Purchased lists aren't always purchased

Spamhaus has listed a number of domains belonging to French politicians recently. In their blog post about it, they mention that the listings are directly related to address lists provided to candidates by the French government.

We learned of this issue recently when two different French candidates became entangled in two of our automated spam detection systems, the DBL and the CSS. The candidates whose IPs and domains were listed by us, when contacting us to resolve the listings, independently told us that the lists they were sending to were provided by the French government:
“I am a candidate for the French election next week and need to send as soon as possible an email to the 100000 people eligible to vote to explain my program and motivations. Emails has been given by french authorities.”
“Our lists are opt-in and have been provided by the French Government.

I’ve talked about purchased lists in the past (But my purchased list is TARGETED!!!Where can I mail a purchased list?Trust the list brokerYour purchased list … is spamPurchased Lists and ESPs). But there’s always more to talk about.

No money needs to change hands for a “purchased” list.

This is a huge issue. I, and other deliverability experts, have repeatedly heard some variation on “it’s not purchased, it was given to me.” “It’s not purchased, it was part of my conference registration.” “It’s not purchased, it’s a professional organization I belong to and they give us the addresses.”  “It’s not purchased, it’s rented.” “It’s not purchased, it’s co-reg.” The reality, though, is all those list types are what deliverability people mean when they say”purchased.”
Specifically, in the French election case, the candidates may or may not have paid for the lists, but they were still purchased.

What is a purchased list?

It’s pretty simple: if you didn’t compile the list yourself, if some third party did it, then the list is purchased. Those appended addresses? Purchased. That trade show list? Purchased. That highly targeted list of executives? Purchased. That list of French voters? Purchased.

Are purchased lists always bad?

Yes. There is zero incentive for third parties to make sure their address lists are clean and deliverable. Most email marketers know this. What’s the first thing most companies do when they purchase a list? Run it through a hygiene provider. Even the people buying lists don’t expect them to be clean. People and companies compiling lists make their money by collecting as many emails addresses as possible. They prioritize quantity over quality. Getting permission, checking accuracy, and bounce handling lower the quantity of email addresses available for sale. Their bottom line suffers when they do any sort of data hygiene.
I have no idea how the French government collected the email addresses. If it was part of voter registration they’re unlikely to do any verification. Here in California, voters have a choice about providing an email address. But the state does nothing to verify the address belongs to the voter. They also do sell that information for certain non-commercial purposes.

This list is transparent and has real permission.

Well, feel free to mail it. But I don’t believe the people who sold you the list. They lose money when they admit to subscribers they’re selling addresses. How do I know this? Because 99% of the time there is no visible notice at the point of collection. They hide the information somewhere deep in their privacy policy because if they don’t, not as many people subscribe. In those few cases where they do mention selling addresses, they don’t mention how often or to whom they’re selling. The key phrase is “trusted partners” which can range from actual partners to the guy down the street who has a big enough check.

Everybody mails purchased addresses.

Not everyone does, I know that for sure. I also know it’s fairly common. And I know some purchased lists are low complaint and low bounces so they don’t look bad to ESPs. The term for those kinds of lists is waterfalling. It’s simple. List compiler runs their list though enough different ESPs and removes addresses that complain, bounce or unsubscribe. Eventually, there’s a list where anyone who might unsubscribe has and anyone who might complain has. As ESPs are mostly reactive, the lists slide under the radar and never get flagged as purchased. The challenge for these lists is Gmail, and a lot of senders who have great delivery most places but fail at Gmail. Some of this is related to Gmail’s refusal to send complainers addresses back to ESPs.

Is there any best practice advice for mailing purchased lists?

Not really, no. If you ask most of the deliverability folks, ISP representatives or filter companies they’ll tell you don’t mail a purchased list. Still, there are a number of senders who try and come up with scenarios where a purchased list is fine and they can make money doing it. I’m not going to argue that some companies will see a short boost in revenue when they mail a purchased list. It can work over the short term. Over the long term, however, it drives down deliverability and makes it harder to reach the inbox.
 
 

Related Posts

About that permission thing

I wrote a few days ago about permission and how it was the key to getting into the inbox. It’s another one of those “necessary but not sufficient” parts of delivery. There are, however, a lot of companies who are using email without the recipient permission. These companies often contact me to help them solve their delivery problems.  Often these are new companies who are trying to jumpstart their business on the cheap by using email.
SalesMarketing
The calls have a consistent pattern.

Read More

What not to do when buying lists

Saturday morning I check my mail and notice multiple emails from the DMA. Yes, I got three copies of an email from the US Direct Marketing Association with the subject line Kick It Up A Notch With The DMA Career Center. It seems the DMA are buying addresses from various companies. Because I use tagged email addresses, this means their naive de-duping doesn’t realize that laura-x and laura-y are the same email address. Of course, they’ve also managed to send to an untagged email address, too. I have no idea where they got that particular address; I’m sure I’ve never handed that address over to the DMA for any reason.
Saturday afternoon, I check one of the professional filtering / anti-spam mailing list.  Some subscribers are asking for copies of spam from 97.107.23.191 to .194. They’d seen a lot of mail to non-existent email addresses from that range and were looking to see what was going on and who was sending such bad mail. Multiple people on the list popped up with examples of the DMA mail.
Sunday morning, I checked the discussions wherein I discovered the DMA was added to the SBL (SBL 202218, SBL 202217, SBL 202216). It seems not only did they hit over a hundred Spamhaus spamtraps, they spammed Steve Linford himself.

Read More

Gmail filtering in a nutshell

Gmail’s approach to filtering; as described by one of the old timers. This person was dealing with network abuse back when I was still slinging DNA around as my job and just reading headers as a hobby.

Read More