Purchased lists aren't always purchased

Spamhaus has listed a number of domains belonging to French politicians recently. In their blog post about it, they mention that the listings are directly related to address lists provided to candidates by the French government.

We learned of this issue recently when two different French candidates became entangled in two of our automated spam detection systems, the DBL and the CSS. The candidates whose IPs and domains were listed by us, when contacting us to resolve the listings, independently told us that the lists they were sending to were provided by the French government:
“I am a candidate for the French election next week and need to send as soon as possible an email to the 100000 people eligible to vote to explain my program and motivations. Emails has been given by french authorities.”
“Our lists are opt-in and have been provided by the French Government.

I’ve talked about purchased lists in the past (But my purchased list is TARGETED!!!Where can I mail a purchased list?Trust the list brokerYour purchased list … is spamPurchased Lists and ESPs). But there’s always more to talk about.

No money needs to change hands for a “purchased” list.

This is a huge issue. I, and other deliverability experts, have repeatedly heard some variation on “it’s not purchased, it was given to me.” “It’s not purchased, it was part of my conference registration.” “It’s not purchased, it’s a professional organization I belong to and they give us the addresses.”  “It’s not purchased, it’s rented.” “It’s not purchased, it’s co-reg.” The reality, though, is all those list types are what deliverability people mean when they say”purchased.”
Specifically, in the French election case, the candidates may or may not have paid for the lists, but they were still purchased.

What is a purchased list?

It’s pretty simple: if you didn’t compile the list yourself, if some third party did it, then the list is purchased. Those appended addresses? Purchased. That trade show list? Purchased. That highly targeted list of executives? Purchased. That list of French voters? Purchased.

Are purchased lists always bad?

Yes. There is zero incentive for third parties to make sure their address lists are clean and deliverable. Most email marketers know this. What’s the first thing most companies do when they purchase a list? Run it through a hygiene provider. Even the people buying lists don’t expect them to be clean. People and companies compiling lists make their money by collecting as many emails addresses as possible. They prioritize quantity over quality. Getting permission, checking accuracy, and bounce handling lower the quantity of email addresses available for sale. Their bottom line suffers when they do any sort of data hygiene.
I have no idea how the French government collected the email addresses. If it was part of voter registration they’re unlikely to do any verification. Here in California, voters have a choice about providing an email address. But the state does nothing to verify the address belongs to the voter. They also do sell that information for certain non-commercial purposes.

This list is transparent and has real permission.

Well, feel free to mail it. But I don’t believe the people who sold you the list. They lose money when they admit to subscribers they’re selling addresses. How do I know this? Because 99% of the time there is no visible notice at the point of collection. They hide the information somewhere deep in their privacy policy because if they don’t, not as many people subscribe. In those few cases where they do mention selling addresses, they don’t mention how often or to whom they’re selling. The key phrase is “trusted partners” which can range from actual partners to the guy down the street who has a big enough check.

Everybody mails purchased addresses.

Not everyone does, I know that for sure. I also know it’s fairly common. And I know some purchased lists are low complaint and low bounces so they don’t look bad to ESPs. The term for those kinds of lists is waterfalling. It’s simple. List compiler runs their list though enough different ESPs and removes addresses that complain, bounce or unsubscribe. Eventually, there’s a list where anyone who might unsubscribe has and anyone who might complain has. As ESPs are mostly reactive, the lists slide under the radar and never get flagged as purchased. The challenge for these lists is Gmail, and a lot of senders who have great delivery most places but fail at Gmail. Some of this is related to Gmail’s refusal to send complainers addresses back to ESPs.

Is there any best practice advice for mailing purchased lists?

Not really, no. If you ask most of the deliverability folks, ISP representatives or filter companies they’ll tell you don’t mail a purchased list. Still, there are a number of senders who try and come up with scenarios where a purchased list is fine and they can make money doing it. I’m not going to argue that some companies will see a short boost in revenue when they mail a purchased list. It can work over the short term. Over the long term, however, it drives down deliverability and makes it harder to reach the inbox.
 
 

Are they using DKIM?
Appending in a nutshell

Related Posts

December 2015: The month in email

Happy 2016! We enjoyed a bit of a break over the holidays and hope you did too. Here’s our December wrap up – look for a year-end post later this week, as well as our predictions for the year ahead. I got a bit of a head start on those predictions in my post at the beginning of December on email security and other important issues that I think will dominate the email landscape in 2016.
DMARC will continue to be a big story in 2016, and we’re starting to see more emphasis on DMARC alignment as a significant component of delivery decisions. I wrote a bit more on delivery decisions and delivery improvement here.
December in the world of email is all about the holidays, and this year was no exception. We saw the usual mix of retailers creating thoughtful experiences (a nice unsubscribe workflow) and demonstrating not-so-great practices (purchased list fails). We took a deeper look at the impacts and hidden costs of list purchasing – as much as companies want to expand their reach, purchased lists rarely offer real ROI. And on the unsubscribe front, if you missed our discussion and update on unroll.me unsubs, you may want to take a look.
Steve wrote a detailed post looking at what happens when you click on a link, and how you can investigate the path of a clickthrough in a message, which is useful when you’re trying to prevent phishing, fraud, and other spam. In other malicious email news, the CRTC served its first ever warrant as part of an international botnet takedown.
In other industry news, some new information for both ESPs and recipients interested in feedback loops and a somewhat humorous look at the hot-button issues that divide our ranks in the world of email marketing. Please share any we may have missed, or any other topics you’d like us to address.

Read More

Gmail filtering in a nutshell

Gmail’s approach to filtering; as described by one of the old timers. This person was dealing with network abuse back when I was still slinging DNA around as my job and just reading headers as a hobby.

Read More

April 2016: The Month in Email

We are finishing up another busy month at WttW. April was a little nutty with network glitches, server crashes, cat woes, and other disruptions, but hopefully that’s all behind us as we head into May. I’ll be very busy in May as well, speaking at Salesforce Connections in Atlanta and the Email Innovation Summit in Las Vegas. Please come say hello if you’re attending either of these great events.
April2016MiE
Speaking of great events, I participated in two panels at EEC16 last month. We had a lot of great audience participation, and I met many wonderful colleagues. I wrote up some more thoughts about the conference here. I also had a nice conversation with the folks over at Podbox, and they’ve posted my interview on their site.
In the Podbox interview, as always, I talked about sending mail people want to receive. It always makes me roll my eyes a bit when I see articles with titles like “5 Simple Ways to Reach the Inbox”, so I wrote a bit about that here. In addition to sending mail people want to receive, senders need to make sure they are collecting addresses and building lists in thoughtful and sustainable ways. For more on this topic, check out my post on list brokers and purchased lists.
These same not-so-simple tricks came up again in my discussion of Gmail filters. Everyone wants a magic formula to reach the inbox, and — sorry to burst your bubble — there isn’t ever going to be one. And this is for a good reason: a healthy filter ecosystem helps protect all of us from malicious senders and criminal activity. The email channel is particularly vulnerable to fraud and theft. The constant evolution of filters is one way mail providers can help protect both senders and recipients — but it can be challenging for senders and systems administrators to keep up with this constant evolution. For example, companies sometimes even inadvertently filter their own mail!
I also wrote a bit about how B2B spam is different from B2C spam, and how marketers can better comply with CAN SPAM guidelines in order to reach the inbox. We also republished our much-missed friend and colleague J.D. Falk’s DKIM Primer, which is extremely useful information that was at a no-longer-active link.
One of my favorite posts this month was about “dueling data”, and how to interpret seemingly different findings around email engagement. We also got some good questions for my “Ask Laura” column, where we cover general topics on email delivery. This month we looked at “no auth/no entry” and the Microsoft Smartscreen filter, both of which are useful things to understand for optimizing delivery.
Finally, we are pleased to announce that we’ve joined the i2Coalition, an organization of internet infrastructure providers. They posted a nice introduction on their blog, and we look forward to working with them to help advocate and protect these important technical infrastructures.

Read More