Getting Email Delivered - the ISIPP SuretyMail Blog

Address Book Importing is Just Not OK

 

Got a question about GDPR? Submit Your GDPR Question Here
This information provided by ISIPP SuretyMail Email Reputation Certification. The only email reputation and deliverability service with a money-back guarantee!

Address book importing. Odds are good that if you aren’t doing it, you are either thinking about doing it, or you know someone who is doing it or thinking about doing it. Because, you see, it’s all the rage.

It’s also an awful practice.

For those who don’t know what address book importing is (and good on ya, if you don’t), it’s the practice of having a user import all of the addresses in their email address book into your system, and then sending out “invitations” to all of those addresses, in the user’s name, so that the sending system is, in theory, immunized from spam complaints, because hey, “they came from your friend, not us.” Make no mistake about it – it doesn’t matter what’s on the “from” – if your system is sending out hundreds or thousands of messages, all to people who did not request them, it’s spam. (And actually, with the “from” address not being your own, in this context, technically it’s spoofing, as well, which is another big no-no.)

This is definitely a way to impress the ISPs and make sure that your email doesn’t get blocked. Not.

There are a couple of different ways to do address book importing, but by far the most common (and worst) variation is this: a user signs up at a website, and as soon as they create their account, the very next page they see is a request that they “invite all their friends to use this great service”, that they “tell all their friends where their new social networking account is”, or that they “share this great newsletter with all their friends.” And then the user is presented with the login page for their email account – and it looks for all the world like their ISP has approved this! The ISPs this is most often done with are AOL, Hotmail, Yahoo, and Gmail. The ISP’s logo is usually there (used without the the ISPs’ permission), the familiar “username” and “password” boxes are there – in fact often it is made to look so much like the ISP’s login page that users are tricked into thinking that it is their ISP’s login page or, at very least, tricked into thinking that their ISP has approved it. Only, they haven’t.

In fact, the ISPs very much don’t approve of this (although, ironically, in a few isolated contexts and instances, some ISPs offer a very similar feature).

From an Internet practice and policies perspective (and from the ISPs’ perspective) this is a spectactularly Bad Practice because it trains end users to give up their passwords to third parties!

Now, I think that we can all agree that giving your password to someone you don’t know (heck, even giving your password to someone that you do know) is a Very Bad Idea.

To train an entire generation of Internet users that it’s perfectly ok to provide your password to some third-party service for which you just signed up goes against all Internet safety and security practice (and logic).

But here is another, more immediate, reason why it’s such a bad idea:

It builds your service or site a reputation as a spammer.

Because those thousands of individuals who are going to get that ‘invitation’ from “your user” – they know, they’re not stupid. They know that your user – their friend – was just a mere tool in your plan for world domination and that you really sent that email. And make no mistake, it WILL hurt your reputation.

Don’t believe me? Just check out the comments (and the number of user views) on this article:

Is Flixster a Spammer?

Another, slightly more benign, variation on address book importing is the practice of importing only your users’ local address books – i.e. the one that resides on their own computer (rather than at their ISP) – such as their Outlook address book. With this variety of address book importing the users have the ‘opportunity’ to ‘invite’ all of their friends, but you aren’t having them log into their AOL, Hotmail, or other account to do it. Doing it this way at least does away with the issue of your having your users gives their passwords to a third party site, although it does still suffer from the other problems.

So if the practice of address book importing is so problematic, why do sites do it? Pure and simple: greed. Oh, they say it’s so they can quickly build a mailing list or to quickly populate a community, but why are they trying to build their list or community so quickly?

And they rationalize it by saying “everybody is doing it.”

Don’t be everybody. Be smart. And be right.

This information provided by ISIPP SuretyMail Email Certification. The only email reputation and deliverability service with a money-back guarantee!

Follow Us!

    Next: » Watch Your Text to Image Ratio

« Previously: Why You Should Never Send Mass Mailings Through a Brand New IP Address

3,227 views

2 Comments

    One of the worst features in some email clients is the one that says “add the address to my address book when I reply.” When you get those forwarded messages and accidentally click reply to all, you, and everybody else on that list are in trouble.

    Next time you send an important message to your friends and loved ones, you’ll have some extra people you’ll be contacting too.

  • good read. But the one that really get’s to me is all the mail forwards by people who will not delete all the previous email addresses. I bet in less that two days I could have 200 new address of people that I don’t even know. just what is the probability of a spammer using these addresses? I know that I get unwanted mail from people I don’t know because of this.

Leave a Reply




This article originally written on May 11, 2016, and is as relevant now as when it was first written.