Email verification – what are we verifying

One of the ongoing discussions in the email space is the one about address verification. Multiple companies have sprung up to do “real time” email address verification. They ensure that addresses collected at the point of sale are valid.
But what does valid mean? In most of these contexts, valid means that the addresses don’t bounce and aren’t spam traps. And that is one part of validating email addresses.
That isn’t the only part, though. In my opinion, an even more important thing to validate is that the email address belongs to the person giving it to you. The Consumerist has had an ongoing series of articles discussing people getting mis-directed email from various companies.
Today the culprit is AT&T, who are sending a lot of personal information to an email address of someone totally unconnected to that account. There are a lot of big problems with this, and it’s not just in the realm of email delivery.
The biggest problem, as I see it, is that AT&T is exposing personally identifiable information (PII) to third parties. What’s even worse, though, is that AT&T has no process in place for the recipient to correct the issue. Even when notified of the problem, support can’t do anything to fix the problem.

I contacted the live chat support for this account (since the notification emails are “do not reply”) to have a support rep help their customer correct their account. However, the support rep said there was nothing they could do, that I should not receive emails too often, and to try calling their business customer myself to get it fixed.

The inability to make corrections on data is not unique to AT&T. There are a lot of places where if someone incorrectly attaches an address (or phone number, or SMS number) to an account there is no recourse for the person who actually owns that address. Over the holidays someone attached my phone number to their Yahoo account, resulting in me getting SMS messages about password and secret question updates. There was no way for me to tell Yahoo “not my account” so I just had to deal with the SMS messages until the person involved figured it out and took my number off the account.
Verifying email addresses as valid is great. But just because an address is valid does not mean that it belongs to that customer.
I see a lot of places pushing address verification as a fix for poor delivery. And it will be in most cases. The problem is, poor delivery is simply a symptom of not verifying that the recipients are customers. Sending only to valid addresses, doesn’t stop spam to 3rd parties when customers give wrong but totally valid addresses.
Every company should send out a welcome message that allows recipients to confirm that they are the right person. Every company should take steps to stop releasing PII to third parties. Every company should think about more than just verifying that an address is valid, but that the address is valid for their customer.

Related Posts

MAAWG statement on email appending

MAAWG has published their position statement on email appending. It’s pretty explicit in it’s condemnation of the practice.

Read More

Can you verify email addresses in real time?

In a recent discussion about spamtraps and address lists and data collection a participant commented, “[E]very site should be utilizing a real-time email address hygiene and correction service on the front end.” He went on to explain that real time hygiene prevents undeliverable addresses and spamtraps and all sorts of list problems. I was skeptical to say the least.
Yes, there are APIs that can be queried at some of the larger ISPs to identify if an account name is taken, but this doesn’t mean that there is an associated email address. Yes, senders can do a real time SMTP transaction, but ISPs are quick to block SMTP transactions that quit before DATA.
I decided to check out one service to see how accurate it was. I’m somewhat lucky in that I created a username at Yahoo Groups over a dozen years ago but never activated the associated email address. This means that the account is shown as taken and no one else can register that address at Yahoo. But the address doesn’t accept any mail.

Read More

MAAWG and email appending

In today’s Magill Report Ken says:

The only surprise in the Messaging Anti-Abuse Working Group’s statement last week condemning email appending was that it didn’t publish one sooner.
However, MAAWG’s implication that email appending can’t be accomplished without spamming is nonsense.

Read More