Tag Archives: GDPR

The Year in Email

Happy New Year
Here we are again. Another year has come and gone. As always, there was no shortage of email flubs this years and we’ve collected a few of our favorites. Interestingly, we saw fewer of the “Dear [customer name]” errors that used to plague email marketing. Either people have finally made sure that their name fields contain information, or they’re starting to use dynamic content more. Either way, it’s nice to see that one go away. We’ll start the list with the one thing that doesn’t appear to be going away: the inactive unsubscribe link and CAN-SPAM violations.

Don’t You Dare Unsubscribe

unsub failAfter receiving ten unsolicited emails in just a few days from a company pretending to be Dawgs—a purveyor of ugly sandals—I tried to unsubscribe. This is what I got. How much of this is the sender’s fault and how much is the fault of their ESP, I can’t say, but needless to say, all of their emails went straight to the spam folder.

Unsubscribe? Never heard of it!

no unsub
How do I count all the things wrong with this email? From the needless word breaks to the disconnect between the offer (car rentals) and the company offering the deal (North Hills Clothing), this email cries “spam” at every level. How it ended up in my inbox is beyond me. I never would have clicked on the unsubscribe link on such a suspicious email, but this one doesn’t even have an unsub link!

See, We’ve Got an Unsub Link. I Think…

inactive link
East Midlands Trains does a good job of providing their physical address, and it looks like they’ve provided an unsubscribe link, but click on that link and nothing happens. A look at the email’s source code show where the problem lies:

<a href=”<%unsubscribe_link_text%>” target=”_blank” style=”text-decoration:underline; color:#333333;”>How to unsubscribe.</a>

There should be an actual URL listed in this href. Somewhere along the line, the unsub link got screwed up. Whether this was the email’s creator typing it in and accidentally using the wrong number of percentage signs, or HTML that was copied verbatim from a different ESP is hard to say.

Click Here. Go ahead. I dare you.

spammerYou can click on that unsubscribe link all day and nothing will happen. This is an odd one. If you look at the email’s source code, you’ll find an unsubscribe link that works and a physical address (Royal Caribbean Cruises), but you won’t find either in the email when it’s opened. There is an unsubscribe, but the one that’s displayed is missing its URL. It’s a sloppy piece of coding that has the body copy closing before the final content. Add to all of this that the email supposedly comes from Amazon but clearly does not. This is either badly designed spam, or phishing or both.

We’re Experts!

white text errorThe above example is the bottom of the page on an email. Yes, that blank white area below the signup button is part of the email. At first it may look like the information required by CAN-SPAM is missing, but it’s there. The problem is that the sender decided to use a dark orange background image and set the overlaying type (the physical address and links) in white. This email looks fine as long as images are turned on, but not everyone turns the images on. When the images are off, you end up with a seemingly empty white space at the bottom of the email. This error is bad enough on its own, but this particular email came from another email marketing service provider. Out of professionally courtesy, I won’t name them, but the “Friendly From” in their sender line refers to them as an “Email Markeitng” (sic) service. As if all this isn’t enough, the mailing is filled with buttons asking readers to “Read More” or “Check It Out!” but none of these buttons are linked.

We Prefer to Call It…

sneaky unsubThis runs dangerously close to violating CAN-SPAM, which specifies that mailings must have a clear unsubscribe link. Here they’re trying to be clever. It didn’t help that clicking on the link went to an unsubscribe page that requires one to enter their email address. Guess which email went into the Spam folder?

Readability is So Last Year

GucciGucci likes to stay fashionable, but sometimes fashionable and readability collide. Pink and gold might be an interesting combination for apparel, but it makes a lousy combination in a text box.

Did You Say &⁠#38 or &⁠#48?

weird codingThis one confuses us. The HTML clearly shows that special characters labeled “&⁠#38” were inserted between each word in this headline. That’s the HTML code for an ampersand, but there’s no reason for for ampersands to appear between each word in the headline. The most likely cause is the code was copy and pasted from one program to another, leading to the insertion of this character for no good reason.

Button, Button, Who’s Got the Button?

bad buttonsIn the grand scheme of things, this is a pretty minor infraction, but it’s if you are going to make a table cell in your email look like a button, it’s better to put the <a> tags around the cell instead of the type. In this example, you’ll only activate the links by clicking directly on the type. Clicking within the boxes has no effect.

We’re a Real Company, Honest!

stock photosWe can’t tell whether or not the way the words “social media” run down the left side of the image is some misbegotten design idea (we think not), but the CanStock watermark on the image is unforgivable. If you plan to use an image, either pay for it, or create your own version (paying for it is usually cheaper). Sending out email like this makes a company look suspiciously like a fly-by-night affair. Marketing Knowledge Cloud isn’t such a company, but you couldn’t tell it from this email.

Even Alt Tags Can Be Wrong

bad code
This one nearly caused my brain to explode. You can see in the text I’ve highlighted in yellow that the HTML codes for the right and left curly quotes are displaying instead of the curly quotes. That might have been okay, except that below it on the right, another article on the same page is displaying curly quotes in the same content. It that weren’t enough, as soon as I choose “display images” the HTML code disappears. A closer examination of the code revealed that this text appears as part of a styled alt tag (for more on stylized alt tags see The Finer Points of Styled Alt Tags). The code for the right curly quote reads: “&amp;#8220;” which will display as “&⁠#8220;” which is the correct code for that curly quote. Either somebody really wanted this to look exactly wrong, or they got confused. The right curly quote on the headline to the Page-Turner article has a value of x201C, which works, but it is hexadecimal code instead of the more common HTML code. If I had to guess, I’d say that the two article were written and formatted by different people and then assembled in the newsletter. One of them knows more about HTML than most people, while the other needs to go back to class.

All Tests Are Not Created Equal

media query errorThis looks pretty bad doesn’t it? The code contains media queries to make sure the content adjusts its size across various devices. The problem is, it’s wrong. This screenshot was taken from an iPhone. The first table is behaving as it should, but then the rest of the email goes all cattywampus. We suspect the person that created this simply tested the responsive results by resizing the window on their browser—a kind of poor man’s test environment. If you do that, this email looks fine, proving that there’s no substitute for the real thing.

I Are An Expert!

Speaking of testing, here’s an email from a company that that specializes in providing testing environments for all the various browsers and phones. Either they missed one, or they decided that the Mail program in Microsoft’s Windows 10 wasn’t worth worrying about. Either way, this isn’t something a company whose raison d’etre is testing email should ever be guilty of (to prevent further embarrassment, we’ve removed the company’s logo).

I Heard You the First Time

Amazon errorAmazon likes to send out notifications about newly available movies and TV shows. We’re not sure what happened here, but suspect that the API call that was suppose to register that the email had been sent wasn’t receiving the proper information and decided to keep sending until it was told to stop.

There’s Always One More Typo

misspelled glassTypos are the bane of every writer’s existence. So what’s worse than a typo in your content? How about a typo on the actual product you’re selling. This glass, offered by Bourbon & Boots, has what should have been a clever quote by Mark Twain, but we’re sure Mr. Clemens knew the difference between “then” and “than.” This error has gone uncorrected for over a year now.

Hey Everybody! We Value Your Privacy!

GDPR goofWhen the GDPR came into effect, lots of businesses scrambled to make sure they were compliant. Sometimes, these efforts were counterproductive to say the least. One of the worst came from Ghostery, who sent out an email explaining the steps they’d taken to ensure GDPR compliance. Too bad the included everyone’s email addresses in the “To” field.

Did I Say Mail Merge Errors Were Gone?

mail merge errorPerhaps I spoke too soon. Just when I thought I’d see a year without mail merge errors, this one landed in my inbox. It’s such an easy error to avoid with the careful use of dynamic content.

Our Next Speaker: Wyatt Earp

dead speakerOne of the more amusing apologies came from b8ta—a tech gadget store than sponsors meet-ups with inventors and start-up founders. We’re not sure how you’d confuse Ben Holt with Ben Einstein, but we guess it could be worse: They could have announced that Albert Einstein was going to appear at the b8ta store instead.

Don’t Do This. Not Ever.

fake oopsApology emails have a higher open rate than other emails, so one can see why a marketer might want to use this to their advantage. But apologies are a serous thing and pretending to apologize for the sake of sales puts you just one step away from being labeled a spammer. Don’t do it.

Okay, that’s it for this year. We hope you enjoyed that. In the end, the lesson to be learned is always the same: Test, test, test.

To IP or Not IP, That is the Question

IP graphic
Internet Protocol (IP) addresses are how the Internet keeps track of who is where. They aren’t necessarily attached to specific email addresses, but they do contain potentially valuable information about a person’s geographic location (although, as we’ll see, this is an imperfect science). It stands to reason that the more information you know about your subscribers, the easier it is to tailor your content to fit their interests, so there is some value in attaching IP information to each email address, but be careful: Where you and your customers reside can affect the legality of this practice.

Using the IP Address

Your computer’s IP address is like a landline telephone. If everyone in a household is using that telephone, then everyone will show up under the same number. Like a telephone number, an IP address can give you a good idea as to where someone is located without showing you the exact address. A search on our own IP, for instance, turns in different results, but they are all in the Bay Area, which is where our headquarters are located. Even with this limitation, an IP address will narrow down the possible location of the subscriber, which can, in turn, help greatly with certain types of marketing.

Dynamic vs. Static

There are two kinds of IP addresses—dynamic and static. Their names suggest exactly what they are. A static IP address is one that never changes. Companies, for instance, will often be use a static IP address to help them send and receive data and allow others to easily log onto their servers. A static IP address is mandatory for certain activities such as VoIP and VPN to ensure stable connections. Individuals might also opt for static addresses if they plan to host a website on a server, or are highly active in the online gaming community.

Dynamic IP addresses are often used for home connections. They are considerably cheaper and the end user doesn’t have to worry about network configuration since this is handled automatically. As one might expect, geolocation is a little more reliable with a static address than a dynamic one, although both have some value here.

Linking IP addresses to the email addresses gives you ability to provide information as to when and where a person opted to receive email from you, eliminating potential claims that your mailings were unsolicited. Some ISPs ask for this information when investigating spam complaints. But there is a big caveat to using this approach: It might be against the law.

IP Addresses and the Law

The legality of linking IP addresses to email addresses changes from country to to country. In some countries, it is perfectly legal, while others see it as a violation of privacy, allowing it only after the subscriber has agreed to let the ESP use that information. In the US, for instance, there is no single, comprehensive federal law regulating the collection and use of personal data. Even if there were, the odds of it being enforced are slim considering that the FTC only brings a handful of cases against emailers to court every year, and most of those are because the products these companies are selling don’t work, rather than privacy breaches or CAN-SPAM violation.

In Canada, which has some of the strictest spam laws on the books, a record of an opt-in is required. Canada has strict rules about what information the government can gather about a person, but the laws concerning the private sector appear less well defined. If businesses aren’t allowed to attach IP information to email addresses, then the verification of subscription becomes a lot harder. This summer, a second aspect of CASL takes effect that lets individuals challenge a company’s email programs, meaning anyone can bring any company to court. This sounds like a recipe for disaster, but only time will tell.

In Great Britain, you can collect IP addresses, but you start treading into the danger zone once you connect those IP addresses to individual email accounts. An IP address by itself isn’t considered personal data, but when it’s combined with other information to build a profile of an individual, it suddenly becomes personal data—even if that individual’s name is unknown. You’ll need to get permission from the recipients to do so. This isn’t a big deal., although most British companies use these additional requests for more specific information, such as the location of the recipient’s preferred store.

In most of the rest of Europe, things get even even trickier. In Europe, static IP addresses have been considered personal data for some time now, but on October 19, 2016, the Court of Justice of the European Union (CJEU) ruled that dynamic IP addresses can also qualify as personal data under EU privacy law. Additionally, the Swedish Supreme Administrative Court has ruled that collecting and storing IP addresses is in violation of the Personal Data Act.

These laws have been further enforced with the approval of the EU General Data Protection Regulation (GDPR). The regulation was passed by the EU Parliament in April of 2016. Although not specific to email, the regulation does require businesses to keep tight controls on their private data and gives your subscribers the “right to be forgotten.” Any data you have on them needs their approval and they can nix it at any point. This includes their name, photos, email addresses, bank details, posts on social networking websites, medical information, and computer IP addresses. The regulation has a two year grace period before they start cracking down on violators, and applies to any business doing business in the European Union.

The irony here is that by not allowing the ESPs to use this information, it makes it harder to verify when someone not associated with that email address is pranking the actual addressee, making it far more likely for that person to receive spam than they otherwise would.

Over in China they have a completely different take on the matter. As far as they’re concerned, an IP address in isolation isn’t personal data because it’s focused on a computer and not an individual. This reasoning was applied by the Hong Kong Privacy Commissioner in a complaint about Yahoo!’s disclosure of information about a journalist to Chinese authorities.

Approach With Caution

So what is the best technique? If your company does no business outside of the United States, and never plans to expand past that country’s borders, IP collection isn’t an issue. If, on the other hand, your clientele is international and you need to stay compliant in several countries, you’re better off either forgetting about collecting IP information, or adding a check box to the sign-in process to verify that the recipient has approved your use of their IP address information. Given the constantly shifting landscapes or laws on this subject. Some type of verification from the users that it’s okay to note their IP addresses is the safest route.