Confirmation Fails

Yesterday I talked about registration confirmations. Today I’m going to talk about a couple recent experiences with websites and their registration failures.
The first experience was with Yelp. One of my readers decided I needed a Yelp account and created one using my laura-questions email address. Yelp understands that people will be jerks and so sent me an email to confirm the account.

Hi Laura,
Thanks for joining Yelp.
To protect your privacy, please confirm your email address by clicking here:
https://www.yelp.com/ce?[REDACTED] We look forward to seeing you on Yelp.
— The Yelp Team
If you did not sign up for Yelp someone probably mis-typed their email address so just ignore this message.

I’m pretty sure it wasn’t a typo, but in the grand scheme of things if I don’t have to unsubscribe, I’m pretty happy. I continued to be happy with Yelp, until about a week later. At that point I started getting Yelp newsletters to laura-questions. It seems that “ignoring the message” doesn’t mean they won’t contact me, just that I don’t have access to the fake account that someone set up for me. Even worse, the unsubscribe link didn’t work because the account had not been confirmed.
Yelp doesn’t accept email, so eventually I had to open a case with their legal department to get them to stop sending me newsletters that I hadn’t asked for, nor confirmed. They seem to have fixed the problem at this point.
I understand this is a fairly rare situation, but there are a lot of things that Yelp could do to improve the experience of people who have fake accounts created by harassers.
Obviously, Yelp could trivially fix the problem by not sending newsletters to any unconfirmed address. But a lot of marketers will tell you that recipients are lazy and they won’t confirm but they will happily receive email. In some cases, the marketers even have data that shows definite revenue from mail sent to unconfirmed addresses. Not ever mailing those addresses seems to be a bad idea. At the same time, marketing to those addresses also seems like a poor idea.
There are some things I would suggest to clients in order to respect recipients who don’t confirm but not lose revenue due to recipients who don’t confirm but want the email.

  1. Limit what users can do on the website before they confirm their email address. Facebook, for instance, does not allow installation of games or internal messaging until an account is confirmed. This stops users from giving fake addresses but actually using the services provided by a website.
  2. Set up a limited marketing campaign to unconfirmed addresses. Instead of just adding those users to their normal marketing stream, they could send a confirmation reminder or two. Ideally these would be a small version of the newsletter: “here’s what you missed by not confirming your address. Confirm your address by <DATE> in order to get our newsletter and all the benefits of your account.
  3. Use website data to determine engagement. If someone creates an account, never confirms and never logs in, then it’s very likely this is a fake account and they shouldn’t be mailed at all.
  4. Make it easy to unsubscribe from mail, particularly when the address is unconfirmed. Even folks who run spamtraps will sometimes give senders the benefit of the doubt and try to unsubscribe. If that unsubscribe doesn’t take or is hard, that may result in a blocklisting.
  5. Have a link in the confirmation message that allows the recipient that says this registration is fraudulent, don’t ever email me again.

The second situation is with the New York Times. Apparently, I created an account on the NYTimes.com website at some point. A few weeks ago I got an email from them.

Dear NYTimes.com Registered User,
You previously registered your e-mail address on NYTimes.com. Our records indicate that
you did not confirm your email address.
Please note we have confirmed your email address so that you can now receive important
e-mail notifications and updates from NYTimes.com. To start getting all of the news you
want delivered right to your in-box, simply select your free newsletters now:

I know this is an account I created because it came to a tagged address. What I don’t know is how long ago I created the account. I have no trace of mail to that address from the NY Times in my mailbox which has archives back to mid-2010. That means the registration is at least 36 months old. With no communication from the NY Times in that 36 months, I bet that mailing had some pretty bad delivery.
Clearly, confirming addresses for your recipients is a very bad idea. However, there are things the NY Times could have done better.

  1. Instead of sending me an email saying they were confirming my address, they could have sent me an email asking me to confirm my address.
  2. Limit the addresses emailed for confirmation to those accounts that are currently active. Not only do I not remember signing up, I don’t have any trace of the login data for my account. That means I’ve not logged into NYTimes.com with that account. Using website data is a great way to interact with users outside of email. The NY Times could identify active users who’ve not confirmed and send them confirmation emails.
  3. Limit the website functionality for NY Times for users who’ve not confirmed. The NY Times has been desperate to find some way to monetize their website, and that means they are doing a lot with interstitial ads and restricting article reads. They have the ability to stop users from logging in if the email addresses are not confirmed. That wouldn’t affect people like me who create an account and then forget they have it and never use it. What it would do is convince people who were actively logging into the NY Times to confirm. No confirmation, no logins at the paper, no commenting on articles, no access to archives, whatever the NY Times wants to restrict from non-registered and non-confirmed users.
  4. Allow an opt-out! The message was tagged as a “service message.” The footer said I could unsubscribe from promotional emails, but did not allow me to opt-out from more service messages. This is a bad idea, particularly when the NY Times is confirming my address for me.

Confirming registrations at websites is a good step for many commercial sites. It gives so many benefits to both the recipient and the website. But confirmations can be handled poorly, as the above two examples show. But there were simple, small things that both companies could have done that would have changed their spam to legitimate email.

Related Posts

How not to build a mailing list

I mentioned yesterday one of the major political blogs launched their mailing list yesterday. I pointed out a number of things they did that may cause problems. Today, I discovered another problem.
This particular blog has been around for a long time, probably close to 10 years. It allows anyone to join and create their own blogs and comment with registered users. As part of their new mailing list, they added everyone who has ever registered to their mailing list. They did not send a “we have a new list, want to join it?” email, they added every registered user to the list and said “you can opt out if you want.”
This is such a bad idea. My own account was used once, to make one comment, back in 2005. Yes, 2005. It’s been almost 5 years since I last logged into the site. Sure, I have email addresses that go back that far, but not everyone does. That list is going to be full of problems: dead addresses, spamtraps, duplicates, unengaged and uninterested.
Seriously, they’re adding people who’ve not logged into their site in 5 years to a mailing list. How can this NOT go horribly wrong?
My initial thought was this was going to blow up in a week. I’m now guessing they’ll start seeing delivery problems a lot sooner than that.

Read More

Confirming addresses in the wild

A lot of marketers tell me “no sender confirms addresses” or “confirming addresses is too hard for the average subscriber.” I find both these arguments difficult to accept. Just today I subscribed to a mailing list that had a confirmation step. The subscription form was pretty simple.

Read More

Would you buy a used car from that guy?

There are dozens of people and companies standing up and offering suggestions on best practices in email marketing. Unfortunately, many of those companies don’t actually practice what they preach in managing their own email accounts.
I got email today to an old work email address of mine from Strongmail. To be fair it was a technically correct email. Everything one would expect from a company handling large volumes of emails.  It’s clear that time and energy was put into the technical setup of the send. If only they had put even half that effort into deciding who to send the email to. Sadly, they didn’t.
My first thought, upon receiving the mail, was that some new, eager employee bought a very old and crufty list somewhere. Because Strongmail has a reputation for being responsible mailers, I sent them a copy of the email to abuse@. I figured they’d want to know that they had a new sales / marketing person who was doing some bad stuff.
I know how frustrating handling abuse@ can be, so I try to be short and sweet in my complaints. For this one, I simply said, “Someone at Strongmail has appended, harvested or otherwise acquired an old email address of mine. This has been added to your mailing list and I’m now receiving spam from you. ”
They respond with an email that starts with:
“Thank you for your thoughtful response to our opt-in request. On occasion, we provide members of our database with the opportunity to opt-in to receive email marketing communications from us.”
Wait. What? Members of our database? How did this address get into your database?
“I can’t be sure from our records but it looks like someone from StrongMail reached out to you several years ago.  It’s helpful that you let us know to unsubscribe you.  Thank you again.”
There you have it. According to the person answering email at abuse@ Strongmail they sent me a message because they had sent mail to me in the past. Is that really what you did? Send mail to very old email addresses because someone, at some point in the past, sent mail to that address? And you don’t know when, don’t know where the address came from, don’t know how it was acquired, but decided to reach out to me?
How many bad practices can you mix into a single send, Strongmail? Sending mail to addresses where you don’t know how you got them? Sending mail to addresses that you got at least 6 years ago? Sending mail to addresses that were never opted-in to any of your mail? And when people point out, gently and subtly, that maybe this is a bad idea, you just add them to your global suppression list?
Oh. Wait. I know what you’re going to tell me. All of your bad practices don’t count because this was an ‘opt-in’ request. People who didn’t want the mail didn’t have to do anything, therefore there is no reason not to spam them! They ignore it and they are dropped from your list. Except it doesn’t work that way. Double opt-in requests to someone has asked to be subscribed or is an active customer or prospect is one thing. Requests sent to addresses of unknown provenance are still spam.
Just for the record, I have a good idea of where they got my address. Many years ago Strongmail approached Word to the Wise to explore a potential partnership. We would work with and through Strongmail to provide delivery consulting and best practices advice for their customers. As part of this process we did exchange business cards with a number of Strongmail employees. I suspect those cards were left in a desk when the employees moved on. Whoever got that desk, or cleaned it out, found  those cards and added them to the ‘member database.’
But wait! It gets even better. Strongmail was sending me this mail, so that they could get permission to send me email about Email and Social Media Marketing Best Practices. I’m almost tempted to sign up to provide me unending blog fodder for my new series entitled “Don’t do this!”

Read More