Purchased lists aren't always purchased

laura
Best practices
May 31, 2017

Spamhaus has listed a number of domains belonging to French politicians recently. In their blog post about it, they mention that the listings are directly related to address lists provided to candidates by the French government.

We learned of this issue recently when two different French candidates became entangled in two of our automated spam detection systems, the DBL and the CSS. The candidates whose IPs and domains were listed by us, when contacting us to resolve the listings, independently told us that the lists they were sending to were provided by the French government:
“I am a candidate for the French election next week and need to send as soon as possible an email to the 100000 people eligible to vote to explain my program and motivations. Emails has been given by french authorities.”
“Our lists are opt-in and have been provided by the French Government.

I’ve talked about purchased lists in the past (But my purchased list is TARGETED!!!, Where can I mail a purchased list?, Trust the list broker, Your purchased list … is spam, Purchased Lists and ESPs). But there’s always more to talk about.

No money needs to change hands for a “purchased” list.

This is a huge issue. I, and other deliverability experts, have repeatedly heard some variation on “it’s not purchased, it was given to me.” “It’s not purchased, it was part of my conference registration.” “It’s not purchased, it’s a professional organization I belong to and they give us the addresses.” “It’s not purchased, it’s rented.” “It’s not purchased, it’s co-reg.” The reality, though, is all those list types are what deliverability people mean when they say”purchased.”
Specifically, in the French election case, the candidates may or may not have paid for the lists, but they were still purchased.

What is a purchased list?

It’s pretty simple: if you didn’t compile the list yourself, if some third party did it, then the list is purchased. Those appended addresses? Purchased. That trade show list? Purchased. That highly targeted list of executives? Purchased. That list of French voters? Purchased.

Are purchased lists always bad?

Yes. There is zero incentive for third parties to make sure their address lists are clean and deliverable. Most email marketers know this. What’s the first thing most companies do when they purchase a list? Run it through a hygiene provider. Even the people buying lists don’t expect them to be clean. People and companies compiling lists make their money by collecting as many emails addresses as possible. They prioritize quantity over quality. Getting permission, checking accuracy, and bounce handling lower the quantity of email addresses available for sale. Their bottom line suffers when they do any sort of data hygiene.
I have no idea how the French government collected the email addresses. If it was part of voter registration they’re unlikely to do any verification. Here in California, voters have a choice about providing an email address. But the state does nothing to verify the address belongs to the voter. They also do sell that information for certain non-commercial purposes.

This list is transparent and has real permission.

Well, feel free to mail it. But I don’t believe the people who sold you the list. They lose money when they admit to subscribers they’re selling addresses. How do I know this? Because 99% of the time there is no visible notice at the point of collection. They hide the information somewhere deep in their privacy policy because if they don’t, not as many people subscribe. In those few cases where they do mention selling addresses, they don’t mention how often or to whom they’re selling. The key phrase is “trusted partners” which can range from actual partners to the guy down the street who has a big enough check.

Everybody mails purchased addresses.

Not everyone does, I know that for sure. I also know it’s fairly common. And I know some purchased lists are low complaint and low bounces so they don’t look bad to ESPs. The term for those kinds of lists is waterfalling. It’s simple. List compiler runs their list though enough different ESPs and removes addresses that complain, bounce or unsubscribe. Eventually, there’s a list where anyone who might unsubscribe has and anyone who might complain has. As ESPs are mostly reactive, the lists slide under the radar and never get flagged as purchased. The challenge for these lists is Gmail, and a lot of senders who have great delivery most places but fail at Gmail. Some of this is related to Gmail’s refusal to send complainers addresses back to ESPs.

Is there any best practice advice for mailing purchased lists?

Not really, no. If you ask most of the deliverability folks, ISP representatives or filter companies they’ll tell you don’t mail a purchased list. Still, there are a number of senders who try and come up with scenarios where a purchased list is fine and they can make money doing it. I’m not going to argue that some companies will see a short boost in revenue when they mail a purchased list. It can work over the short term. Over the long term, however, it drives down deliverability and makes it harder to reach the inbox.

April 2016: The Month in Email

We are finishing up another busy month at WttW. April was a little nutty with network glitches, server crashes, cat woes, and other disruptions, but hopefully that’s all behind us as we head into May. I’ll be very busy in May as well, speaking at Salesforce Connections in Atlanta and the Email Innovation Summit in Las Vegas. Please come say hello if you’re attending either of these great events.

Speaking of great events, I participated in two panels at EEC16 last month. We had a lot of great audience participation, and I met many wonderful colleagues. I wrote up some more thoughts about the conference here. I also had a nice conversation with the folks over at Podbox, and they’ve posted my interview on their site.
In the Podbox interview, as always, I talked about sending mail people want to receive. It always makes me roll my eyes a bit when I see articles with titles like “5 Simple Ways to Reach the Inbox”, so I wrote a bit about that here. In addition to sending mail people want to receive, senders need to make sure they are collecting addresses and building lists in thoughtful and sustainable ways. For more on this topic, check out my post on list brokers and purchased lists.
These same not-so-simple tricks came up again in my discussion of Gmail filters. Everyone wants a magic formula to reach the inbox, and — sorry to burst your bubble — there isn’t ever going to be one. And this is for a good reason: a healthy filter ecosystem helps protect all of us from malicious senders and criminal activity. The email channel is particularly vulnerable to fraud and theft. The constant evolution of filters is one way mail providers can help protect both senders and recipients — but it can be challenging for senders and systems administrators to keep up with this constant evolution. For example, companies sometimes even inadvertently filter their own mail!
I also wrote a bit about how B2B spam is different from B2C spam, and how marketers can better comply with CAN SPAM guidelines in order to reach the inbox. We also republished our much-missed friend and colleague J.D. Falk’s DKIM Primer, which is extremely useful information that was at a no-longer-active link.
One of my favorite posts this month was about “dueling data”, and how to interpret seemingly different findings around email engagement. We also got some good questions for my “Ask Laura” column, where we cover general topics on email delivery. This month we looked at “no auth/no entry” and the Microsoft Smartscreen filter, both of which are useful things to understand for optimizing delivery.
Finally, we are pleased to announce that we’ve joined the i2Coalition, an organization of internet infrastructure providers. They posted a nice introduction on their blog, and we look forward to working with them to help advocate and protect these important technical infrastructures.

What not to do when buying lists

Saturday morning I check my mail and notice multiple emails from the DMA. Yes, I got three copies of an email from the US Direct Marketing Association with the subject line Kick It Up A Notch With The DMA Career Center. It seems the DMA are buying addresses from various companies. Because I use tagged email addresses, this means their naive de-duping doesn’t realize that laura-x and laura-y are the same email address. Of course, they’ve also managed to send to an untagged email address, too. I have no idea where they got that particular address; I’m sure I’ve never handed that address over to the DMA for any reason.
Saturday afternoon, I check one of the professional filtering / anti-spam mailing list. Some subscribers are asking for copies of spam from 97.107.23.191 to .194. They’d seen a lot of mail to non-existent email addresses from that range and were looking to see what was going on and who was sending such bad mail. Multiple people on the list popped up with examples of the DMA mail.
Sunday morning, I checked the discussions wherein I discovered the DMA was added to the SBL (SBL 202218, SBL 202217, SBL 202216). It seems not only did they hit over a hundred Spamhaus spamtraps, they spammed Steve Linford himself.

Barracuda problems

Folks were posting earlier today noticing problems delivering to Barracuda hosted services. The good news is Barracuda has been updating their status page. As of now, the status page says things are improving.