Nearly daily, I receive emails not intended for me. I can forgive the random photos from individuals who think I’m James or Jason or the occasional bid from a construction company where the sender forgot to add a few numbers to the end of my name.
What I am increasingly finding problematic is the emails from companies who sign me up for email lists without requiring double opt-in. A double opt-in is simply requesting confirmation at the email address signed up. It’s simple and important for marketers to do this. In addition, emails should include an “Unsubscribe” link that is easily found and useable. These are BASIC.
What is even more egregious to me is when companies allow accounts to be created, purchases made, and then, if the email address is unverified, EASY access to account info by using the “forgot password” link. It looks like this:
- I click on the “forgot password” link and enter MY email address
- Because someone signed up using my address, I receive a reset email
- The company does not require additional authentication, so I am able to change the password on the site
- I login and voila.. access to all account info.
This has been going on for years and what finally prompted this post is a recent encounter with www.checkpeople.com. Someone signed up with my address. I am able to login and see all his personal information. Oh, and because this site deals with data collection of individuals (criminal records, addresses, birthdates, etc.), I have access to an enormous amount of personal data including the people he searched for. Frightening.
Customer service has been particularly unhelpful in understanding this issue, insisting that I call an 800-number to make account changes. They clearly do not understand the issue and I can only hope they forward me to a privacy expert as requested.
In the meantime, my advice is to review your own marketing procedures and look for possible privacy flaws, no matter your industry or organization size.
- Follow CAN-SPAM guidelines. (note #6 that requires you provide a way for users to opt-out of emails using email or other online-based system). Ideally, use double opt-in.
- Set-up accounts in a way that requires authentication beyond clicking a link! Use two-factor authentication or at minimum, require verification before account creation.
- Train your customer service people on privacy issues and how to respond to escalations. I don’t know how many times I’ve had to explain multiple times what the issue is to uninformed individuals.
- Consult your legal team. I am *not* a privacy expert or legal consultant, just a concerned marketer who has received one too many emails not intended for me.
At the end of the day, these will make your customer experience a better one. For everyone.