Confirming addresses for transactional mail

A colleague was asking about confirming transactional mail today. It seems a couple of big retailers got SBLed today for sending receipts to spamtraps. I talked a few weeks ago about why it’s important to let people unsubscribe from transactional email, and many of those same things apply to confirming receipts.

First, let’s look at what Spamhaus has to say. Initially they listed the reason for the SBL listing as “receipts to spam traps.” They later clarified the underlying issue.

…[T]he issue with these receipts isn’t simply that one-off receipts are being sent to typoed email addresses. That issue would be trivial if no further email were sent to those email addresses, even during the Christmas shopping season. The issue is that typoed email addresses are being associated with customer accounts and receiving all sorts of email (transactional and marketing both) without ever being confirmed. Spamhaus Statement (.pdf)

This matches very closely with what I said in my earlier post about allowing people to unsubscribe from transactional emails.
Transactional mail that is only ever a single event and where that address is not associated with an account doesn’t need to have an unsubscribe link. If it’s a one-time email, then it’s OK to not have an opt-out link. It’s OK to have an opt-out link, but not necessary.

However, transactional mail that’s associated with some sort of account and is likely to receive future emails must have a process in place to make sure that the mail is going to the right person.

A couple examples where retail stores should have confirmation in place.

Apple has an option to associate an email address with a credit card. Customers that take this step can go into any Apple store, buy something with that card and Apple will email them a receipt. This type of setup should have some process to confirm that Apple are sending the receipt to the right place.

Citibank links online banking accounts to credit or debit cards. They’ve now started offering the ability for ATM transaction receipts to be sent to the email address on file for that card. They have incorporated a verification process as part of setting up online banking, and receipts should only go to the actual customer.

There are, however, lot of retailers that collect addresses at point of sale and use those for receipts and marketing without any confirmation. Some online retailers collect email addresses and then let customers create an account with that address. They often don’t confirm these accounts, either. That may not sound so bad, creating an account is a simple step that encourages repeat purchases.

Without some sort of address confirmation in place, customers can create accounts with email addresses they don’t control. In most cases, customers can continue to use those accounts until they forget their passwords. Purchase confirmation emails and marketing mails both can be sent to unrelated 3rd parties.

Spamhaus listing companies that are sending repeated transactional emails to spamtraps means senders who don’t confirm addresses are at increased delivery risk, even when the majority of mail sent to those addresses is transactional. It’s not the content, it’s the volume. The more mail sent to an address the more important it is to make sure that the person at that address is actually the right customer. Otherwise, senders open themselves up to delivery problems. There is also the possibility that some congress person decides that receipts going to the wrong person is a problem that needs to be fixed with laws. I’m pretty sure whatever that congress person decides will be worse for both consumers and retailers than retailers confirming email addresses.

Related Posts

Confirmation Fails

Yesterday I talked about registration confirmations. Today I’m going to talk about a couple recent experiences with websites and their registration failures.
The first experience was with Yelp. One of my readers decided I needed a Yelp account and created one using my laura-questions email address. Yelp understands that people will be jerks and so sent me an email to confirm the account.

Read More

Is Spamhaus still relevant?

Today’s Wednesday question comes from a recent discussion on the Only Influencers mailing list. One of the participants asked “Is Spamhaus relevant and necessary? Are they willing to work with marketers?”

Read More

Confirming website registrations

Confirming email addresses during a website registration process is a good practice. It stops people from creating fake accounts, abusing  resources and using that site as a mechanism for harassment. But simply sending out a confirmation mail is not sufficient to prevent problems, particularly when everything about the process assumes that unconfirmed registrations are actually valid and not problem accounts.
I’ve had a couple recent experiences with companies attempting to use email confirmation, but failing pretty miserably. In each case a website set up a process where a user could register an account on the site. Both sites required confirmation of the registration email addresses as part of the process. But in each case there were some major failures that result in non-customers getting email.
Tomorrow I’ll talk about those two specific cases. I’ll also provide specific suggestions on how not to fall into the same trap and actually send opt-in email.

Read More