GitHub is a site where developers can share code with one another. It is widely used by open source developers. Their user base is made up of geeks and people who want a lot of control over their mailbox.
Their email signup process reflects the sensibilities of their market, without being difficult to manage or understand.
I sign up at a lot of websites and liberally spray email addresses across the net. These signups are on behalf of one customer or another and each webform gets its own tagged and tracked email address. I always have a specific goal with each signup: getting a copy of a customer’s email, checking their signup process, auditing an affiliate on behalf of a customer or identifying where there might be a problem in a process. Because I have specific goals, I am pretty careful with these signups and usually uncheck every “share my email address” box I can find on the forms.
In every case the privacy policies of my clients and the things they tell me are explicit in that addresses will not be shared. It’s all opt-in, and email addresses are not shared without permission. Even in the cases where I am auditing affiliates, my clients assure me that if I follow this exact process my address will not be shared. Or so the affiliates have assured them.
Despite my care and the privacy policies on the websites, these addresses occasionally leak or are sold. This is actually very rare, and most of the websites I test never do anything with my address that I don’t expect. But in a couple cases these email addresses have ended up in the hands of some hard core spammers (hundreds of emails a day) and there was no useful tracking I could do. In other cases the volume has been lower, and I’ve watched the progression of my email addresses being bought and sold with morbid fascination.
Today an address I signed up at a website about a year ago got hit with multiple spams in a short time frame. All came from different IPs in the same /24. All had different domains with no websites. Whois showed all the domains were registered behind a privacy protection service. Interestingly, two of the domains used the same CAN SPAM address. The third had no CAN SPAM address at all. None of these addresses match the data I have on file related to the email signup.
It never ceases to amaze me how dishonest some address collection outfits. Their websites state clearly that addresses will not be bought an sold, and yet the addresses get lots of spam unrelated to the original signup. For those dishonest enough to do this they’ll never get caught unless recipients tags and tracks all their signups. Even worse, unless their partners test their signups or their mailing practices, the partners may end up unwittingly sending spam.
I have a frequent flyer account with Virgin America. They want me to sign up for some new thing, and they’ve sent me two emails about it so far, with lots of good call-to-action language, and a big “Join Now” button.
But this is the start of the form that clicking on that button leads to:
(It goes on further, finally ending up with a captcha and a submit button.)
Virgin America already has all that information, and it’s all tied to the account they sent the email to. If they were to have pre-filled the form with that personal information I might have looked at it further. Quite apart from the annoyance of having to give information that they already know, I’ve no idea what my frequent flyer number is and I’d need to go and look it up before I could go any further. From a typical recipients point of view this makes it much less likely that I’d consider signing up for it. That barrier to entry drives people away.
From an email/privacy professionals point of view I know why they do it this way, though. This web form isn’t Virgin America’s form – it’s a third party that Virgin America is doing co-registration with (though neither party is as clear about that fact as they could be, of course). Virgin America are being paid by that third party for each new sign up they capture – but they don’t want to share their customers private information with the untrusted third party. Doing the information capture this way, by just using their mailing list to drive traffic to the third party’s website is very cheap to do, much cheaper (and so more profitable) than doing it “properly” by having Virgin America induct people into the third party program, and reducing the barrier to entry to just a simple disclosure and “Sign me up!” button.
But treating third-party co-registration signups as “free money for almost no investment” only works if you don’t consider the attention of your existing customers valuable. Of the past five emails I’ve received from Virgin America, only one has been talking about buying flights – the other four were, like this one, co-registration offers (credit card, car hire, vacation, online surveys), with varying degrees of Virgin branding. They don’t really bring much benefit to recipients, and they’re a bit intrusive.
I’m not sure how much Virgin America is paid for dropping this sort of co-reg and third-party advertising into their mail stream, but it can’t be that much (does anyone know?). Treating your existing customers as a resource of cheap, fungible eyeballs to be sold to random third parties, rather than as people you’re maintaining a relationship with, risks driving them away from your email program. Given the value of a loyal airline traveller that can’t be profitable in the longer term, and likely not the short term.
DJ Waldow wrote a post on explicit permission over on Mediapost. I think he hit on some interesting bits and wanted to comment on them. In order to comment on a Mediapost blog, you have to register.
I’ve thought about it before, but every time I start the process I get to the page asking for detailed demographic information and decide no. This time, I was inspired enough by DJ to get to the second page of the signup process. This requires me to identify what type of marketing I’m interested in and won’t let me past the page until I click something. I’m not interested in anything, so I close the webpage. I can always write my own blog post responding to DJ.
I return to my inbox to discover a welcome message from Mediapost. It seems I am now a member and will be receiving email and specials and all the stuff I didn’t want from them.
This isn’t unusual. There are tons of websites on the net that don’t require you to complete a signup process in order to be added to their database. One of the worst I experienced was 1-800-Pet-Meds. They added me to their database when I abandoned a cart (what I wanted required a prescription from them, whereas I could just go into my vet’s and pick it up, so I’ll just pay the vet’s prices). They added me to their mailing list and couldn’t unsubscribe me because I was not in their customer database. Everything was done with the magic order number, which I didn’t have because I never ordered with them. That was fun to sort out.
It’s a bad idea to add people who don’t complete the signup or purchase process to your mailing lists. If you’re worried about losing a potential customer, then you can send mail reminding them to complete the process (or purchase). If you’re very into customer service, you can ask them if they are interested in future specials from you: would you like to opt-in to our mailing list anyway? Or you can give them the opportunity to remove their information from your database.