GitHub is a site where developers can share code with one another. It is widely used by open source developers. Their user base is made up of geeks and people who want a lot of control over their mailbox.
Their email signup process reflects the sensibilities of their market, without being difficult to manage or understand.
DJ Waldow wrote a post on explicit permission over on Mediapost. I think he hit on some interesting bits and wanted to comment on them. In order to comment on a Mediapost blog, you have to register.
I’ve thought about it before, but every time I start the process I get to the page asking for detailed demographic information and decide no. This time, I was inspired enough by DJ to get to the second page of the signup process. This requires me to identify what type of marketing I’m interested in and won’t let me past the page until I click something. I’m not interested in anything, so I close the webpage. I can always write my own blog post responding to DJ.
I return to my inbox to discover a welcome message from Mediapost. It seems I am now a member and will be receiving email and specials and all the stuff I didn’t want from them.
This isn’t unusual. There are tons of websites on the net that don’t require you to complete a signup process in order to be added to their database. One of the worst I experienced was 1-800-Pet-Meds. They added me to their database when I abandoned a cart (what I wanted required a prescription from them, whereas I could just go into my vet’s and pick it up, so I’ll just pay the vet’s prices). They added me to their mailing list and couldn’t unsubscribe me because I was not in their customer database. Everything was done with the magic order number, which I didn’t have because I never ordered with them. That was fun to sort out.
It’s a bad idea to add people who don’t complete the signup or purchase process to your mailing lists. If you’re worried about losing a potential customer, then you can send mail reminding them to complete the process (or purchase). If you’re very into customer service, you can ask them if they are interested in future specials from you: would you like to opt-in to our mailing list anyway? Or you can give them the opportunity to remove their information from your database.
I sign up at a lot of websites and liberally spray email addresses across the net. These signups are on behalf of one customer or another and each webform gets its own tagged and tracked email address. I always have a specific goal with each signup: getting a copy of a customer’s email, checking their signup process, auditing an affiliate on behalf of a customer or identifying where there might be a problem in a process. Because I have specific goals, I am pretty careful with these signups and usually uncheck every “share my email address” box I can find on the forms.
In every case the privacy policies of my clients and the things they tell me are explicit in that addresses will not be shared. It’s all opt-in, and email addresses are not shared without permission. Even in the cases where I am auditing affiliates, my clients assure me that if I follow this exact process my address will not be shared. Or so the affiliates have assured them.
Despite my care and the privacy policies on the websites, these addresses occasionally leak or are sold. This is actually very rare, and most of the websites I test never do anything with my address that I don’t expect. But in a couple cases these email addresses have ended up in the hands of some hard core spammers (hundreds of emails a day) and there was no useful tracking I could do. In other cases the volume has been lower, and I’ve watched the progression of my email addresses being bought and sold with morbid fascination.
Today an address I signed up at a website about a year ago got hit with multiple spams in a short time frame. All came from different IPs in the same /24. All had different domains with no websites. Whois showed all the domains were registered behind a privacy protection service. Interestingly, two of the domains used the same CAN SPAM address. The third had no CAN SPAM address at all. None of these addresses match the data I have on file related to the email signup.
It never ceases to amaze me how dishonest some address collection outfits. Their websites state clearly that addresses will not be bought an sold, and yet the addresses get lots of spam unrelated to the original signup. For those dishonest enough to do this they’ll never get caught unless recipients tags and tracks all their signups. Even worse, unless their partners test their signups or their mailing practices, the partners may end up unwittingly sending spam.
I’ve been working with a new client on getting them signed up for FBLs, whitelists and other sorts of monitoring. One of the places I recommended to them was signing up for the Hotmail Smart Network Data Services (SNDS) program. It’s been a while since I’ve gone through the process, so I decided to sign up our network space to give up to date instructions from to clients.
As part of the process, Microsoft confirms the request with the network owner. This is smart, it prevents the wrong people from getting access to delivery data. They use public records (ARIN and IP Whois data) to figure out the “network owner” and send an email to that person. In my case, the mail was sent to a role account at Hurricane Electric (he.net).
I asked for access, filling in “this is Laura from Word to the Wise and I am looking for access to our space.” The email address in the request was my @hotmail.com address. A few minutes later I checked my inbox to find an email from he.net.