It’s not a good example, though. It’s not clear from the snippet of mail given whether the response to the opt-in confirmation mail is being handled manually or not.
Maybe it’s being handled manually – the confirmation request is being sent using the From address of a real person, and that real person is then checking every reply, deciding whether it’s someone wanting to subscribe or not, then manually adding the user to the list if they do. If it is manual, it’s not going to scale well, it’s going to be prone to manual error and it likely doesn’t record enough information to enable easy auditing of the permission status of the subscribers.
It also reads like an awful lot of spam and grey area mail we all see. I sometimes see mail that reads pretty much like this, being sent to dozens of my mail aliases, with a bunch of different names in the “my name is ____” field.
“Our records indicate that one of our team members may have had email communication with you in the past”? So, you think I’ve inquired about something, but you’ve no idea about what? You’re contacting me “personally” to sign me up to a mailing list, but you’re not actually sure who at the company I talked to, or about what, or even whether I really did. Companies that scrape their CRM system (or, worse, their employees inboxes) for addresses in this way risk sending a lot of mail that’s not going to be welcome. (I’ve had this sort of mail sent to me in response to my sending mail to abuse@ in the past, when the company used the same CRM system for abuse and customer support, then decided to scrape the CRM system for addresses to market to).
It reads like stock boilerplate being sent in bulk to a list of correspondents, rather than personal mail from a real sales rep so I’m betting that the confirmation isn’t being handled manually – more likely, any reply to that mail will cause the user to be subscribed to the list. There are a lot of ways that can go wrong – just as one example, consider what happens when your upstream providers abuse@ role address is in your CRM system, as they’ve contacted you in the past, and their abuse@ alias sends an automatic reply in response to your mail.
A much more robust, scalable approach is to embed a web link in the mail sent out, one that uniquely identifies the email address the confirmation request was sent to, and ask the user to follow that link, instead of replying to the email. There are a variety of ways to implement that with different tradeoffs, but they’re all going to be more robust than asking subscribers to reply to an email to handle the confirmation for all but the smallest mailing lists.
Hmm, I dunno, Steve. I do agree that wrapping a better technical process around that would be a good thing. But I’d be perfectly happy if my employer’s clients utilized a process exactly as described. At least they’re doing SOMETHING to get consent, instead of just assuming.
Absolutely. Doing something about permission is better than not, and even a half-assed approach such as this one is much better than nothing.
But if you’re going to the effort of verifying permission there are much easier and better ways of doing it than the example Lashback give here as “an excellent example of best practice”.
I just thought it was nice that they asked at all. With all the talk we see of best practices, I feel like I too rarely see any in action. I think it also stuck out because it is someone in our industry. My pet peeve is getting “offers” to rent email lists with no unsubscribe in them, so I can let the sales dept. know I am not interested without having to write an email back. In this case I also wanted to make sure that another version of my email was not on their list, so I would starting getting two of everything and they confirmed it was not. I thought that was excellent. We should be encouraging these practices, it’s too easy to constantly criticize.
RSS - Posts
It’s not a good example, though. It’s not clear from the snippet of mail given whether the response to the opt-in confirmation mail is being handled manually or not.
Maybe it’s being handled manually – the confirmation request is being sent using the From address of a real person, and that real person is then checking every reply, deciding whether it’s someone wanting to subscribe or not, then manually adding the user to the list if they do. If it is manual, it’s not going to scale well, it’s going to be prone to manual error and it likely doesn’t record enough information to enable easy auditing of the permission status of the subscribers.
It also reads like an awful lot of spam and grey area mail we all see. I sometimes see mail that reads pretty much like this, being sent to dozens of my mail aliases, with a bunch of different names in the “my name is ____” field.
“Our records indicate that one of our team members may have had email communication with you in the past”? So, you think I’ve inquired about something, but you’ve no idea about what? You’re contacting me “personally” to sign me up to a mailing list, but you’re not actually sure who at the company I talked to, or about what, or even whether I really did. Companies that scrape their CRM system (or, worse, their employees inboxes) for addresses in this way risk sending a lot of mail that’s not going to be welcome. (I’ve had this sort of mail sent to me in response to my sending mail to abuse@ in the past, when the company used the same CRM system for abuse and customer support, then decided to scrape the CRM system for addresses to market to).
It reads like stock boilerplate being sent in bulk to a list of correspondents, rather than personal mail from a real sales rep so I’m betting that the confirmation isn’t being handled manually – more likely, any reply to that mail will cause the user to be subscribed to the list. There are a lot of ways that can go wrong – just as one example, consider what happens when your upstream providers abuse@ role address is in your CRM system, as they’ve contacted you in the past, and their abuse@ alias sends an automatic reply in response to your mail.
A much more robust, scalable approach is to embed a web link in the mail sent out, one that uniquely identifies the email address the confirmation request was sent to, and ask the user to follow that link, instead of replying to the email. There are a variety of ways to implement that with different tradeoffs, but they’re all going to be more robust than asking subscribers to reply to an email to handle the confirmation for all but the smallest mailing lists.
Hmm, I dunno, Steve. I do agree that wrapping a better technical process around that would be a good thing. But I’d be perfectly happy if my employer’s clients utilized a process exactly as described. At least they’re doing SOMETHING to get consent, instead of just assuming.
Absolutely. Doing something about permission is better than not, and even a half-assed approach such as this one is much better than nothing.
But if you’re going to the effort of verifying permission there are much easier and better ways of doing it than the example Lashback give here as “an excellent example of best practice”.
I just thought it was nice that they asked at all. With all the talk we see of best practices, I feel like I too rarely see any in action. I think it also stuck out because it is someone in our industry. My pet peeve is getting “offers” to rent email lists with no unsubscribe in them, so I can let the sales dept. know I am not interested without having to write an email back. In this case I also wanted to make sure that another version of my email was not on their list, so I would starting getting two of everything and they confirmed it was not. I thought that was excellent. We should be encouraging these practices, it’s too easy to constantly criticize.