing, but it is not. In point of fact it is no different than randomly harvesting addresses off websites and mailing them.
Social networks need to be very careful about appropriating addresses and assuming permission. This week, reunion.com appropriated both Bob’s address and my own and assumed they had permission to email me on Bob’s behalf. In fact, they did not have Bob’s permission to appropriate his address and they certainly did not have my permission to contact me.
Many newborn social networks are using similar types of spam to spread their presence. It remains to be seen if this is a working strategy or if they are forced to actually start actually caring about permission.

Related Posts

Permission, Part 2

Permission Part 1 I talked about the definition of permission as I use it. Before we can talk about how to get permission we need to clarify the type of email that we’re talking about in this post. Specifically, I’m talking about marketing and newsletter email, not transactional email or other kinds of email a company may send to recipients. Also, when I talk about lists I include segments of a database that fit marketing criteria as well as specific list of email addresses.
There are two ways that recipients give permission to receive newsletters or marketing email, explicit permission and implicit permission. Recipients give explicit permission to receive marketing email when they sign up for such email. Implicit permission covers situations where a user provides an email address, either during the course of a purchase, a download or other interaction with a company. There may be some language in the company’s privacy policy explaining that recipients may receive marketing email, but the recipient may not be aware they will receive email.
The easier situation is explicit permission. There are two basic ways a company can gather explicit permission to send marketing email: single opt-in and double (confirmed) opt-in.
Single opt-in: Recipient provides an email address to the sender for the express purpose of receiving marketing email.
Double (or confirmed) opt-in: Recipient provides an email address to the sender for the express purpose of receiving marketing email. The sender then sends an initial email to the recipient that requires a positive action on the part of the recipient (click a link, log into a web page or reply to the email) before the address is added to the sender’s list.
There can be problems with both types of opt-in, but barring fake or typoed email addresses being given to the sender, there is an social contract that the sender will send email to the recipient. I’ll talk about single and double opt-in in later posts.
Implicit permission covers a lot of situations where email is commonly sent in response to a recipient giving the sender and email address. In these cases, though, the recipient may not be aware they are consenting to receive email. This behavior may annoy recipients as well as causing delivery problems for the sender. Common cases of implicit permission include website registration, product purchase and free downloads.
More responsible companies often change implicit opt-in to explicit opt-in. They do this by making it clear to users that they are agreeing to receive email at the point where the user gives the company an email address. Not only is the information about how email addresses will be used in the company’s privacy policy, but there is a clear and conspicuous notice at the point where the user must provide their email address. The recipient knows what the sender will do with the email address and is given the opportunity to express their preferences. If users do agree to receive email, the company will send a message to that recipient with relevant information about how their email address will be used, how often they will receive email and how they can opt-out.
Explicit opt-in is the best practice for building a list, however, there are still companies that successfully use implicit opt-in to build marketing lists. Companies successfully using implicit opt in usually are collecting emails as part of a sales transaction. There is very little incentive for their customers to give them an email address not belonging to the customer.
Outside of purchasers, however, implicit opt-in leaves a company open to getting email addresses that do not actually belong to the person providing the company with the email address. This most often occurs when the sender is providing some service, be it software downloads, music or access to content, in return for a “payment” of a valid email address. In order to protect against users inputting other, valid addresses into the form, the sender must verify that the address actually belongs to their user before sending any sort of marketing email. The easiest way for senders to do this is to send a link to the recipient email. This link can be the download link, or the password to get to restricted content. Because the recipient must be able to receive and act on email, the only addresses the sender has belong to actual users of the site.
In some rare cases, implicit opt-in can be used to build a list that performs well. However, senders must be aware of the risks of annoying their customer base and the recipient ISPs. Mitigating these risks can be done, but it often takes more effort than just using explicit opt-in in the first place.

Read More

Permission, Part 1

Before I can talk about permission and how a mailer can collect permission from a recipient to send them email I really need to define what I mean by permission as there are multiple definitions used by various players in the market. Permission marketing was a term coined by Seth Godin in his book entitled Permission Marketing.
The underlying concept beneath permission marketing is that all marketing should be “anticipated, personal and relevant.” Others have defined permission marketing as consumers volunteering or requesting to be marketed to.
When I talk about permission in the email marketing context I mean that the recipient understood *at the time they provided the sender with an email address* that they would receive email from that sender as a result.
Let’s look at some of the relevant parts of that definition.

Read More

What to expect from your delivery consultant

Every once in a while I get a phone call asking me what delivery consultant do. What can I do for them? How can I help them? Delivery consulting is a very new field and it is understandable a lot of people do not know what we do.
The overall delivery consulting process here a Word to the Wise involves collecting detailed information about your mailing program and your technical setup, like:

Read More