BEST Best Practices For Email Marketing: The Three Levels Of Consent

MAAWGThis post was authored by a leader of Teradata’s Global Deliverability team, Mary Youngblood, director, Reputation Desk. 

We’re all familiar with the term “Best Practice.” But we all also know that the phrase can mean different things to different people, and in many cases is now synonymous with “mediocrity.” That’s why I want to make it clear that the Best Best Practice is one that serves all who are involved in what is happening. In email marketing, the Best Best Practice should serve the end user (the person receiving the email), the ISP or domain who has to receive the mail on the end user’s behalf, the ESP or entity sending the mail on behalf of the sender/marketer and finally, the sender/marketer. Each of these parties has its own expectation of how email marketing should be performed. But does one have more priority than another?

According to the recently updated Messaging, Malware and Mobile Anti-Abuse Working Group (M3AAWG) Sender Best Common Practices:

“The end user and their expectations should be the highest priority. It does not matter what a sender is legally allowed to do or is granted the right to do under a privacy policy; what matters is that the recipient, their preferences and their expectations be respected.”

One sided? Maybe not. M3AAWG reminds us that following all best practices does not guarantee hassle free delivery and/or happy recipients, but it does greatly improve the likelihood of success, while minimizing the headaches for marketers and ESPs.

(Note: For those of you who aren’t familiar with it, M3AAWG is a Messaging Anti Abuse organization that periodically gathers the leaders in the ISP, ESP, Messaging and IT Security industries to address ongoing and emerging messaging abuse issues. M3AAWG proposes, initiates and supports changes that help improve the messaging industry for the global market including senders, receivers and the end users of messaging technology.)

So, without reading all 17 pages of the M3AAWG document, what do you need to know in order to be compliant with these Best Common Practices? It boils down to Consent and Data Transparency. By “Consent,” I mean how end users are added to mailing lists. By “Data Transparency,” I’m referring to how easy it is to determine who sent the email and how to resolve issues directly with them.


Consent can trip up the most well-intentioned sender/marketer. After all, email addresses can now be procured in many different ways, and most seem completely innocent, thoughtful or “just good business.” But be careful. Without the right type of consent, senders/marketers can find themselves and their message in trouble with respect to reputation, legality and deliverability –and each one of these can negatively affect the bottom line. Instead of going through all the methods you need to avoid, let me highlight three of the best ways for you to obtain email addresses:

  • Level 1 – Single Opt-In (Good). With Single Opt-In, users knowingly and clearly take- action to indicate that they agree to receive emails from the sender/marketer being represented at the time of consent. Other conditions may apply. For instance,  the user may only be agreeing to receive emails in reference to one subject or product that was involved at the time of consent. The sender/marketer should make it clear at time of sign-up what to expect (types of emails that will be sent, from whom, frequency and how to unsubscribe).
  • Level 2 – Single Opt-In with Notification (Better).The guidelines for Single Opt-In with Notification are the same as for Single Opt-In consent, except a confirmation email is sent to the address within 24 hours (or preferably, immediately) to remind the subscriber of what he/she signed on to receive, from whom, frequency and how to unsubscribe. M3AAWG also recommends that you encourage users to then add the address into their white lists or address lists to ensure they receive the messages uninterrupted.
  • Level 3 – Confirmed Opt-In (aka “double opt-in” or “closed-loop subscription”) (Best). In this case, the user participates in the Single Opt-In with Notification type of consent, however, to complete the consent for Confirmed Opt-In, the notification contains instructions for the user to take affirmative action that adds them to the mailing list. These are usually links that the user can click on to confirm that the notification was sent to the correct address and to acknowledge that the user agrees to the addition of their address to the mailing list. To mitigate the risk that they become caught in spam filtering, these notifications should be kept simple and not contain advertising.

I’d also like to point out that there is a fourth type of consent, called Implied or Implicit consent. This type of consent is assumed when “permission is inferred by a person’s interaction with an organization.” However, Implied consent comes with strict warnings about the risk and interpretation of consent, and I’d recommend that the long term goal should be to work with users to transition towards the three types of consent described above.

Regardless of which type of consent you use to build your mailing lists, it is important to record and retain the information about the method(s) of sign up (ex: date, time, IP address and even screen captures of the language on the page that the user agreed to and all relevant privacy policies that were in place at the time of subscription). This information can be a lifesaver after a block listing, if there are questions about a user’s sign up or if you need to investigate delivery problems associated with certain sign-up methods.

A few additional clarifications:

  • M3AAWG maintains that purchased email addresses, including Appends or eAppends, do not have consent of the user and are therefore not to be used for email marketing.M3AAWG also reminds everyone that having the correct Unsubscribe mechanisms in place and Adequate Data Security are necessary parts of maintaining consent and protecting a consenting user’s data from outside parties that would abuse the information and the end user (up to and including the use for identity theft purposes).

So that covers Best Best Practice for Consent. But what about Data Transparency? Isn’t having a ‘From Address’ in the email enough? That’s a great question, but you’ll have to stay tuned for my answer. I’ll cover authentication and much more in my next post, “BEST Best Practices For Email Marketing: What You Need To Know About Data Transparency.”

Want even more detail about best practices regarding email marketing consent? You can read the entire M3AAWG document here.

The post BEST Best Practices For Email Marketing: The Three Levels Of Consent appeared first on Teradata Applications.

Teradata Blogs Feed