Are You Using MD5 for Your Suppression Lists? You Should BeJune 5, 2009 By Joshua Baer
When the CAN-SPAM Act was passed in 2004, it created a new requirement for e-mail marketers to share their suppression lists with other companies who do marketing on their behalf.
Suppression lists are the e-mail addresses of consumers who’ve clicked on unsubscribe links. The goals of sharing suppression lists are to ensure consumer opt-outs are honored across affiliate marketing partners and reduce the likelihood of recipients clicking on the “Report Spam” button or harming your reputation for not following through on unsubscribe requests.
While many companies have grown accustomed to sharing their suppression lists in plain text, this is the least secure method for doing so. Spammers have figured out ways to steal these lists and use the e-mail addresses for more unsolicited e-mail.
Because of this growing problem, the e-mail marketing industry is speaking up in support of MD5 encryption, a secure method of sharing suppression lists. MD5 suppression lists encrypt suppression list data so e-mail addresses aren't exposed, ensuring that the list may only be used for CAN-SPAM compliance.
Recently, the Email Sender and Provider Coalition announced that all members must support MD5 suppression by the end of 2009. While most e-mail service providers (ESPs) do support the technology, there are still some areas that must be addressed.
Just because an ESP supports MD5 encryption doesn’t mean it uses it as its default method of sharing suppression lists. In fact, many require their e-mail marketing partners to ask them to turn it on before they do so. That's why it’s essential that e-mail marketers are aware of the risks associated with suppression list abuse and the benefits of MD5 encryption.
Also, it's imperative that your affiliates understand and are prepared to accept MD5 suppression lists from you. If their mailing software doesn't support MD5, there are options out there to make it easy for them. (To learn more about these options, visit e-mail suppression and campaign performance management solutions provider UnsubCentral’s Web site: www.unsubcentral.com.)
3 simple steps
MD5 quickly has become the industry standard, and the Interactive Advertising Bureau has endorsed it as an e-mail data management best practice. Taking these few steps goes a long way to ensure your brand and consumers receive the best protection from suppression list abuse.
- Make sure your ESP supports MD5 suppression lists for one-time upload, permanent upload and download. This means that as the list owner, you should be able to upload an MD5 encoded file of e-mail addresses into the system as permanent unsubscribes or just to suppress against a single mailing. You also should be able to easily download an MD5 encoded suppression list of all the unsubscribes your list has received through your system.
- Use MD5 instead of plain text. By doing this, you make it less likely that a suppression list will get abused and your sending reputation tarnished. If your suppression files end up in the wrong hands, it reflects poorly on your sender reputation, deliverability and, ultimately, ROI
- Take measures now. Talk to your ESP today to ensure that you’re securing your suppression lists with MD5 and that you’re not exposing your customers to extra risk and yourself to unnecessary liability.
Joshua Baer is chief evangelist, Datran Media, a New York City-based digital marketing technology company. Joshua is also founder of UnsubCentral and co-chair of the Email Sender and Provider Coaltion’s technology committee. Reach Joshua at email@example.com.