Email verification – what are we verifying
One of the ongoing discussions in the email space is the one about address verification. Multiple companies have sprung up to do “real time” email address verification. They ensure that addresses collected at the point of sale are valid.
But what does valid mean? In most of these contexts, valid means that the addresses don’t bounce and aren’t spam traps. And that is one part of validating email addresses.
That isn’t the only part, though. In my opinion, an even more important thing to validate is that the email address belongs to the person giving it to you. The Consumerist has had an ongoing series of articles discussing people getting mis-directed email from various companies.
Today the culprit is AT&T, who are sending a lot of personal information to an email address of someone totally unconnected to that account. There are a lot of big problems with this, and it’s not just in the realm of email delivery.
The biggest problem, as I see it, is that AT&T is exposing personally identifiable information (PII) to third parties. What’s even worse, though, is that AT&T has no process in place for the recipient to correct the issue. Even when notified of the problem, support can’t do anything to fix the problem.
I contacted the live chat support for this account (since the notification emails are “do not reply”) to have a support rep help their customer correct their account. However, the support rep said there was nothing they could do, that I should not receive emails too often, and to try calling their business customer myself to get it fixed.
The inability to make corrections on data is not unique to AT&T. There are a lot of places where if someone incorrectly attaches an address (or phone number, or SMS number) to an account there is no recourse for the person who actually owns that address. Over the holidays someone attached my phone number to their Yahoo account, resulting in me getting SMS messages about password and secret question updates. There was no way for me to tell Yahoo “not my account” so I just had to deal with the SMS messages until the person involved figured it out and took my number off the account.
Verifying email addresses as valid is great. But just because an address is valid does not mean that it belongs to that customer.
I see a lot of places pushing address verification as a fix for poor delivery. And it will be in most cases. The problem is, poor delivery is simply a symptom of not verifying that the recipients are customers. Sending only to valid addresses, doesn’t stop spam to 3rd parties when customers give wrong but totally valid addresses.
Every company should send out a welcome message that allows recipients to confirm that they are the right person. Every company should take steps to stop releasing PII to third parties. Every company should think about more than just verifying that an address is valid, but that the address is valid for their customer.