Summary
The use of global suppression lists by ESPs for hard bounces across different customers is a complex issue with varying perspectives. While some sources suggest that shared lists can improve deliverability and inbox placement by preventing sending to known bad addresses, the prevailing sentiment leans towards caution due to potential data privacy violations, compliance issues with GDPR, CCPA, and CAN-SPAM, and the risk of ESPs becoming data controllers. Many ESPs do not co-mingle data and maintain separate suppression lists for each client, offering better control and avoiding data privacy issues. Regardless, compliance with privacy laws, obtaining explicit consent, transparency with users, and providing clear opt-out options are crucial. ESPs should monitor bounces, use provided tools to manage suppression lists, and understand the anti-spam policies of different providers. Address ownership and the type of data stored on the list (PII vs. non-PII) also require careful consideration. Many ESP's like Mailjet, AWS, Google, etc automatically handle bounces so global lists are not always needed.
Key findings
- Data Privacy Concerns: Global suppression lists raise significant data privacy concerns and potential violations of GDPR, CCPA, and CAN-SPAM.
- Compliance Requirements: Strict adherence to privacy regulations is essential when considering shared suppression lists.
- Data Controller Risk: ESPs risk becoming data controllers when using shared lists, leading to legal liabilities.
- Consent is Paramount: Explicit and separate consent is required for each communication category, revokable at any time.
- Best Practice: Separate Lists: Maintaining separate suppression lists per client offers better control and avoids privacy issues.
- Address Ownership Reversion: Ownership of shut-down addresses reverts to domain owners; associated data is considered PII.
- Automatic Handling Available: Many ESP's automatically handle bounces and complaints for the user.
Key considerations
- Prioritize Legal Compliance: Ensure strict compliance with GDPR, CCPA, CAN-SPAM, and other relevant privacy laws.
- Obtain Explicit Consent: Secure explicit consent for each communication category, with clear revocation options.
- Transparency with Users: Be transparent about the use of suppression lists and honor user preferences.
- Data Governance: Carefully manage data and avoid co-mingling data across different clients.
- Understand Legal Liabilities: Understand the legal implications of being a data controller.
- Balance Deliverability and Privacy: Carefully balance the deliverability benefits of shared lists against the privacy implications.
- User-Friendly Opt-Out: Ensure clear and easy-to-use opt-out mechanisms for users.
- Monitor Bounce Rates: Monitor bounce rates closely and implement feedback loops.
What email marketers say
13 marketer opinions
The question of whether ESPs should use global suppression lists for hard bounces across different customers elicits varied perspectives. While shared suppression lists can improve email deliverability and inbox placement by preventing sending to known bad addresses, significant concerns arise regarding data privacy, compliance with regulations like GDPR and CAN-SPAM, and the potential for ESPs to become data controllers. Some argue that a non-existent email address is not PII, while others contend that the ownership of an invalid address is debatable and that data protection rules could be violated. Maintaining separate suppression lists for each client offers more control and avoids data privacy issues, though it may not be as effective in reducing bounce rates. Overall, using shared suppression lists requires careful consideration of legal, ethical, and practical aspects.
Key opinions
- Deliverability Improvement: Shared suppression lists can improve deliverability and inbox placement by preventing sends to known hard bounce addresses.
- Privacy Concerns: Using global suppression lists across clients raises data privacy concerns and potential GDPR/CCPA violations.
- Data Controller Risk: ESPs using global suppression lists may become data controllers, creating additional legal liabilities.
- Consent Issues: Consent obtained for one sender doesn't automatically apply to all senders on the same ESP, potentially violating privacy rules.
- Alternative Approach: Maintaining separate suppression lists for each client gives more control and avoids data privacy issues.
Key considerations
- Regulatory Compliance: Ensure compliance with data privacy regulations like GDPR, CCPA, and CAN-SPAM when using shared suppression lists.
- Consent Management: Implement robust consent mechanisms to ensure users have explicitly agreed to receive emails from all senders.
- Data Ownership: Carefully consider data ownership issues related to invalid email addresses and their inclusion in suppression lists.
- Transparency: Be transparent with users about the use of shared suppression lists and provide clear opt-out options.
- Individual Control: Evaluate the trade-offs between the benefits of shared lists and the increased control offered by maintaining separate lists for each client.
Marketer view
Marketer from Email Geeks shares that non-existence of an address is not PII and argues that if the global list only contains the address, it might not constitute a data controller.
8 Jun 2022 - Email Geeks
Marketer view
Email marketer from Sendinblue explains that shared suppression lists, although effective in reducing bounce rates, also raise data privacy and compliance concerns, especially regarding GDPR. They suggest implementing robust consent mechanisms.
10 Feb 2024 - Sendinblue
What the experts say
5 expert opinions
Experts offer diverse perspectives on global suppression lists. Some ESPs maintain global 'pander' lists, while best practice is to not co-mingle data across customers. Crucially, address ownership shifts to the domain owner upon shutdown, with associated data remaining PII. Effective list management balances technical aspects with user experience, focusing on opt-out options. GDPR mandates separate consent for each communication category, revocable at any time.
Key opinions
- Data Isolation: ESPs typically avoid co-mingling data, with each customer managing their bounces.
- Global Lists Exist: Some ESPs maintain global 'pander' or suppression lists, raising concerns about consent and data privacy.
- Address Ownership: Ownership of an email address reverts to the domain owner when the address is shut down, and any associated data is considered PII.
- Consent is Key: GDPR requires explicit consent for each communication category, which can be revoked at any time.
- User Experience: Effective use of suppression lists needs to balance technical aspects with providing a positive user experience.
Key considerations
- Data Privacy: Consider the implications for data privacy and compliance with regulations like GDPR.
- Transparency: Be transparent about how suppression lists are used and ensure users have control over their preferences.
- Opt-Out Options: Provide clear and easy-to-use opt-out options for users.
- Ethical Use: Ensure suppression list usage is ethical and respects user preferences.
- Separate Consent: Obtain separate consent for all the different communications you plan to send.
Expert view
Expert from Email Geeks shares that not co-mingling of data is standard practice at any ESP, because it wouldn't make sense from a customer perspective.
8 Jul 2022 - Email Geeks
Expert view
Expert from Word to the Wise explains that using suppression lists effectively requires balancing technical aspects with user experience. Focusing on providing clear opt-out options and honoring user preferences is key for good deliverability and avoiding legal issues.
24 Jan 2025 - Word to the Wise
What the documentation says
5 technical articles
Email service providers like Mailjet, AWS SES, Google, and Microsoft automatically handle bounces and provide tools for managing suppression lists. The SMTP standard (RFC) mandates error reporting for bounce messages. Maintaining low bounce rates and monitoring deliverability metrics using tools like Google Postmaster Tools are crucial for a good sender reputation. Microsoft's anti-spam policies may view shared suppression lists negatively.
Key findings
- Automatic Bounce Handling: ESPs automatically handle bounces and provide tools for suppression list management.
- Error Reporting Standards: SMTP standards require proper error reporting for bounce messages.
- Sender Reputation: Repeatedly sending to bouncing addresses negatively impacts sender reputation.
- Deliverability Monitoring: Monitoring deliverability metrics and maintaining low bounce rates are crucial for a good sender reputation.
- Anti-Spam Policies: Microsoft's anti-spam policies may view shared suppression lists negatively.
Key considerations
- Monitor Bounce Rates: Closely monitor bounce rates and implement feedback loops.
- Utilize Provided Tools: Use the tools provided by ESPs to manage suppression lists.
- Handle Bounce Events: Set up bounce notifications and handle bounce events effectively.
- Maintain Low Bounce Rates: Focus on maintaining low bounce rates to preserve sender reputation.
- Understand ESP Policies: Understand the anti-spam policies of different ESPs and their stance on shared suppression lists.
Technical article
Documentation from Mailjet explains that Mailjet automatically handles bounces and provides tools to manage your suppression list. They advise to monitor bounces closely and implement feedback loops.
9 Jun 2022 - Mailjet
Technical article
Documentation from AWS explains that Amazon SES (Simple Email Service) automatically manages bounces and complaints. Users are required to set up bounce notifications and handle the events. Repeatedly sending to bouncing addresses can negatively impact sender reputation.
2 Sep 2021 - Amazon Web Services
Are email list cleaning services useful for improving email deliverability, and how do they work?
Can a hard bounced email address become deliverable again, and under what circumstances?
Do email list cleaning services effectively remove spam traps?
How are email bounce rates calculated and what is considered a good bounce rate?
How can I accurately verify my email list and identify potentially harmful domains?
How should different bounce types be classified and handled by ESPs?
