Audit trails are important.

One of the comments on my Spamtraps post claims that audit trails should be maintained by recipients, not senders.

If people are using legitimate email addresses that legitimately opted in and verified details, they should be required to have a log of which lists they opted in to. You are just asking to hurt legit mailers.

The underlying reasoning appears to be that no sender ever spams, and every recipient or spamtrap owner is just too dumb to remember what they signed up for. If the recipient maintains a list of where they sign up, then spam will be a solved problem.
This is not only an unpersuasive line of argument, it’s also pretending that mailboxes are full of opt-in mail that the recipient just forgot about signing up for.
I do keep track of where I sign up for things. This doesn’t actually help when I get spam. For instance, I know that the address ticketmaster keeps spamming for raves in London was never used to sigh up for anything. Yet ticketmaster keeps telling me it was. They, of course, can’t tell me when or from where, so I treat the mail as spam.
I know that another address did sign up at a client’s site in 2007 as part of an audit I was doing for them. In 2010 that address was leaked to (or stolen by) a bunch of affiliate spammers. In the last 18 months I’ve gotten over 19,000 offers to the address, none of which are related to the original signup. Many of those offers are from real brands, including some that have hired me to investigate their affiliate programs and larger delivery problems.
I know another address was used during correspondence with a vendor discussing payment terms. That address was never given to them to add to a newsletter. They mailed me anyway. I knew that the mail was spam.
Knowing what you signed up for and having a log of what you opted in to doesn’t do anything to stop a sender from sending spam. It also doesn’t help legitimate mailers who may end up with spamtraps on their list. In all of the above situations my knowing where the address was given doesn’t help me or the sender identify what part of their signup process is broken.
If, however, senders had a real audit trail for addresses, they could identify what import brought my address into their list. They could track the dodgy vendor that is selling them bad lists. They can identify the problematic import that brought employee address books into the newsletter database. They could identify what idiot used my email address to buy tickets in London.
If the senders knew what was broken, they could fix the problem and have more deliverable and more responsive mailing lists. Without an audit trail, however, they’re stuck with a bunch of addresses of unknown provenance.

1 comment

  1. Bill Silverstein says

    List vendor? If they are buying lists, is that not spamming since the recipient did not provide permission?


Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.