In February, the M3AAWG (Messaging, Malware and Mobile Anti-Abuse Working Group) released version 3.0 of their “Sender Best Common Practices”, the first time this document has been updated since 2011. This document is primarily aimed at delivery and compliance professionals at ESPs (Email Service Providers), but there’s a lot of important information and guidelines which I hope to summarise here for a broader audience looking to improve their email marketing practices.
The M3AAWG is a consortium founded in 2004 to bring the messaging community together to fight against abuse of the various messaging platforms, specifically things like spam, malware, bots and denial of service attacks. The group’s leaders and members represent some of the largest network providers (Comcast, Time Warner, Verizon), mailbox providers (Microsoft, AOL, Apple, Google, etc) and the various companies in between (Return Path, Spamhaus, Mailchimp, etc). Their approach has always been to look at things holistically, so their guidelines should be seen to be more fair and balanced than some of the demands made by some of the more determined spam fighters.
The document breaks down some of the key topics related to the capture and use of customer data. It also gets into some technical discussion which are beyond the scope of this blog post, but most ESPs should already be following these guidelines and will have these technologies and processes in place.
The sections I want to discuss are “Opt-in, subscribe and email collection” and “Unsubscribes” both of which are part of the section titled “Transparency of Intent for Address Collection”. It should be noted that I will only be briefly discussing some of the points I believe are the most critical and relevant, but that section in particular is well worth the time investment required to read and implement their recommendations. You can download the full report in PDF directly from M3AAWG.
M3AAWG lists the 3 different types of opt-in, ordered from worst to best, namely:
Single Opt-in, Single Opt-in with Notification and Confirmed Opt-in.
Put simply; a single opt-in is where you capture the users details directly, usually a specific sign-up, then add them directly to your mailing list. Single opt-in with notification adds on a confirmation email, often called a welcome email, which will notify the recipient they’ve been added to the list and ideally what to expect (frequency, content, etc) and finally the Confirmed opt-in adds in an additional message between the registration and notification stages where the recipient must confirm their intent to subscribe, usually by clicking on a link or replying to the email.
Confirmed opt-in is the best choice because it prevents poorly inputed or fraudulent registrations making their way into your list and ensures that the person being added truly wants to receive the communications they’ve just signed up for.
M3AAWG briefly touches on implied consent, which is where subscribers are added to the list through an interaction with the organisation, often at the point of sale. While this process is legal in most countries, it’s not considered best practice as it can lead to greater levels of complaints. If you do intend on collecting data in this way, it is recommend to use a checkbox where users must give explicit consent.
Email Append, the process where data companies try to match individuals to large data sets usually to get email addresses, is also discussed briefly. It’s fair to say that the M3AAWG does not recommend email appending, in fact it goes so far as to say that not only is a violation of privacy and against anti-spam legislation it “is a direct violation of core M3AAWG values”. They have published their position on Email Append if you’re interested in reading more.
I’ve written about unsubscribes before, but this is such a critical area I think it’s worth highlighting some of the points raised again as I’m often amazed how poorly some organisations handle their unsubscribe process.
Some of the key points raised are:
- the process must be clear and easy to use;
- expectations should be set with regard to timeframes for removal processing;
- senders should be able to handle email based requests via the reply address;
- the use of the List-Unsubscribe mechanism;
- the unsubscribe link should be written in plain text, not as a image;
- senders should consider offering an offline mechanism for unsubscribing, either via postal or telephone (ideally at no or low cost to the subscriber);
- preference centres should have unsubscribe as the default option and must not be behind a login or secure area;
- it is also strongly recommended that the recipient’s email address is listed in the body of the email
While the remainder of the document gets into more technical areas which are more relevant to service providers than marketing professionals, there one important issues I’d be remiss to ignore here, namely data security.
When collecting personal details, even if only email addresses, it’s vital that the security of this data be a primary concern. Such personal information is a primary target for cyber criminals and there have been a number of high profile data breaches recently and this trend isn’t likely to change any time soon.
Best practice is a phrase I hear a lot, but often, I feel, in a misguided fashion. For email marketing to be truly successful, you need to ensure that your messages are delivered to the people that most want them and the best way to do this is ensure that, at every step, your primary concern is for your subscriber, the customer, the person.
M3AAWG starts their conclusion with “The most important point that senders should take away from this document is that the end user and their expectations should be the highest priority” and I can’t think of a better note to leave this on than that.