The Risks of Appending Emails
By Ray Parenteau
[Note: this article appears on the ABA Bank Marketing website -
As email fever continues to rise among financial institutions (FIs), so does the desire to acquire as many customer email addresses as possible. Most FIs today collect email addresses at account opening, whether it be online (required) or in person (requested). As a result, organic account acquisition continues to increase the ratio of email addresses available in customer data. Many banks have also implemented aggressive programs to increase email acquisition, as they now see this as a necessary channel to connect with customers for promotional, informational, and operational purposes.
Against this backdrop, some financial marketers are contemplating using email append services to grow their email lists. This is a process where, using names and addresses, data providers scour their databases to find matches, and then append email address to the record. Some will even include a service to verify the address and the relationship by sending an introductory message on behalf of the FI. The introductory message typically provides the contact with the opportunity to opt out of the FI email relationship. (It’s important to note that if someone doesn’t receive or read this message, they may be automatically added to a list without any sort of notice or consent.)
Sounds simple and perfectly innocent, right? After all, it’s a common practice to append demographic, psychographic, and financial information to customer files. And there’s no known blowback from that, except the occasional off-target promotion. But when it comes to contacting customers at an email address they never explicitly or directly provided you, there are potential consequences. And you may decide that using these addresses is not worth the risk involved.
Let’s look at some components that should inform your decision to append or not append email addresses to your customer data.
Who are those customers that have not yet shared their email addresses with you?
Are they older or specialized accounts? Or low-balance convenience checking customers that simply need a product to pay bills? Maybe they’re long-time, high-value VIP customers with multiple accounts and a personal banker. Either way, email may not be the right channel for them. Unlike mainstream deposit and loan customers, these relationships may be too personal (or not personal enough) to support email interaction. So, before embarking on an append project, it’s good to analyze which customers would be involved, and have a clear follow-up plan for email engagement. There may be valid reasons why you don’t already have these email addresses.
Look at the potential use of appended emails.
Let’s say you go ahead and append some of those missing email addresses to your customer file. (I say some because the confident match rate on those accounts could be quite low—maybe 20% or less.) Now what? You’ve made an introductory contact, which may or may not have been seen by the recipient, so it’s an “inferred” permission at best. What do you send as a follow-up? Do you have enough data to make a relevant offer? Could you include them in any cross-sell/upsell program? More likely they could be added to your monthly e-newsletter. Is it worth the effort and potential blowback? Read on before you decide...
Consider potential issues with appended email addresses.
Many institutions have been late to the email party, feel a need to catch up, and may decide give appending a try. And there are many providers out there promising compliant, legal, and risk-free ways to append email addresses. Many (though not all) are legit, and are successful with retail, hospitality, and other non-financial providers. However, for a number of reasons, that success may not transfer well to financial institutions.
Phishing and identity theft scams continue to plague the financial sector. It’s well-known that hundreds of millions of email addresses from providers such as Yahoo and major retailers have been compromised and are actively being sold on the black market. As a consumer, if you have shared your email address with your bank, you most likely are aware of it. And if not, the reverse is true.
Speaking of third parties, most consumers are aware of the general language that states something like, “We will never sell, rent, or share your email address with anyone …” So, it’s safe to assume that sites collecting these emails do not subscribe to the same practices. They explicitly (or not) collect email addresses specifically to “rent, sell, share” them. Knowing this, people may use “disposable” email addresses, rather than their primary address. And the emails they receive at that address have a higher likelihood of landing in spam folders and never being seen or acted upon. And, if your bank domain is associated with those messages, it will affect your sender reputation. (This is a larger problem, worth a larger discussion.)
Another important factor to remember is that these appended addresses will need further verification from the bank before they can be used for operational messages, since they clearly would not have been vetted through the e-Sign process.
Be aware of what’s considered “email abuse.”
While the above reasons alone would give many bankers pause, you should also research how the email industry views email appending. Basically, it’s seen as another form of spam, simply because the recipient has not consented to receiving your messages to that address in any way. Here’s what one leading anti-abuse group has to say:
Email appending is a direct violation of core MAAWG values. There are many reasons why email appending is abusive and leads to a large number of spam complaints and message rejections. In addition to complaints, email appending creates significant risks of violating privacy and anti-spam legislation.
In addition, many email service providers (ESPs) have explicitly come out against the practice. There are providers that turn a blind eye to “light” email prospecting, while others explicitly or implicitly allow any messaging. Also, many CRM systems don’t have the processes or safeguards in place to remain compliant with CAN-SPAM or best email practices. But major ESPs usually require some form of provable relationship between the sender and the email address being used.
What about email verification?
Some providers cite the added benefit of verifying email addresses. This may apply if you have a large list of old or dormant email addresses that you haven’t used in a few years. It typically doesn’t involve actually contacting the recipient, so it’s less risky. It simply validates the formatting and the existence of the email address, but not necessarily that it is actively in use.
If you have an active email program, verifying those addresses is usually not needed since invalid email addresses usually fall out at some point. Most email providers do a “pre-scrub” of list imports and will reject records with old domains, spam traps, and “role” accounts (such as email@example.com). Likewise, non-deliverable addresses will eventually “bounce out.” It’s important to have a feedback process to correct these in your source systems, and flag those customers for offline email verification.
Do the math.
Let’s say you start with a base of 50% of your 20,000 unique customers. That leaves 10,000 potential email addresses to append. After research, you may eliminate 25% of these due to duplicates, type of account, or customer, leaving you with 7,500 potential additions. If you achieve a 20% confident match rate, you will have added 1,500 email addresses, which you now have to manage as a separate segment. If just 5% of those 1,500 customers complain about the program, you or your call center will need to respond individually to 75 inquiries. And, there’s no guarantee that those 1,425 remaining addresses will be responsive to any email efforts.
Consider a better approach.
Instead of dwelling on the other potential problems with appending (or list rentals), let’s consider proven alternatives to solving the problem.
First, if you haven’t yet rolled out a serious initiative to capture email addresses at all touch points, start there before considering the append option. By capturing your own addresses, you are inherently (not surreptitiously) acquiring email permission. This effort needs high-level engagement, systems support, and ongoing management and diligence. A consistent program should push your customer email ratio to 60% or more. We’ve seen in-branch efforts capture thousands of new email addresses in just a couple of months. The real benefit is that these customers are explicitly giving you email permission.
Another option is a targeted direct mail program, which can include a promotion (gas cards, Amazon cards, cash prize) to drive traffic to a specific landing page. Capturing email addresses organically on your website typically doesn’t yield great results. But if you are engaged in any search or digital campaigns, capturing an email address on landing pages can prove very effective for follow-up and conversions.
In the end, the risk/reward ratio of adding email addresses from a third party needs to be thoroughly understood.
It starts with an evaluation of the affected customers and their relative email value. Then, understanding the reputational risks of using email append against the potential rewards.
Finally, there needs to be some consideration of other, less risky alternatives to building your email lists. In today’s world of email, quality is more important than quantity. While email appending may work in other industries where long-term relationships are not highly valued, banks need to think carefully about whether it’s the best option for financial institutions.