Broken Policies

As an email policy wonk, I think a lot about how specific policy implementations can go wrong. Sure, every policy can go wrong, or not fit a common case. A lot of people only write polices that address common cases and don’t worry about the rarer cases. The problem is there are some rare cases that may cause significant harm and those cases should be addressed.
Consumerist has a case up about email policy gone wrong with a clear path to harm but no policy for handling the issue. There are a couple places I see where this policy hole can be fixed.
Chase Bank does no verification when they collect email addresses, which results in them sending email to a person who does not have an account with Chase. This is not an ideal situation for anyone. Chase is revealing private financial information to an outside party, the actual bank customer is not getting their information and someone is getting email about money that’s not theirs.
In terms of policy for institutions handling sensitive personal information, I would always recommend implementing a verification step. This is mail that people want so they should confirm it. It’s also mail that really should be not going to 3rd parties.
Chase does not implement any verification step for email. This isn’t a fatal problem, as long as there is some process in place to get feedback and then correct the issue.
Unfortunately, Chase’s policies failed here, too. Chase requires an account number to speak to a representative about any issues. In this case, the email recipient does not have an account number. All of Chase’s contact channels rely on an account number: no account number, no talking to a human.
In terms of overall policy  Chase is hoping here is that, at some point, their actual customer will notice they’re not getting email and call in and attempt to troubleshoot the problem with Chase reps. I’m willing to bet, though, that their tier 1 people don’t have the training or information needed to troubleshoot this problem. I expect they’re going to read the script that says, “We sent you the mail, it must be a problem on your end. Have a nice day.”
Chase, and other bank analogues that require an account number, that do not verify email addresses should not require account numbers to talk to someone about the mail they are receiving. Why? Because although it’s reasonably rare that the mail is going to the wrong party, the potential harm to the bank’s customer is very high. This danger to customers means the bank should invest in a support pathway that allows non-customers to call, or write, to report misdirected email.
If Chase were my customer, I’d recommend adding a button to the email that says “receiving this mail in error, report here.” Make this a simple form that the recipient can fill out, two boxes one for email address and one optional one for “reason”. Once the bank has the report, they can stop the misdirected email and attempt to contact the customer through another channel. I’d also recommend that customers confirm any new address they add to the account in the future.
I know the bank thinks that by requiring an account number they are protecting their customers. Unfortunately, they’re failing to address a rare but potentially harmful case. Sadly, I expect even after this, they will still fail to implement any changes that will stop this from happening in the future.

Clicktracking 2: Electric Boogaloo
Ah, Spammers.

Related Posts

Link roundup June 18, 2010

Hotmail has released a new version of their software with some changes. Return Path discusses the changes in depth, but there are a couple that senders may find helpful.

Read More

How not to build a mailing list

I mentioned yesterday one of the major political blogs launched their mailing list yesterday. I pointed out a number of things they did that may cause problems. Today, I discovered another problem.
This particular blog has been around for a long time, probably close to 10 years. It allows anyone to join and create their own blogs and comment with registered users. As part of their new mailing list, they added everyone who has ever registered to their mailing list. They did not send a “we have a new list, want to join it?” email, they added every registered user to the list and said “you can opt out if you want.”
This is such a bad idea. My own account was used once, to make one comment, back in 2005. Yes, 2005. It’s been almost 5 years since I last logged into the site. Sure, I have email addresses that go back that far, but not everyone does. That list is going to be full of problems: dead addresses, spamtraps, duplicates, unengaged and uninterested.
Seriously, they’re adding people who’ve not logged into their site in 5 years to a mailing list. How can this NOT go horribly wrong?
My initial thought was this was going to blow up in a week. I’m now guessing they’ll start seeing delivery problems a lot sooner than that.

Read More

Zombie Apocalypse

I hope my series on zombie addresses has convinced you that there are zombie addresses on your list and that you should be concerned about the effect they have on delivery and metrics. Today I’d like to talk about what you can do to get rid of zombie addresses without affecting too many actual subscribers.
Anti-Zombie Weapons
One thing that many companies struggle with while dealing with zombie addresses is letting go of addresses. They are so tied up in the idea that a bigger list is better that they can’t let them go. Even if a particular address has not had any activity in 18 or 24 months, they insist that they can’t give it up, it might come back and the customer might make a giant purchase. No. It’s a zombie. It’s not coming back, except to eat your brains.
The first step to dealing with zombies is to acknowledge their existence. They are there, they are on your lists and they are dirtying up your lists. Pretending they’re not there does not make them go away. They are zombies. In no case is there a human inside. There is no potential sale lurking, waiting to jump out and act on that perfectly crafted offer.
The second thing to remember is that the humans that used to have the zombie addresses found you once and they are still interested in what you’re offering then they will find you again. They may even already be back on your list with their new email address.
While you can’t identify zombie addresses specifically, you can identify addresses that act like zombie addresses. These are addresses that have no activity over a long period of time, more than 12 months. For these addresses that haven’t had activity in 12 – 18 – 24 months, you want to confirm with the recipient that they are there and want to continue to receive mail from you.
The best way to notify them is to send an email asking if they want to remain on your list. If they fail to act, you will remove them from future mailings. Short, sweet and will let you drop off zombie addresses without much effort on your part.
I know, I know, you aren’t ready to let go so fast. After all, some people have come back after 24 months and made a purchase from the perfect offer. They’re not dead yet! OK. But you can’t get a response from them through email. They just don’t care enough about what you’re sending. That’s when you contact them through another channel.
For instance, if the email address is tied to a web account, say a social networking site or bank account or a web forum, you can also contact the user through your website. Next time they log in, send them a message that says their email address has been removed due to inactivity, but if they want to reactivate they can do so at the subscriber preference center or profile page. When they do, send them an email to confirm that this is the address where they want to receive mail. At this point you can give them a link or a magic cookie to past into the website to verify the address.
Or if you’re a bigger retailer you can send alerts to your customer service staff, so when the account holder contacts you by phone with a question or an order you can get an updated email address. If you have a loyalty program, have an alert come up at the point of sale and the clerk can ask for an updated email address.
I even know one company that would send postcards to their zombie accounts in an effort to re-engage them and get an active email address from them.
If the person never comes back, if they don’t ever interact with your business again, if none of the channels work to contact them and update the address then it really is best to just let the relationship go. It may not be you, or anything you’ve done. People move on, their interests change and that’s part of life. They may have moved outside of your service area, or they may have joined your list for a specific product that they don’t need or you don’t sell. They may have died and turned into a real zombie. In any case, they are not a viable prospect for your mail.
Email addresses and business relationships are not forever. Letting zombie addresses go is important for the health of any email marketing program.

Read More