Should email marketers use external preference lists for consented mail?

Key findings

• Consent priority: If you have explicit consent for commercial emails, external preferences (like postal lists) should not override that consent. The recipient expects your emails.
• Compliance risk: Using external lists, especially for checking against personal identifiable information (PII), can raise significant privacy concerns and potentially violate data protection regulations (e.g., GDPR, CCPA). The CAN-SPAM Act sets rules for commercial email.
• Deliverability impact: Email service providers (ESPs) generally do not permit sending to third-party lists without explicit, direct consent obtained by the sender. This can lead to account suspension or poor email deliverability issues.
• Focus on first-party consent: Proactive work at the point of opt-in, ensuring clear communication and user understanding, is more effective than reactive measures involving external lists. This includes practices like confirmed opt-in.

Key considerations

• Lawful basis: Always ensure you have a clear lawful basis for sending commercial emails to your recipients.
• Data privacy: Consult your Data Protection Officer (DPO) before using any third-party service that involves checking customer PII.
• Internal list management: Prioritize building and maintaining your own consented email lists, focusing on quality over quantity. This ensures higher engagement rates and better long-term deliverability, as properly consented lists outperform others.
• ESP terms of service: Be aware that most ESPs prohibit the use of purchased or external lists without explicit permission from their service.

Key opinions

• Direct consent is paramount: Marketers emphasize that having direct consent from a subscriber should always take precedence over any external preference. If they've opted into your emails, they expect them.
• Perception matters: Even with technical consent, if customers perceive emails as unsolicited, it indicates a problem with the initial opt-in process. Proactive clarity is key. Consider how existing lists for new companies are managed.
• Avoid unsolicited email: Many marketers adhere strictly to permission-based marketing models. They believe that if an external list is primarily for unsolicited email, it should be avoided entirely.
• Proactive vs. reactive: It's better to invest in clear and informative opt-in processes rather than relying on external lists for reactive suppression. This helps avoid adding addresses without consent.

Key considerations

• Opt-in quality: Ensure your opt-in methods clearly communicate what subscribers are signing up for, and avoid pre-checked boxes.
• Customer perception: Regularly review customer feedback and engagement metrics to gauge how your email communications are perceived.
• Internal list hygiene: Focus on keeping your internal lists clean and engaged. This minimizes the temptation to rely on external lists for suppression or acquisition.

Key opinions

• Consent integrity: Experts maintain that valid consent for commercial email should not be superseded by external lists (e.g., postal preferences). If consent exists, the recipient expects the mail.
• PII usage caution: Using personally identifiable information from customers to cross-reference with third-party services is highly cautioned. This practice requires a thorough data protection assessment due to privacy implications.
• Unsolicited email avoidance: Many external preference services, like the DMA's eMPS, are designed for unsolicited email. If your platform prohibits unsolicited commercial email (UCE), these lists are irrelevant.
• Deliverability degradation: Sending to lists where direct consent for your brand is absent leads to higher spam complaints, bounces, and ultimately, being blacklisted or blocklisted. This damages your sender reputation.

Key considerations

• Prioritize direct consent: Always prioritize obtaining and managing explicit consent directly from your recipients. This is the foundation of good deliverability.
• Legal review for PII: Any cross-referencing with external databases using PII should undergo a thorough legal and data protection review. For example, understanding UK data protection laws is crucial.
• Internal suppression management: Maintain robust internal suppression lists for opt-outs and non-engaged users. This is far more effective than external suppression lists.
• Avoid buying lists: Never purchase or use third-party lists without verifiable, direct consent. This is a common path to poor sender reputation and deliverability issues.

Key findings

• Explicit consent: Regulations like GDPR and CAN-SPAM require clear, affirmative consent from recipients to send commercial emails. This consent should be specific to your brand and purpose.
• Unsolicited mail vs. consented mail: Preference services (like DMA Choice) typically manage preferences for unsolicited marketing communications, not mail for which explicit consent has been given. The DMA provides consumer choice services for this purpose.
• Data protection: Data protection laws stringently regulate the processing of personal data, including sharing it with third-party preference services for cross-referencing. Such activities require a clear legal basis and transparency.

Key considerations

• Regulatory compliance: Ensure your email marketing practices comply with all applicable local and international regulations, focusing on your direct relationship with the subscriber.
• Privacy policy: Maintain a transparent privacy policy that clearly outlines how you collect, use, and process subscriber data, including any interactions with third-party services.
• Consent management: Implement robust systems for managing subscriber consent and preferences internally, allowing for easy opt-out and preference updates. This includes considering if preference centers still apply.