How not to handle unsubscribes
On the heels of my unsubscribe experience last week where an ESP overreacted and unsubscribed addresses that did not belong to me, I encountered another deeply broken unsubscribe process. This one is the opposite, there is no way to unsubscribe from marketing mail at all. Representatives of PayPal have only been able to suggest that if I do not want their mail, that I block PayPal in my email client.
The receipt from that purchase came from PayPal, and mentioned that I had an existing PayPal account. I figured that because the address was the same as the 2003 account that the boilerplate did not understand ‘closed accounts’. I brushed off the notice and did not worry about it.
On June 23, I received marketing email from PayPal. The mail offered 10% off my first eBay purchase, if I set up an eBay account using the same address on my PayPal account. Yay. Spam. Oh, well, no big deal, there was an unsub link at the bottom of the email. It is PayPal, they are a legitimate company, they will honor an unsubscribe. It will all be fine.
Clicking on the unsubscribe link in the email takes me to a webpage that tells me I had to login to my account to unsubscribe. But I do not have an account!
They clearly think I have an account linked to the email address they mailed. I decide to see if I can recover the account and then unsubscribe. I put in the email address they sent the marketing email to, the password I probably would have used had I actually set up this account and hit “submit.” PayPal now asks me to set up 3 questions to use to recover my account in case I forget the login in the future. Uh. What? No. I do not want to set up an account, I want them to stop sending me email. I abandon that webpage.
I then attempt to recover the password to the account. Put in the email address that PayPal is sending email to and hit “forgot password”. PayPal, as expected, sends me an email. Click this magic link to recover your account. PayPal then asks me to input the full number of the credit card associated with the account – the credit card number I do not have. What account? What credit card number? Is this from my 2003 subscription that was closed? Is this from the purchase I made in February? I abandon that webpage.
The recover password email helpfully lists a phone number I can call for assistance so I call. In order to be able to talk to someone I have to enter my phone number. And the credit card number associated with my account. I resorted to randomly pounding on “0” and telling the voice recognition software I wanted help. Eventually, it got so confused it transfered me to a real human.
Tragically, the voicemail system was actually more helpful than the real human on the other end. Distilling down hours of sitting on the phone with them, I am told the following:
- There is no way to unsubscribe from mail at PayPal.
- Everyone gets spam and I should not care about spam from PayPal
- I can block mail from PayPal in my mail client.
During the conversation, I was repeatedly informed I did have a PayPal account. I asked when the account was opened. The first rep said “June 23, 2008.” You mean today? The day I attempted to login to the account to unsubscribe from the mail you sent me? Yes. That is the day I opened the account. She was incredibly unhappy when I pointed out that was after I had received the email, was my attempt to unsubscribe from the email and did not explain why I was receiving unwanted email from them. After going in circles, repeatedly being placed on hold and asked for credit card information I used to set up the account, I requested a supervisor. The supervisor told me the account was opened in September 2007. September? What? I have no recollection (or email!) about dealing with PayPal in September. I decide to stop trying to figure out the account and asked if there was any way I could make PayPal stop emailing me. She helpfully explained everyone gets spam, that I should block PayPal in my email client and then hung up on me.
Steve, noticing that I was in a slight temper, worked his way through their voicemail system and talked to another rep. Overall his experience was the same. There is no way to unsubscribe from PayPal’s emails without logging in to the preference center and there is no way to login to the preference center without the credit card number associated with the account.
After about 2 1/2 hours of trying to deal with the PayPal reps, we gave up. Clearly there is no way to actually unsubscribe from PayPal mailings.
How many recipients who don’t want to receive mail from Paypal are going to spend several hours fighting through an unhelpful phone tree and being hung up on by customer support reps? Almost none of them. Instead they’re going to hit the “This is spam” button to block the mail, damaging the reputation of the ESP sending the mail.
Worse than that for PayPal, though, is that eBay/PayPal are strongly in favour of DKIM, and they are signing all their mail – solicited and unsolicited, marketing and transactional – with DKIM. That means that recipients hitting the “This is spam” button in response to not being able to unsusbscribe from unwanted mail will also damage the reputation of all mail sent by PayPal, including their transactional mail, not just the reputation of the ESP sending the bulk mail.
Last week it was a little sender at a small ESP failing to correctly manage unsubscribes. This week it is one of the largest senders of email who cannot get unsubscribes right. One of the underlying problems is PayPal’s choice to irrevocably link account management and marketing email. PayPal policy states they cannot let me have access to another person’s financial information and owning an email address they are sending email advertising to is not proof of ownership. In other words, the account established with my email address is not actually my account and I have no right to stop receiving mail.
I actually understand this and appreciate PayPal’s attempts to protect the financial information of their users. However, a major flaw in the current process is that PayPal does no email address confirmation with the account. Therefore, people receiving email from PayPal cannot make the email stop. They do not want to reveal financial information to me if I do not have the right to see it? Good for them. That’s fine, that’s great, but they have to make it possible for recipients to make the mail stop.
One of the early reps I talked to even claimed it was Federal Law that they had to get me to verify the account before they could unsubscribe me. She is very, very wrong. CAN SPAM is reasonably specific about unsubscribes. Currently there must be a way to unsubscribe over the Internet. I do not believe PayPal is currently compliant with CAN SPAM because of the hurdles they have erected that make it more difficult, or even impossible to unsubscribe from their marketing mail.
Since the original CAN-SPAM legislation was passed the FTC has acknowledged recipient concerns that marketers are skirting the existing requirement that they allow recipients to unsubscribe by making unsubscription possible, but requiring recipients to go through a complex process, or require unreasonable additional information (such as, say, credit card numbers) from recipients in order to discourage users from unsubscribing.
To show that this sort of behaviour is not an acceptable way to offer unsubscription according to CAN-SPAM, the FTC have included detailed clarification on this point in their rulemaking that takes effect on July 7th.
§ 316.5 Prohibition on charging a fee or imposing other requirements on recipients who wish to opt out.
Neither a sender nor any person acting on behalf of a sender may require that any recipient pay any fee, provide any information other than the recipient’s electronic mail address and opt-out preferences, or take any other steps except sending a reply electronic mail message or visiting a single Internet Web page, in order to:
(a) Use a return electronic mail address or other Internet-based mechanism, required by 15 U.S.C. 7704(a)(3), to submit a request not to receive future commercial electronic mail messages from a sender; or
(b) Have such a request honored as required by 15 U.S.C. 7704(a)(3)(B) and (a)(4).