How not to handle unsubscribes

On the heels of my unsubscribe experience last week where an ESP overreacted and unsubscribed addresses that did not belong to me, I encountered another deeply broken unsubscribe process. This one is the opposite, there is no way to unsubscribe from marketing mail at all. Representatives of PayPal have only been able to suggest that if I do not want their mail, that I block PayPal in my email client.
I had a PayPal account years and years ago. They made some extensive privacy policy changes back in 2003 and when I did not actively agree to the new policies, they closed the account. That account closure seemed to take, I heard nothing from PayPal. In early 2008, I made a purchase at a vendor that only accepted credit cards through PayPal. Normally, I do not do business with vendors who only accept payment through PayPal, but there appeared to be a way to make the payment without establishing a PayPal account, so I went ahead and made the purchase.
The receipt from that purchase came from PayPal, and mentioned that I had an existing PayPal account. I figured that because the address was the same as the 2003 account that the boilerplate did not understand ‘closed accounts’. I brushed off the notice and did not worry about it.
On June 23, I received marketing email from PayPal. The mail offered 10% off my first eBay purchase, if I set up an eBay account using the same address on my PayPal account. Yay. Spam. Oh, well, no big deal, there was an unsub link at the bottom of the email. It is PayPal, they are a legitimate company, they will honor an unsubscribe. It will all be fine.
Or. Not.
Clicking on the unsubscribe link in the email takes me to a webpage that tells me I had to login to my account to unsubscribe. But I do not have an account!
They clearly think I have an account linked to the email address they mailed. I decide to see if I can recover the account and then unsubscribe. I put in the email address they sent the marketing email to, the password I probably would have used had I actually set up this account and hit “submit.” PayPal now asks me to set up 3 questions to use to recover my account in case I forget the login in the future. Uh. What? No. I do not want to set up an account, I want them to stop sending me email. I abandon that webpage.
I then attempt to recover the password to the account. Put in the email address that PayPal is sending email to and hit “forgot password”. PayPal, as expected, sends me an email. Click this magic link to recover your account. PayPal then asks me to input the full number of the credit card associated with the account – the credit card number I do not have. What account? What credit card number? Is this from my 2003 subscription that was closed? Is this from the purchase I made in February? I abandon that webpage.
The recover password email helpfully lists a phone number I can call for assistance so I call. In order to be able to talk to someone I have to enter my phone number. And the credit card number associated with my account. I resorted to randomly pounding on “0” and telling the voice recognition software I wanted help. Eventually, it got so confused it transfered me to a real human.
Tragically, the voicemail system was actually more helpful than the real human on the other end. Distilling down hours of sitting on the phone with them, I am told the following:

  1. There is no way to unsubscribe from mail at PayPal.
  2. Everyone gets spam and I should not care about spam from PayPal
  3. I can block mail from PayPal in my mail client.

During the conversation, I was repeatedly informed I did have a PayPal account. I asked when the account was opened. The first rep said “June 23, 2008.” You mean today? The day I attempted to login to the account to unsubscribe from the mail you sent me? Yes. That is the day I opened the account. She was incredibly unhappy when I pointed out that was after I had received the email, was my attempt to unsubscribe from the email and did not explain why I was receiving unwanted email from them. After going in circles, repeatedly being placed on hold and asked for credit card information I used to set up the account, I requested a supervisor. The supervisor told me the account was opened in September 2007. September? What? I have no recollection (or email!) about dealing with PayPal in September. I decide to stop trying to figure out the account and asked if there was any way I could make PayPal stop emailing me. She helpfully explained everyone gets spam, that I should block PayPal in my email client and then hung up on me.
Steve, noticing that I was in a slight temper, worked his way through their voicemail system and talked to another rep. Overall his experience was the same. There is no way to unsubscribe from PayPal’s emails without logging in to the preference center and there is no way to login to the preference center without the credit card number associated with the account.
After about 2 1/2 hours of trying to deal with the PayPal reps, we gave up. Clearly there is no way to actually unsubscribe from PayPal mailings.
How many recipients who don’t want to receive mail from Paypal are going to spend several hours fighting through an unhelpful phone tree and being hung up on by customer support reps? Almost none of them. Instead they’re going to hit the “This is spam” button to block the mail, damaging the reputation of the ESP sending the mail.
Worse than that for PayPal, though, is that eBay/PayPal are strongly in favour of DKIM, and they are signing all their mail – solicited and unsolicited, marketing and transactional – with DKIM. That means that recipients hitting the “This is spam” button in response to not being able to unsusbscribe from unwanted mail will also damage the reputation of all mail sent by PayPal, including their transactional mail, not just the reputation of the ESP sending the bulk mail.
Last week it was a little sender at a small ESP failing to correctly manage unsubscribes. This week it is one of the largest senders of email who cannot get unsubscribes right. One of the underlying problems is PayPal’s choice to irrevocably link account management and marketing email. PayPal policy states they cannot let me have access to another person’s financial information and owning an email address they are sending email advertising to is not proof of ownership. In other words, the account established with my email address is not actually my account and I have no right to stop receiving mail.
I actually understand this and appreciate PayPal’s attempts to protect the financial information of their users. However, a major flaw in the current process is that PayPal does no email address confirmation with the account. Therefore, people receiving email from PayPal cannot make the email stop. They do not want to reveal financial information to me if I do not have the right to see it? Good for them. That’s fine, that’s great, but they have to make it possible for recipients to make the mail stop.
One of the early reps I talked to even claimed it was Federal Law that they had to get me to verify the account before they could unsubscribe me. She is very, very wrong. CAN SPAM is reasonably specific about unsubscribes. Currently there must be a way to unsubscribe over the Internet. I do not believe PayPal is currently compliant with CAN SPAM because of the hurdles they have erected that make it more difficult, or even impossible to unsubscribe from their marketing mail.
Since the original CAN-SPAM legislation was passed the FTC has acknowledged recipient concerns that marketers are skirting the existing requirement that they allow recipients to unsubscribe by making unsubscription possible, but requiring recipients to go through a complex process, or require unreasonable additional information (such as, say, credit card numbers) from recipients in order to discourage users from unsubscribing.
To show that this sort of behaviour is not an acceptable way to offer unsubscription according to CAN-SPAM, the FTC have included detailed clarification on this point in their rulemaking that takes effect on July 7th.

§ 316.5 Prohibition on charging a fee or imposing other requirements on recipients who wish to opt out.
Neither a sender nor any person acting on behalf of a sender may require that any recipient pay any fee, provide any information other than the recipient’s electronic mail address and opt-out preferences, or take any other steps except sending a reply electronic mail message or visiting a single Internet Web page, in order to:
(a) Use a return electronic mail address or other Internet-based mechanism, required by 15 U.S.C. 7704(a)(3), to submit a request not to receive future commercial electronic mail messages from a sender; or
(b) Have such a request honored as required by 15 U.S.C. 7704(a)(3)(B) and (a)(4).

Related Posts

Unsubscribe policies

Our local brewpub has an email list. For various reasons I have multiple addresses on the list and finally decided that getting 4 copies of each mailing was silly. About a week ago, I sent in unsubscribe requests for 3 of the addresses. Today I get another 4 copies of their mailing. That’s not good. Luckily, I know one of the delivery folks at their ESP so I send her an email.
I know unusubscribes can take a few days to process, but it has been seven and CAN SPAM is pretty clear about the 10 day requirement. My first email to their delivery expert is just asking how long unsbs normally take. She responds they take 3 – 4 days. Uh Oh.
I tell her I unsubscribed these 3 addresses (with the unsub links) on 6/10 and received more email this morning. I did tell her that there were multiple subscriptions and they were all legit, but the reasons were really not important. Just that I didn’t want quite so many emails and their unsubscribe process seemed broken.
Now we get to the part where it all goes a wee bit pear shaped. The next email I get back from her explains why I am on so many lists. Fair enough. The more concerning bit is that they have not only gone through their database and unsubscribed all my addresses, but they have also found Steve’s addresses and unsubscribed those too. What the email does not contain is an explanation of why their unsubscribe process broke.
At this point I am a bit annoyed. I did not want all my addresses unsubscribed, just some of them. And the bit about unsubscribing Steve? That’s just silly and unnecessary. Another round of email ensued, pointing out this is bad and please put everything back how it was except please unsubscribe these three addresses I sent originally.
Things are back how they were, although the technical staff is still looking into how their unsubscribe process broke. The initial thought is that during a technology transition they lost some unsubscribe requests.
This whole process has bothered me for a number of reasons. One is the utterly cavalier attitude of the delivery people at the ESP. Their unsubscribe process broke. This is, to my mind, an emergency. ESPs have been fined for broken unsubscribe processes. Two is the process of unsubscribing addresses that belonged to a completely different person. The ESP did explain the policy behind that, sorta.

Read More

Disposable or Temporary Addresses

Mark Brownlow has a really good post up today about disposable and temporary addresses and how they affect marketers trying to build an opt-in list.
I use tagged addresses for all my signups, and have for more than 10 years now. It lets me track who I gave an address to and if this mail is contrary to what I signed up for or the address has leaked, I can shut down mail to that address entirely.
Tagged addresses also have another function. One of our local brew pubs has a rewards program, spend money there, get points. As part of the signup process, they requested an email address. All the email I have received from them has been clearly branded, well designed, they are an example of how to use email right. That is until last week. Last week I received an email to the tagged address from some survey company. The survey company provided no branding, nothing.

Read More

Predictions for 2008

I did not have a lot of predictions for what will happen with email at the beginning of the year so I did not do a traditional beginning of the year post. Over the last 3 – 4 weeks, though, I have noticed some things that I think show where the industry is going.
Authentication. In January two announcements happened that lead me to believe most legitimate mail will be DK/DKIM signed by the end of the year. AOTA announced that approximately 50% of all email was currently authenticated. They did not separate out SPF/SenderID authentication from DK/DKIM authentication, but this still suggests email authentication is being widely adopted. AOL announced they will be checking DKIM on their inbound mail. I expect more and more email will be DKIM signed in response to this announcement.
Filtering. The end of 2007 marked a steady uptick in mail being filtered or blocked by recipient domains. I expect this trend to continue throughout 2008. Recipient domains are rolling out new technology to measure complaints, evaluate reputation and monitor unwanted email in ways that tease out the bad actors from the good. This means more bad and borderline email will be blocked. Over the short term, I expect to see more good email blocked, too, but expect this will resolve itself by Q2/Q3.
Sender Improvements. As the ISPs get better at filtering, I expect that many borderline senders will discover they cannot continue to have sloppy subscription practices and still get their mail delivered. Improved authentication and better filtering let ISPs pin-point blocks. Instead of having to block by IP or by domain, they can block only some mail from a domain, or only some mail from an IP. There are a number of senders who are sending mail that users do not want mixed with mail that recipients do want. Right now, if there is more mail that recipients want in that mix, then ISPs let the mail through. This will not continue to happen through 2008. Senders will need to send mail users actively want in order to see good delivery.
Less is more. A lot of other email bloggers have talked about this, and I will echo their predictions. Less email is more. Send relevant mail that your customers want. Target, target, target. Good mailers will not send offers to their entire database, instead they will send mail to a select portion of their database.
Feedback loops. Use of feedback loops by recipient domains will continue to grow.
Mobile email. More recipients will be receiving email on mobile devices.
Suggestions for 2008

Read More