GitHub is a site where developers can share code with one another. It is widely used by open source developers. Their user base is made up of geeks and people who want a lot of control over their mailbox.
Their email signup process reflects the sensibilities of their market, without being difficult to manage or understand.
I have a frequent flyer account with Virgin America. They want me to sign up for some new thing, and they’ve sent me two emails about it so far, with lots of good call-to-action language, and a big “Join Now” button.
But this is the start of the form that clicking on that button leads to:
(It goes on further, finally ending up with a captcha and a submit button.)
Virgin America already has all that information, and it’s all tied to the account they sent the email to. If they were to have pre-filled the form with that personal information I might have looked at it further. Quite apart from the annoyance of having to give information that they already know, I’ve no idea what my frequent flyer number is and I’d need to go and look it up before I could go any further. From a typical recipients point of view this makes it much less likely that I’d consider signing up for it. That barrier to entry drives people away.
From an email/privacy professionals point of view I know why they do it this way, though. This web form isn’t Virgin America’s form – it’s a third party that Virgin America is doing co-registration with (though neither party is as clear about that fact as they could be, of course). Virgin America are being paid by that third party for each new sign up they capture – but they don’t want to share their customers private information with the untrusted third party. Doing the information capture this way, by just using their mailing list to drive traffic to the third party’s website is very cheap to do, much cheaper (and so more profitable) than doing it “properly” by having Virgin America induct people into the third party program, and reducing the barrier to entry to just a simple disclosure and “Sign me up!” button.
But treating third-party co-registration signups as “free money for almost no investment” only works if you don’t consider the attention of your existing customers valuable. Of the past five emails I’ve received from Virgin America, only one has been talking about buying flights – the other four were, like this one, co-registration offers (credit card, car hire, vacation, online surveys), with varying degrees of Virgin branding. They don’t really bring much benefit to recipients, and they’re a bit intrusive.
I’m not sure how much Virgin America is paid for dropping this sort of co-reg and third-party advertising into their mail stream, but it can’t be that much (does anyone know?). Treating your existing customers as a resource of cheap, fungible eyeballs to be sold to random third parties, rather than as people you’re maintaining a relationship with, risks driving them away from your email program. Given the value of a loyal airline traveller that can’t be profitable in the longer term, and likely not the short term.
I sign up at a lot of websites and liberally spray email addresses across the net. These signups are on behalf of one customer or another and each webform gets its own tagged and tracked email address. I always have a specific goal with each signup: getting a copy of a customer’s email, checking their signup process, auditing an affiliate on behalf of a customer or identifying where there might be a problem in a process. Because I have specific goals, I am pretty careful with these signups and usually uncheck every “share my email address” box I can find on the forms.
In every case the privacy policies of my clients and the things they tell me are explicit in that addresses will not be shared. It’s all opt-in, and email addresses are not shared without permission. Even in the cases where I am auditing affiliates, my clients assure me that if I follow this exact process my address will not be shared. Or so the affiliates have assured them.
Despite my care and the privacy policies on the websites, these addresses occasionally leak or are sold. This is actually very rare, and most of the websites I test never do anything with my address that I don’t expect. But in a couple cases these email addresses have ended up in the hands of some hard core spammers (hundreds of emails a day) and there was no useful tracking I could do. In other cases the volume has been lower, and I’ve watched the progression of my email addresses being bought and sold with morbid fascination.
Today an address I signed up at a website about a year ago got hit with multiple spams in a short time frame. All came from different IPs in the same /24. All had different domains with no websites. Whois showed all the domains were registered behind a privacy protection service. Interestingly, two of the domains used the same CAN SPAM address. The third had no CAN SPAM address at all. None of these addresses match the data I have on file related to the email signup.
It never ceases to amaze me how dishonest some address collection outfits. Their websites state clearly that addresses will not be bought an sold, and yet the addresses get lots of spam unrelated to the original signup. For those dishonest enough to do this they’ll never get caught unless recipients tags and tracks all their signups. Even worse, unless their partners test their signups or their mailing practices, the partners may end up unwittingly sending spam.
I’ve been working with a new client on getting them signed up for FBLs, whitelists and other sorts of monitoring. One of the places I recommended to them was signing up for the Hotmail Smart Network Data Services (SNDS) program. It’s been a while since I’ve gone through the process, so I decided to sign up our network space to give up to date instructions from to clients.
As part of the process, Microsoft confirms the request with the network owner. This is smart, it prevents the wrong people from getting access to delivery data. They use public records (ARIN and IP Whois data) to figure out the “network owner” and send an email to that person. In my case, the mail was sent to a role account at Hurricane Electric (he.net).
I asked for access, filling in “this is Laura from Word to the Wise and I am looking for access to our space.” The email address in the request was my @hotmail.com address. A few minutes later I checked my inbox to find an email from he.net.