Permission is not a legal concept

One trap I see companies fall into when looking at opt-in and permission is they seem to think that permission is a blanket thing. They believe permission can be bought and sold by the companies that collected email addresses.

Legally, they may be correct. But in practice senders cannot decide that they can sell the permission of their recipients to another entity. As Al said today, you cannot buy an existing business relationship. When commenting on that post over on twitter, Evan Burke had a series of very insightful tweets on the issue.

Evan is exactly right.

Coincidentally, I had a potential client call me this morning to discuss the delivery problems they were having with a list. At the end of the call he also mentioned that they had a list of 7 million addresses that had been sitting around and they wanted to incorporate it into their list. I was open minded about the chances to recover the list, until he dropped that the list was 10 years old. I have to admit, I probably was not the cheery, positive, put a friendly face for the potential client consultant in responding to that.

But, really, there’s no way someone who opted in 10 years ago is going to remember they opted in to receive mail from whatever list has been found.

One thing that senders, list sellers and lawyers have to remember is that recipients are the final arbiters of permission. They know what they agreed to and if they don’t think this list, or this brand, or this sender has permission they will respond with spam complaints. The result is decreasing reputation for the sender followed by increasing delivery problems. Just because the sender thinks they have permission doesn’t mean the recipients agree with them.

Related Posts

Another list purchase horror story

Last week Ken wrote about a marketer who is claiming he was ripped off by Target Point in a purchased list deal. To the purchaser’s credit he actually looked at the email addresses provided by Target Point, something many list purchasers don’t seem to do. This gave him some idea that the list was not opt-in.

Read More

Buying Data

Over on Spam Resource Al posted about data sellers and the ESP that supports them. As part of the post, he lists the pricing for email address lists.

Read More

Fake privacy policies

I sign up at a lot of websites and liberally spray email addresses across the net. These signups are on behalf of one customer or another and each webform gets its own tagged and tracked email address. I always have a specific goal with each signup: getting a copy of a customer’s email, checking their signup process, auditing an affiliate on behalf of a customer or identifying where there might be a problem in a process. Because I have specific goals, I am pretty careful with these signups and usually uncheck every “share my email address” box I can find on the forms.
In every case the privacy policies of my clients and the things they tell me are explicit in that addresses will not be shared. It’s all opt-in, and email addresses are not shared without permission. Even in the cases where I am auditing affiliates, my clients assure me that if I follow this exact process my address will not be shared. Or so the affiliates have assured them.
Despite my care and the privacy policies on the websites, these addresses occasionally leak or are sold. This is actually very rare, and most of the websites I test never do anything with my address that I don’t expect. But in a couple cases these email addresses have ended up in the hands of some hard core spammers (hundreds of emails a day) and there was no useful tracking I could do. In other cases the volume has been lower, and I’ve watched the progression of my email addresses being bought and sold with morbid fascination.
Today an address I signed up at a website about a year ago got hit with multiple spams in a short time frame. All came from different IPs in the same /24. All had different domains with no websites. Whois showed all the domains were registered behind a privacy protection service. Interestingly, two of the domains used the same CAN SPAM address. The third had no CAN SPAM address at all. None of these addresses match the data I have on file related to the email signup.
It never ceases to amaze me how dishonest some address collection outfits. Their websites state clearly that addresses will not be bought an sold, and yet the addresses get lots of spam unrelated to the original signup. For those dishonest enough to do this they’ll never get caught unless recipients tags and tracks all their signups. Even worse, unless their partners test their signups or their mailing practices, the partners may end up unwittingly sending spam.

Read More