Thursday mini-audit – part 3


Four weeks ago you signed up for your mailing list using a virgin email address. (You didn’t? Maybe you should do that today – there’s no time like Thursday for a quick sanity check!)
Check the mailbox for the account you signed up

  1. Is the mail you signed up for in the inbox? If you’re mailing at least weekly then there should be at least three messages there. Do they have identical From: addresses – if not, your recipients will be less likely to recognise them as from you, and will find it harder to whitelist mail from you by adding contacts to their address book. Are the subject lines consistent enough that they reflect your brand and help recipients recognise that the mail is from you?
  2. Is some of the mail you expected in the bulk folder? It shouldn’t be, as you added the From address used to your address book three weeks ago, so the mail should be coming directly to your inbox. Dig deeper and find out why.
  3. Is some of the mail you expected missing altogether? That’d be bad. Take a look at your delivery logs and find out why.
  4. Is there mail from anyone else in your inbox or bulk folder? There really shouldn’t be, unless you’re selling email addresses or sharing them with partners (which is a fairly bad idea in itself). If there’s mail from partners, is it clear that the recipient is receiving the mail because they signed up with you? If there’s mail from strangers… someone is stealing from you – you have a security problem or a crooked employee or contractor.
  5. Take a look at all the messages you’ve received. Is there consistent branding across, them? Is it clear that they’re from you?
  6. Is it clear how someone should unsubscribe? If it’s not crystal clear, recipients will just hit the “This is Spam” button instead, and you don’t want that.
  7. If your business is based on a website where you need to log in, make sure you’re logged out.
  8. Click on the unsubscribe link. Where does it take you? The unsubscribe page should ideally have similar branding to your newsletter or corporate site. A plain bare-bones web page will make people suspicious.
    1. If the unsubscribe link that takes you to a page that says “You’ve been unsubscribed” without mentioning your email address, that’s bad. A lot of spammers include “unsubscribe” links that point to static pages that look like that, and they’re the sort of thing that make people familiar with bulk email nervous – and people who run blacklists or manage corporate or ISP filtering are very familiar with bulk email. Don’t do that.
    2. If the unsubscribe link takes you to a page that says “your@email.address has been unsubscribed” then that’s quite a bit better – but it means that people could be unsubscribed accidentally if they forward the email on to someone else, or if they’re using software that pre-visits links in email, or if they’re just visiting the link to see what options they have for controlling their subscription. So don’t do that.
    3. Does it lead to a page that requires them to enter their email address in order to unsubscribe? That’s… kinda OK, and is legal under CAN-SPAM, but you already know their email address and could handle that automatically. It’s an additional barrier that might cause recipients to hit the “This is Spam” button instead of completing the unsub process. It can also cause problems where someone has a forwarded email address – “their” email address may be at AOL, while the subscribed email address might be at It’s an OK approach, but it’s possible to do a lot better.
    4. Does it lead to a page that says “If you’d like to unsubscribe your@email.address, click this button” that’s pretty darn good. A variant of this is to have a text field where you can enter an email address, but have it pre-filled with the right email address. If it’s clear what mailing list, sent by what company, you’ll be unsubscribing from then that’s even better.
    5. Does it lead to a page that requires you to log in with a username and password to unsubscribe? If so, that violates CAN-SPAM requirements (and a bunch of other legislation). Really don’t do that.
    6. Does it require you to provide any other information (“why you want to unsubscribe”, for example)? You’re not allowed to do that by CAN-SPAM. You can ask for additional information, as long as you don’t require it, but if you do you should make it very clear that it’s optional.
  9. When you click the button to confirm the unsubscription, what happens? Does it tell you you’ve been unsubscribed and tell you what you’ve been unsubscribed from, all branded to match newsletter or corporate style? That’s good. It’s also a good place to allow people to resubscribe, should they want to, and maybe ask why they unsubscribed, as long as it’s done with care. Does it just send you to the corporate home page? That’s bad, as there’s no confirmation of the unsubscription to the recipient. Just a blank page or bare-bones “you’ve been unsubscribed” page? Not great. If it says that “You’ll be unsubscribed some time in the next ten business days” or similar, that’s legal according to CAN-SPAM but is the sort of  behaviour that’ll upset recipients and cause them to hit the “This is Spam” button.
  10. Does it send you an email to which you’ll need to respond in order for the unsubscription to take effect? That’d bad in a lot of ways, and violates CAN-SPAM.
  11. Does it send you an email to confirm that you’ve been unsubscribed? This can be a really good idea, or a really bad one depending on the style of the list and the recipient demographic. Think about what your recipients will find helpful.
  12. Try and unsubscribe again. If it tells you that you’ve already unubscribed, or you’re not a subscriber to the list that’s good. If it tells you that you’ve been unsubscribed just the same as the first time that’ll make people suspcious that it’s not a real unsubscription handler, which can lead to problems with spam filters and blacklist removal.
  13. For extra credit, and only if you’re on first name terms with someone who manages the subscription database and have cleared it with them first, try and hack the unsubscription link. If it has an obvious email address in it, change that to a different one and see what happens. If it has apparently random numbers in it, try modifying one to be one more or less and see what happens. In all cases this should throw an error (as the unsubscription link should have some level of data integrity checks on it).
  14. Set a date in your calendar to come back here for part 4 on Thursday October 7th

About the author


This site uses Akismet to reduce spam. Learn how your comment data is processed.

By steve

Recent Posts


Follow Us