Building Trust 28 November 2018

2018 Email Marketing & Unsubscribe Audit

The 2018 Email Marketing & Unsubscribe Audit found that the vast majority of audited online retailers have embraced unsubscribe best practices, going beyond mere compliance, and have shown continued improvement since 2014 despite expanded and more stringent criteria. This year’s Audit examines the entire email engagement process, from signup to receiving email to the unsubscribe user experience and results.

Consistent with the four previous reports, the Audit focused on the top 200 North American online retailers.1 For each site, analysts measured and tracked the signup process and user experience, and after observing emails received for as much as six months (and no less than one month), each account was unsubscribed, and activity and compliance was monitored for a period of at least thirty days.

The primary objective of this report is to provide marketers, service providers and policymakers insight into how to enhance the integrity of email marketing. Retailers achieving scores of 80% or higher received designation as “Best of Class.”

For 2018, 74% of the top retailers qualified, a strong improvement from 67% in 2017 and nearly reaching the 75% achievement level of 2015. Primary drivers for the improvement were better discoverability of the unsubscribe link and increased use of encryption for the unsubscribe web pages. Ten of the audited retailers realized perfect scores – Dick’s Sporting Goods, Home Depot, Lands’ End, Musician’s Friend, Office Depot, Optics Planet, Sierra Trading Post, Staples, Talbots and Walgreens.

Email security was another highlight area in 2018. Adoption of email authentication technologies SPF and DKIM reached 100%, and adoption of DMARC (another email authentication technology to prevent spoofing) and opportunistic TLS (encrypting messages between mail servers) improved significantly.

OTA asserts that in order to maximize engagement, deliverability and brand reputation, the online marketing community needs to continue to put the user first and embrace the outlined practices. As the regulatory landscape is evolving, marketers need to look beyond North America to anti-spam and data protection laws in other countries, most recently represented by the EU’s General Data Protection Regulation (GDPR). Companies with an EU citizen or resident on an email list run the risk of potential fines of up to 4% of global revenues for violation of marketing, privacy and data protection practices.2

1 Source: Internet Retailer®,

2 GDPR Overview,

Related articles

Building Trust 31 August 2020

Policy Toolkit on IoT Security and Privacy

The Policy Toolkit on IoT Security and Privacy is a practical resource for policymakers and regulators to strengthen the...

Building Trust 1 November 2019

Security Factsheet: Keeping Your Workplace Safe Online

For many of us the Internet is a staple in our day-to-day lives – especially at our jobs. But...

Building Trust 1 November 2019

Security Factsheet: Why Should Municipalities Make Network and Data Security a Priority?

Communities can minimize risk by being intentional about how and by whom networks and devices are used. These are...