Co-Registration
Driving customers away
I have a frequent flyer account with Virgin America. They want me to sign up for some new thing, and they’ve sent me two emails about it so far, with lots of good call-to-action language, and a big “Join Now” button.
But this is the start of the form that clicking on that button leads to:
(It goes on further, finally ending up with a captcha and a submit button.)
Virgin America already has all that information, and it’s all tied to the account they sent the email to. If they were to have pre-filled the form with that personal information I might have looked at it further. Quite apart from the annoyance of having to give information that they already know, I’ve no idea what my frequent flyer number is and I’d need to go and look it up before I could go any further. From a typical recipients point of view this makes it much less likely that I’d consider signing up for it. That barrier to entry drives people away.
From an email/privacy professionals point of view I know why they do it this way, though. This web form isn’t Virgin America’s form – it’s a third party that Virgin America is doing co-registration with (though neither party is as clear about that fact as they could be, of course). Virgin America are being paid by that third party for each new sign up they capture – but they don’t want to share their customers private information with the untrusted third party. Doing the information capture this way, by just using their mailing list to drive traffic to the third party’s website is very cheap to do, much cheaper (and so more profitable) than doing it “properly” by having Virgin America induct people into the third party program, and reducing the barrier to entry to just a simple disclosure and “Sign me up!” button.
But treating third-party co-registration signups as “free money for almost no investment” only works if you don’t consider the attention of your existing customers valuable. Of the past five emails I’ve received from Virgin America, only one has been talking about buying flights – the other four were, like this one, co-registration offers (credit card, car hire, vacation, online surveys), with varying degrees of Virgin branding. They don’t really bring much benefit to recipients, and they’re a bit intrusive.
I’m not sure how much Virgin America is paid for dropping this sort of co-reg and third-party advertising into their mail stream, but it can’t be that much (does anyone know?). Treating your existing customers as a resource of cheap, fungible eyeballs to be sold to random third parties, rather than as people you’re maintaining a relationship with, risks driving them away from your email program. Given the value of a loyal airline traveller that can’t be profitable in the longer term, and likely not the short term.
The legitimate email marketer
I cannot tell you how many times over the last 10 years I’ve been talking to someone with a problem and had them tell me “but I’m a legitimate email marketer.” Most of them have at least one serious problem, from upstreams that are ready to terminate them for spamming through widespread blocking. In fact, the practices of most companies who proclaim “we’re legitimate email marketers” are so bad that the phrase has entered the lexicon as a sign that the company is attempting to surf the gray area between commercial email and spam as close to the spam side of that territory as possible.
What do I mean by that? I mean that the address collection practices and the mailing processes used by self-proclaimed legitimate email marketers are sloppy. They don’t really care about individual recipients, they just care about the numbers. They buy addresses, they use affiliates, they dip whole limbs in the co-reg pool; all told their subscription practices are very sloppy. Because they didn’t scrape or harvest the email address, they feel justified in claiming the recipient asked for it and that they are legitimate.
They don’t really care that they’re mailing people who don’t want their mail and really never asked to receive it. What kinds of practices am I talking about?
Buying co-reg lists. “But the customer signed up, made a purchase, took an online quiz and the privacy policy says their address can be shared.” The recipient doesn’t care that they agreed to have their email address handed out to all and sundry, they don’t want that mail.
Arguing with subscribers. “But all those people who labeled my mail as spam actually subscribed!!!” Any time a mailer has to argue with a subscriber about the validity of the subscription, there is a problem with the subscription process. If the sender and the receiver disagree on whether there was really an opt-in, the senders are rarely given the benefit of the doubt.
Using affiliates to hide their involvement in spam. A number of companies use advertising agencies that outsource acquisition mailings that end up being sent by spammers. These acquisition mailings are sent by the same spammers sending enlargement spam. The advertiser gets all the benefits of spam without any of the consequences.
Knowing that their signup forms are abused but failing to stop the abuse. A few years back I was talking with a large political mailer. They were insisting they were legitimate email marketers but were finding a lot of mail blocked. I mentioned that they were a large target for people forging addresses in their signup form. I explained that mailing people who never asked for mail was probably the source of their delivery problems. They admitted they were probably mailing people who never signed up, but weren’t going to do anything about it as it was good for their bottom line to have so many subscribers.
Self described legitimate email marketers do the bare minimum possible to meet standards. They talk the talk to convince their customers they’re legitimate:
Fake privacy policies
I sign up at a lot of websites and liberally spray email addresses across the net. These signups are on behalf of one customer or another and each webform gets its own tagged and tracked email address. I always have a specific goal with each signup: getting a copy of a customer’s email, checking their signup process, auditing an affiliate on behalf of a customer or identifying where there might be a problem in a process. Because I have specific goals, I am pretty careful with these signups and usually uncheck every “share my email address” box I can find on the forms.
In every case the privacy policies of my clients and the things they tell me are explicit in that addresses will not be shared. It’s all opt-in, and email addresses are not shared without permission. Even in the cases where I am auditing affiliates, my clients assure me that if I follow this exact process my address will not be shared. Or so the affiliates have assured them.
Despite my care and the privacy policies on the websites, these addresses occasionally leak or are sold. This is actually very rare, and most of the websites I test never do anything with my address that I don’t expect. But in a couple cases these email addresses have ended up in the hands of some hard core spammers (hundreds of emails a day) and there was no useful tracking I could do. In other cases the volume has been lower, and I’ve watched the progression of my email addresses being bought and sold with morbid fascination.
Today an address I signed up at a website about a year ago got hit with multiple spams in a short time frame. All came from different IPs in the same /24. All had different domains with no websites. Whois showed all the domains were registered behind a privacy protection service. Interestingly, two of the domains used the same CAN SPAM address. The third had no CAN SPAM address at all. None of these addresses match the data I have on file related to the email signup.
It never ceases to amaze me how dishonest some address collection outfits. Their websites state clearly that addresses will not be bought an sold, and yet the addresses get lots of spam unrelated to the original signup. For those dishonest enough to do this they’ll never get caught unless recipients tags and tracks all their signups. Even worse, unless their partners test their signups or their mailing practices, the partners may end up unwittingly sending spam.
Co-reg
Well over half of the clients who come to me with delivery problems admit at some point that one of the ways they collect subscribers is through co-registration. They typically have widespread delivery problems at the major ISPs as well as SBL listings.
John Levine posted over the weekend about his thoughts on co-reg.