On the heels of my unsubscribe experience last week where an ESP overreacted and unsubscribed addresses that did not belong to me, I encountered another deeply broken unsubscribe process. This one is the opposite, there is no way to unsubscribe from marketing mail at all. Representatives of PayPal have only been able to suggest that if I do not want their mail, that I block PayPal in my email client.
I had a PayPal account years and years ago. They made some extensive privacy policy changes back in 2003 and when I did not actively agree to the new policies, they closed the account. That account closure seemed to take, I heard nothing from PayPal. In early 2008, I made a purchase at a vendor that only accepted credit cards through PayPal. Normally, I do not do business with vendors who only accept payment through PayPal, but there appeared to be a way to make the payment without establishing a PayPal account, so I went ahead and made the purchase.
The receipt from that purchase came from PayPal, and mentioned that I had an existing PayPal account. I figured that because the address was the same as the 2003 account that the boilerplate did not understand ‘closed accounts’. I brushed off the notice and did not worry about it.
On June 23, I received marketing email from PayPal. The mail offered 10% off my first eBay purchase, if I set up an eBay account using the same address on my PayPal account. Yay. Spam. Oh, well, no big deal, there was an unsub link at the bottom of the email. It is PayPal, they are a legitimate company, they will honor an unsubscribe. It will all be fine.
Or. Not.
Clicking on the unsubscribe link in the email takes me to a webpage that tells me I had to login to my account to unsubscribe. But I do not have an account!
They clearly think I have an account linked to the email address they mailed. I decide to see if I can recover the account and then unsubscribe. I put in the email address they sent the marketing email to, the password I probably would have used had I actually set up this account and hit “submit.” PayPal now asks me to set up 3 questions to use to recover my account in case I forget the login in the future. Uh. What? No. I do not want to set up an account, I want them to stop sending me email. I abandon that webpage.
I then attempt to recover the password to the account. Put in the email address that PayPal is sending email to and hit “forgot password”. PayPal, as expected, sends me an email. Click this magic link to recover your account. PayPal then asks me to input the full number of the credit card associated with the account – the credit card number I do not have. What account? What credit card number? Is this from my 2003 subscription that was closed? Is this from the purchase I made in February? I abandon that webpage.
The recover password email helpfully lists a phone number I can call for assistance so I call. In order to be able to talk to someone I have to enter my phone number. And the credit card number associated with my account. I resorted to randomly pounding on “0” and telling the voice recognition software I wanted help. Eventually, it got so confused it transfered me to a real human.
Tragically, the voicemail system was actually more helpful than the real human on the other end. Distilling down hours of sitting on the phone with them, I am told the following:
- There is no way to unsubscribe from mail at PayPal.
- Everyone gets spam and I should not care about spam from PayPal
- I can block mail from PayPal in my mail client.
During the conversation, I was repeatedly informed I did have a PayPal account. I asked when the account was opened. The first rep said “June 23, 2008.” You mean today? The day I attempted to login to the account to unsubscribe from the mail you sent me? Yes. That is the day I opened the account. She was incredibly unhappy when I pointed out that was after I had received the email, was my attempt to unsubscribe from the email and did not explain why I was receiving unwanted email from them. After going in circles, repeatedly being placed on hold and asked for credit card information I used to set up the account, I requested a supervisor. The supervisor told me the account was opened in September 2007. September? What? I have no recollection (or email!) about dealing with PayPal in September. I decide to stop trying to figure out the account and asked if there was any way I could make PayPal stop emailing me. She helpfully explained everyone gets spam, that I should block PayPal in my email client and then hung up on me.
Steve, noticing that I was in a slight temper, worked his way through their voicemail system and talked to another rep. Overall his experience was the same. There is no way to unsubscribe from PayPal’s emails without logging in to the preference center and there is no way to login to the preference center without the credit card number associated with the account.
After about 2 1/2 hours of trying to deal with the PayPal reps, we gave up. Clearly there is no way to actually unsubscribe from PayPal mailings.
How many recipients who don’t want to receive mail from Paypal are going to spend several hours fighting through an unhelpful phone tree and being hung up on by customer support reps? Almost none of them. Instead they’re going to hit the “This is spam” button to block the mail, damaging the reputation of the ESP sending the mail.
Worse than that for PayPal, though, is that eBay/PayPal are strongly in favour of DKIM, and they are signing all their mail – solicited and unsolicited, marketing and transactional – with DKIM. That means that recipients hitting the “This is spam” button in response to not being able to unsusbscribe from unwanted mail will also damage the reputation of all mail sent by PayPal, including their transactional mail, not just the reputation of the ESP sending the bulk mail.
Last week it was a little sender at a small ESP failing to correctly manage unsubscribes. This week it is one of the largest senders of email who cannot get unsubscribes right. One of the underlying problems is PayPal’s choice to irrevocably link account management and marketing email. PayPal policy states they cannot let me have access to another person’s financial information and owning an email address they are sending email advertising to is not proof of ownership. In other words, the account established with my email address is not actually my account and I have no right to stop receiving mail.
I actually understand this and appreciate PayPal’s attempts to protect the financial information of their users. However, a major flaw in the current process is that PayPal does no email address confirmation with the account. Therefore, people receiving email from PayPal cannot make the email stop. They do not want to reveal financial information to me if I do not have the right to see it? Good for them. That’s fine, that’s great, but they have to make it possible for recipients to make the mail stop.
One of the early reps I talked to even claimed it was Federal Law that they had to get me to verify the account before they could unsubscribe me. She is very, very wrong. CAN SPAM is reasonably specific about unsubscribes. Currently there must be a way to unsubscribe over the Internet. I do not believe PayPal is currently compliant with CAN SPAM because of the hurdles they have erected that make it more difficult, or even impossible to unsubscribe from their marketing mail.
Since the original CAN-SPAM legislation was passed the FTC has acknowledged recipient concerns that marketers are skirting the existing requirement that they allow recipients to unsubscribe by making unsubscription possible, but requiring recipients to go through a complex process, or require unreasonable additional information (such as, say, credit card numbers) from recipients in order to discourage users from unsubscribing.
To show that this sort of behaviour is not an acceptable way to offer unsubscription according to CAN-SPAM, the FTC have included detailed clarification on this point in their rulemaking that takes effect on July 7th.
§ 316.5 Prohibition on charging a fee or imposing other requirements on recipients who wish to opt out.
Neither a sender nor any person acting on behalf of a sender may require that any recipient pay any fee, provide any information other than the recipient’s electronic mail address and opt-out preferences, or take any other steps except sending a reply electronic mail message or visiting a single Internet Web page, in order to:
(a) Use a return electronic mail address or other Internet-based mechanism, required by 15 U.S.C. 7704(a)(3), to submit a request not to receive future commercial electronic mail messages from a sender; or
(b) Have such a request honored as required by 15 U.S.C. 7704(a)(3)(B) and (a)(4).
[…] of Word to the Wise has an excellent post up on How not to handle unsubscribes regarding her experience trying (and failing) to be unsubscribed from Paypal’s […]
Requiring someone to log into a website in order to unsubscribe from marketing mail is obnoxious. Requiring them to activate an old account to stop receiving marketing mail they should never have received in the first place? I’m speechless.
Yeah, they started sending partner marketing email to a tagged address I used with an account that I closed a few years ago, but they didn’t send the same message to the account I still actively use.
In other words, they’re respecting the preference settings of current users, but not former users.
Hard to believe that this was intentional; more likely to be an unintended (though still potentially illegal) side effect.
Laura –
Wow. Wow. Wow. I admire your persistence. It reminds me of my (not related to unsub) conversations with Saks Fifth Avenue about a bill we keep getting even though we haven’t purchased from Saks in 8 months. Not only is the PayPal required login annoying, but as you say, the new CAN-SPAM regs will make it illegal come July 7.
I tell my fellow Brontos all the time (and preach it in the blogosphere any chance I get)…there is no apparent correlation between revenue and email marketing best practices. In other words, just because you are one of the “big boys” does not mean that you get it.
I applaud your post for calling out PayPal. It is my belief that if the industry players (like you!) continue to write posts like the one above, the tide will begin to turn. We need to highlight poor practices and give clear examples of how to “do it right.”
On the Bronto Blog, my colleague – Kimberly – wrote a post in November of last year titled “Don’t Disengage Your “Target” Audience” where she scolds Target for their poor design practices.
http://blog.bronto.com/2007/11/29/dont-disengage-your-target-audience/
The good news? Check out comment 3 from “Aaron.” At least they are reading….
dj at bronto
JD’s comment and things I’ve heard elsewhere lead me to believe that someone there made a spectacular mistake importing old addresses into their current marketing list, and the internet being what it is, I expect a variety of automated systems to start the slow but inexorable process that winds up seeing that this someone receives a swift kick inna dink at some point here in the next week or two.
I just can’t believe that they are telling people to block them with all of the delivery/authentication stuff they are pushing because they are so widely phished. Most folks will hit the spam button rather than block is my guess and that will really screw with filters. WOW.
I find this deeply disturbing, and am especially agreeing with Tara. I am astonished that such a big player could get something this fundamental, this wrong: importing an ancient list, especially of people who have never HAD an account with the company in question, has never been a good idea. I’d love to see a single verifiable anecdote of such a move actually creating more profit than damage. The un-subscribe foul-up is equally bad but perhaps marginally more understandable. All in all I can sum up my opinion thus:
“Oy!”
I doubt Paypal’s security people (who are pushing authentication) are in the customer service escalation path for a marketing permissions issue.
ajcjobs.com is doing this to me right now.
they merged their accounts a while back and in the merge mentioned that if you didn’t want a new account with their new partner to simply do nothing and no account would be set up.
but I still get emails from them.
they have no unsubscribe link on their mailing, only a link to login to your (non-existent) account, and no real reply to address.
Ok, this reminds me of what we experience. We got a call from one of the BIG BANK who considering outsourcing their email marketing to us. Well, being a tiny tiny mini company (comparing to them) we are so proud to be even consider by them. We did our presentation, they like it until the one BIG question. How do you handle unsubscribe?
Of course, with pride, we say, one click and our jaw drop when the Director of E-commerce for the bank said that she does not like that. Unsubscribe to be as difficult as possible. It is already difficult to get subscriber and when we get them, we should not make it easy for them to leave us.
I reply, but why do you still want to email people who no longer interested to hear from you?
Her replied, this is business, this is marketing (and you small, tiny little people know nothing about this), you shove them with all your marketing stuff, whether they like it or not and one day, they might fall for it.
The saddest truth, we are one of their clients, yah we bank with them. But we are happy that we never did sign up for their newsletter.
[…] and other bank analogues that require an account number, that do not verify email addresses should not require account numbers to talk to someone about the […]
[…] is legal under the FTC rulemaking. What the FTC really wanted to stop was requiring things like passwords for an opt-out, and to counter some of the spammers who were requiring people pay to be […]