Jun 15 2007

Is Permission Still Relevant?

Is Permission Still Relevant?

My colleague Stephanie Miller wrote a great post on our Return Path blog this week entitled Is Permission Enough? The essence of her argument is:

…permission is not forever…Subscribers opt in and then promptly forget about their actions…Nor is permission a panacea. Opt-in doesn’t replace relevancy and keeping your promises.

And she goes on to give great examples of how marketers abuse permission and a great checklist of times marketers shouldn’t ASSUME permission, which is where the trouble starts.

So I concur — permission is never enough from a sender’s perspective.  But you still have to have it.  Why?  Read on.

I’d like to extend Stephanie’s argument from senders to receivers and question whether permission is as relevant as it once was in terms of how ISPs, filters, and blacklists determine whether or not to block mail.

The argument for permission as a relevant filtering criteria goes something like this:

1. Unsolicited commercial email = evil. It is the true definition of spam.  If I don’t ask for it, you have no right to send it to me.

The argument against permission as a relevant filtering criteria is more nuanced:

1. It doesn’t matter if something is opt-out quadruple opt-in. Users think of spam as “email I don’t want,” not “email I didn’t sign up for.”  As Stephanie says, bad email I signed up for is even worse than unsolicited email in some ways.  And look at the other side of the argument as well:  would you really mind getting an unsolicited/unpermissioned email if the content or offer was highly relevant to you, e.g., you seriously consider clicking through on it?

2. Permission can be easily faked or loopholed. Companies can operate multiple web sites and email lists and gather addresses from multiple sources and then point to the one “proper permission site” and claim that’s the origin of all the names on its list.  And companies can set up privacy policies in such a way that they can automatically opt users into multiple lists without the user’s permission unless the user reads the fine print.

3. Permission is hard to measure. Besides the fact that permission can be faked, the main way that blacklists and filters try to measure permission is by looking at spam trap hits.  Sometimes this works — the cases where the spam trap addresses are newly-created addresses that never sign up for lists.  But most ISP and other spam trap networks also include recycled email addresses as well — addresses that were real and probably did sign up for email newsletters and marketing at one point but have since gone inactive.  Yes, a mailer that hits this kind of spam trap address is probably guilty of sloppy list hygiene and poor or nonexistent targeting and customer segmentation.  But does this mean they’re a truly egregious spammer?

4. Reputation trumps permission. The world of reputation systems is driving quickly to the point where we can tell much more accurately and automatically if a mail stream is “good” or “bad” as defined by users in terms of complaints and as defined by infrastructure security, authentication, and various other metrics.

So where I come out on this is that permission is FAR LESS RELEVANT than it used to be for receivers as filtering criteria, but probably not 100% irrelevant yet.  Perhaps in a couple years as reputation data-driven filtering becomes refined and the norm, we will be able to be more accepting of highly targeted and relevant unsolicited email (as we are sometimes with highly targeted and relevant postal mail), but I’m not sure the world is psychologically there just yet.  There’s still too much egregious spam in the inbox, and as a result, while users primarily think of spam as “email I don’t want,” they also do still think of spam as “email I didn’t ask for.”

But for now, senders can certainly rely on permission — if and only if it’s up to date and contextual — as “first pass” screen on relevancy.

Where do you come out on this?