Confirmation Fails

Yesterday I talked about registration confirmations. Today I’m going to talk about a couple recent experiences with websites and their registration failures.
The first experience was with Yelp. One of my readers decided I needed a Yelp account and created one using my laura-questions email address. Yelp understands that people will be jerks and so sent me an email to confirm the account.

Hi Laura,
Thanks for joining Yelp.
To protect your privacy, please confirm your email address by clicking here:
https://www.yelp.com/ce?[REDACTED] We look forward to seeing you on Yelp.
— The Yelp Team
If you did not sign up for Yelp someone probably mis-typed their email address so just ignore this message.

I’m pretty sure it wasn’t a typo, but in the grand scheme of things if I don’t have to unsubscribe, I’m pretty happy. I continued to be happy with Yelp, until about a week later. At that point I started getting Yelp newsletters to laura-questions. It seems that “ignoring the message” doesn’t mean they won’t contact me, just that I don’t have access to the fake account that someone set up for me. Even worse, the unsubscribe link didn’t work because the account had not been confirmed.
Yelp doesn’t accept email, so eventually I had to open a case with their legal department to get them to stop sending me newsletters that I hadn’t asked for, nor confirmed. They seem to have fixed the problem at this point.
I understand this is a fairly rare situation, but there are a lot of things that Yelp could do to improve the experience of people who have fake accounts created by harassers.
Obviously, Yelp could trivially fix the problem by not sending newsletters to any unconfirmed address. But a lot of marketers will tell you that recipients are lazy and they won’t confirm but they will happily receive email. In some cases, the marketers even have data that shows definite revenue from mail sent to unconfirmed addresses. Not ever mailing those addresses seems to be a bad idea. At the same time, marketing to those addresses also seems like a poor idea.
There are some things I would suggest to clients in order to respect recipients who don’t confirm but not lose revenue due to recipients who don’t confirm but want the email.

  1. Limit what users can do on the website before they confirm their email address. Facebook, for instance, does not allow installation of games or internal messaging until an account is confirmed. This stops users from giving fake addresses but actually using the services provided by a website.
  2. Set up a limited marketing campaign to unconfirmed addresses. Instead of just adding those users to their normal marketing stream, they could send a confirmation reminder or two. Ideally these would be a small version of the newsletter: “here’s what you missed by not confirming your address. Confirm your address by <DATE> in order to get our newsletter and all the benefits of your account.
  3. Use website data to determine engagement. If someone creates an account, never confirms and never logs in, then it’s very likely this is a fake account and they shouldn’t be mailed at all.
  4. Make it easy to unsubscribe from mail, particularly when the address is unconfirmed. Even folks who run spamtraps will sometimes give senders the benefit of the doubt and try to unsubscribe. If that unsubscribe doesn’t take or is hard, that may result in a blocklisting.
  5. Have a link in the confirmation message that allows the recipient that says this registration is fraudulent, don’t ever email me again.

The second situation is with the New York Times. Apparently, I created an account on the NYTimes.com website at some point. A few weeks ago I got an email from them.

Dear NYTimes.com Registered User,
You previously registered your e-mail address on NYTimes.com. Our records indicate that
you did not confirm your email address.
Please note we have confirmed your email address so that you can now receive important
e-mail notifications and updates from NYTimes.com. To start getting all of the news you
want delivered right to your in-box, simply select your free newsletters now:

I know this is an account I created because it came to a tagged address. What I don’t know is how long ago I created the account. I have no trace of mail to that address from the NY Times in my mailbox which has archives back to mid-2010. That means the registration is at least 36 months old. With no communication from the NY Times in that 36 months, I bet that mailing had some pretty bad delivery.
Clearly, confirming addresses for your recipients is a very bad idea. However, there are things the NY Times could have done better.

  1. Instead of sending me an email saying they were confirming my address, they could have sent me an email asking me to confirm my address.
  2. Limit the addresses emailed for confirmation to those accounts that are currently active. Not only do I not remember signing up, I don’t have any trace of the login data for my account. That means I’ve not logged into NYTimes.com with that account. Using website data is a great way to interact with users outside of email. The NY Times could identify active users who’ve not confirmed and send them confirmation emails.
  3. Limit the website functionality for NY Times for users who’ve not confirmed. The NY Times has been desperate to find some way to monetize their website, and that means they are doing a lot with interstitial ads and restricting article reads. They have the ability to stop users from logging in if the email addresses are not confirmed. That wouldn’t affect people like me who create an account and then forget they have it and never use it. What it would do is convince people who were actively logging into the NY Times to confirm. No confirmation, no logins at the paper, no commenting on articles, no access to archives, whatever the NY Times wants to restrict from non-registered and non-confirmed users.
  4. Allow an opt-out! The message was tagged as a “service message.” The footer said I could unsubscribe from promotional emails, but did not allow me to opt-out from more service messages. This is a bad idea, particularly when the NY Times is confirming my address for me.

Confirming registrations at websites is a good step for many commercial sites. It gives so many benefits to both the recipient and the website. But confirmations can be handled poorly, as the above two examples show. But there were simple, small things that both companies could have done that would have changed their spam to legitimate email.

An interesting look at best practices
Data, data, elections and data

Related Posts

The sledgehammer of confirmed opt-in

We focused Monday on Trend/MAPS blocking fully confirmed opt-in (COI) mail, because that is the Gold Standard for opt-in. It is also Trend/MAPS stated policy that all mail should be COI. There are some problems with this approach. The biggest is that Trend/MAPS is confirming some of the email they receive and then listing COI senders.
The other problem is that typos happen by real people signing up for mail they want. Because MAPS is using typo domains to drive listings, they’re going to see a lot of mail from companies that are doing single opt-in. I realize that there are problems with single opt-in mail, but the problems depends on a lot of factors. Not all single opt-in lists are full of traps and spam and bad data.
In fact, one ESP has a customer with a list of more than 50 million single opt-in email addresses. This sender mails extremely heavily, and yet sees little to no blocking by public or private blocklists.
Trend/MAPS policy is singling out senders that are sending mail people signed up to receive. We know for sure that hard core spammers spend a lot of time and money to identify spamtraps. The typo traps that Trend/MAPS use are pretty easy to find and I have no doubt that the real, problematic spammers are pulling traps out of their lists. Legitimate senders, particularly the ESPs, aren’t going to do that. As one ESP rep commented on yesterday’s post:

Read More

Email and politics

I occasionally consult for activists using email. Their needs and requirements are a little different from email marketers. Sure, the requirements for email delivery are the same: relevant and engaging mail to people who requested it. But there are complicating issues that most marketers don’t necessarily have to deal with.
Activist groups are attractive targets for forged signups. Think about it, when people get deeply involved in arguments on the internet, they often look for ways to harass the person on the other end of the disagreement. They will often signup the people they’re disagreeing with for mailing lists. When the disagreements are political, the logical target is a group on the other side of the political divide.
People also sign up spamtraps and bad addresses as a way to cause problems or harass the political group itself. Often this results in the activist group getting blocked. This never ends well, as instead of fixing the problem, the group goes yelling about how their voice is being silenced and their politics are being censored!!
No, they’re not being silenced, they’re running an open mailing list and a lot of people are on it who never asked to be on it. They’re complaining and the mail is getting blocked.
With that as background, I noticed one of the major political blogs announced their brand new mailing list today. Based on their announcement it seemed they that they may have talked to someone who knew about managing a mailing list.

Read More

Confirming website registrations

Confirming email addresses during a website registration process is a good practice. It stops people from creating fake accounts, abusing  resources and using that site as a mechanism for harassment. But simply sending out a confirmation mail is not sufficient to prevent problems, particularly when everything about the process assumes that unconfirmed registrations are actually valid and not problem accounts.
I’ve had a couple recent experiences with companies attempting to use email confirmation, but failing pretty miserably. In each case a website set up a process where a user could register an account on the site. Both sites required confirmation of the registration email addresses as part of the process. But in each case there were some major failures that result in non-customers getting email.
Tomorrow I’ll talk about those two specific cases. I’ll also provide specific suggestions on how not to fall into the same trap and actually send opt-in email.

Read More