Building Trust 28 November 2018

Best Practices: Email Unsubscribe

Email is a vibrant channel for marketers to connect with consumers on many fronts, providing an important value exchange between consumers and industry. Marketing emails can range from promotional offers and shipping confirmations to user surveys and distributing information tailored to users’ needs and interests.

At the same time, consumers are faced with inbox overload ranging from spam and malicious email to excessive email not aligned to their interests. The Internet Society’s Online Trust Alliance analyzes email marketing and unsubscribe practices each year to provide insights and guidance for enhancing this important connection. 

2018 Email Marketing & Unsubscribe Audit – released 28 November 2018

Unsubscribe Best Practices

Consumers may react negatively to email they perceive as being irrelevant or sent too frequently. Today ISPs and mailbox providers are placing added weight on user engagement including open rates, click through and spam complaints. Combined with related anti-spam technologies, email authentication and heuristics, this data is used to make a determination on the placement of email into the user’s inbox, junk, spam folder or outright blocking. With these added considerations, it is more important than ever that marketers create a trustworthy unsubscribe mechanism for their recipients. The opt-out function should be easily discoverable, easy to operate, (preferably via one-click) and ensure a user’s request to be removed from a list is completed without delay.

Audited Unsubscribe Best Practices

  1. Clear and Conspicuous. Opt-out copy and link should be “clear and conspicuous” and not buried among long paragraphs of legal language. The opt-out should be visible from the last sentence of the body of the email, minimizing vertical space between the end of the body copy and the link and a different color than surrounding text to help identify it as a link. The user should not be forced to download images in order to identify the unsubscribe link.
  2. Commonly Understood Terms. Commonly understood terms such as “unsubscribe” or “opt-out” should be used. Avoid terms such as “Click here to Modify your Subscription Practices” as it may be perceived as an attempt to obfuscate the suppression link. These tactics tend to undermine brand trust and integrity. OTA recommends separate links which call out the key preference options by name even if the links all lead to the same preference page. For example the following terms can all be included in the footer of an email and lead to the same page: unsubscribe, change email/physical address, reduce frequency or update profile. Ideally each should have links to allow consumers to update their preferences.
  3. Easily Read / Size. Text should be easily read by recipients of all ages and on all devices. As a general guideline, unsubscribe links should be no more than 2 points smaller than the body copy of the email and no smaller than 8 point font without requiring the user to move the mouse over the text to find the link. The font color should be readable with adequate contrast from the background, ideally in a different color and font family from the body copy.
  4. Unsubscribe Header. All email should Include the “unsubscribe header.”  Senders should adopt the List-Unsubscribe mechanism within the header of each message as described in RFC 2369. Including a List-Unsubscribe header allows ISPs and automated unsubscribe services to easily identify your opt-out mechanism. Gmail, Microsoft Outlook, Yahoo! Mail and other leading ISPs and mailbox providers display an unsubscribe button to the user in the user interface when a List-Unsubscribe header is found. The use of this header will help reduce complaints because your recipients will be able to easily and reliably unsubscribe.
  5. Opt-Out of All Email. An easy mechanism to opt-out of all email should be provided – not just the specific email program they clicked the link on. As required by CAN-SPAM, if an advertiser or marketer has multiple email programs, they must have an option to opt-out of all email as well as the individual email campaigns and programs. Related best practices dictate that where third-party publishers are undertaking the campaign, a second link unsubscribing from the publisher should be placed below the advertiser’s link and should include a global opt-out request.
  6. Confirmation Web Page. Serve an unsubscribe confirmation web page. Thank subscribers for participating in your program with a simple statement such as “We’re sorry to see you leave our newsletter” and offer a (re)subscribe if they made a mistake. Do not send a confirmation email as it can be a violation of CAN-SPAM and you risk further alienating consumers. Consider providing alternative channels for consumers to maintain a relationship with your brand such as Facebook, Twitter, YouTube, etc.
  7. Branded Unsubscribe Page. An unsubscribe confirmation web page should be clearly branded to eliminate the confusion generated by an unbranded page. Make it clear that site visitors are in the right place. Include branding and links back to your home page and privacy policies.
  8. Preference Center and/or Opt-Down. A link should be provided directing users to a combination preference center to unsubscribe, opt-down or make other changes. Don’t obfuscate the unsubscribe language or process.  If a web-based page is used for suppression collection, consider offering options besides complete opt-out. However, do not require a user to log in with a password to change preferences, and be sure one of the preferences is a global opt-out. Consumers can also be presented with an opt-down option, giving them a choice to reduce the frequency of emails that they receive. Similarly, consumers can be offered the ability to choose when and how often to receive emails – daily, weekly, bi-monthly or monthly. Consumers want to maintain a relationship with companies’ brands, but maybe not all at the same frequency. Note it is recognized that small companies and low frequency senders may not have the scale or size to offer such options.
  9. Optional Customer Feedback. A simple survey should be offered during the unsubscribe process to allow customers to provide feedback about why they are leaving. This allows companies to refine their email marketing program and help to reduce future opt-outs. A simple check box can be used to determine why customers are unsubscribing. Remember this cannot be required as it would violate CAN-SPAM. A common treatment is to present the comment boxes to the right of the opt-out option or on the confirmation page, but never send a follow up email asking why they unsubscribed. Allowing the customer to check all that apply can help determine specifics about their dissatisfaction (e.g., frequency, content, timing or other aspects of the email marketing program, including practices by third party affiliates and publishers).
  10. No Delay on Removal. Unsubscribes should be removed without delay. While CAN-SPAM and CASL both allow up to 10 business days for suppressing mailings, OTA recommends users be removed and added to suppression lists as soon as possible. Why wait when a user has explicitly stated they do not want to receive more email? Waiting 10 days and sending another email will only reduce user engagement and possibly lead to an increase in spam complaints. Note that Australia, New Zealand and other countries require businesses honor an unsubscribe request within five working days.

Related Best Practices 

  1. Unsubscribe links should be operative for a period of no less than 60 days (CASL requires 60 days and CAN-SPAM specifies 30 days). Consumers may have inbox rules which place marketing email in a folder for later reading. If they want to unsubscribe at a later time they should be provided this functionality.
  2. Testing & Feedback Loop Data (FBL) should be utilized. FBL data provided by ISPs can help identify problems with email campaigns that can drive unsubscribes and hurt deliverability. Test campaigns on a range of devices and platforms for optimal rendering. Look at the expectations that are being set at the point of collection to help ensure the campaign is meeting consumer expectations.
  3. Email and all suppression lists should be secured. As with all data, mailing lists can be exposed to loss, breaches or accidental transmissions. As lists typically include other data attributes, data loss incidents of such lists are increasingly subject to foreign, federal and state data breach legislation. Hashing and encryption should be considered to minimize the risk of list abuse, while aiding in maintaining security and integrity of all lists, including those “in motion” and “at rest.” See OTA best practices, including those in the IoT Trust Framework.
  4. A mechanism for users to update their data should be provided. Users may change their email and physical address but wish to retain their profile data. Knowing which state and country a user resides in will pay dividends in complying with appropriate breach laws and regulations.
  5. Email Authentication should be implemented to help protect brands from spoofing and forgery. The combined use of SPF, DKIM and DMARC across all sub and parent level domains helps to provide ISPs, mailbox providers and receiving networks the ability to detect malicious email and prevent it from being delivered to users’ mailboxes.

Related articles

Building Trust 31 August 2020

Policy Toolkit on IoT Security and Privacy

The Policy Toolkit on IoT Security and Privacy is a practical resource for policymakers and regulators to strengthen the...

Building Trust 1 November 2019

Security Factsheet: Keeping Your Workplace Safe Online

For many of us the Internet is a staple in our day-to-day lives – especially at our jobs. But...

Building Trust 1 November 2019

Security Factsheet: Why Should Municipalities Make Network and Data Security a Priority?

Communities can minimize risk by being intentional about how and by whom networks and devices are used. These are...