One spammer said they could use the same servers for both but when you unsubscribe you have immediately signaled that you are now losing him money. So he uses the slowest cheapest part of the stack for removal. He will never fix it and doesn't care if you get some more spam after you unsubscribe since he has done the bare minimum.
If I get a single email after I've unsubscribed I go back in my inbox and mark every single email I ever received as spam.
This is a really bad business practice, people will just mark your mail as spam and the likelyhood of other people seeing your mails will drop
They also understand that they have little or no quality that most people actualy want and from their PoV quality > quantity > nothing.
Hmm, wouldn't you want to remove the money losing people as soon as possible, so you don't waste even more money on them?
He probably meant that “customer” is not making him money, therefore not worth the time. The only reason unsubscribing works at all is probably a legal requirement.
I've done both transactional and marketing emails, and I've never seen a system that could not remove a user at least within 24 hours. I can imagine one, but you're doing something very wrong at that point. Ten days is deliberate.
I only care about what I see.
Fuck me, that is brutal and could absolutely ruin your SES complaint rate - even with the suppression filter on, as the emails are already in your inbox.
Now we plan to start sending out a newsletter. For many, they may have forgotten downloading the app, but they might still appreciate it. If not - they can u subscribe.
Instead, send them a politely worded one-time announcement with an invitation to subscribe. Clearly mention that if they don't, this is the last mail they'll get from you, and keep that promise by deleting their address. You'll still get some pushback, but I think most people would find that acceptable.
I'd do what you suggest, but send the newsletter from an separate domain once subscriptions have been confirmed.
And naturally, unless they click a link in the first email, gmail should consider anything subsequent to be spam anyway. They have no idea whether consent happened somewhere else or not.
The unsubscribe links must work without even opening the email, according to gmail rules.
We've trained users to not use "unsubscribe" because some spammers once used that to verify addresses, or they may simply click "Spam" because they forgot who you are and think you got their address illegitimately. Gmail also doesn't make unsubscribe as visible as "Spam", making flagging the easier option. So now Gmail will see some percentage of users manually flagging you as a spammer, tainting your sender. This is why I'd switch the newsletter to a new domain or at least a new sender address. That does mean preparing that new sender, give it a bit of time to mature and send a few emails to Gmail accounts you control and ensure that they are not flagged as spam.
Probably also test with a list of Gmail account you control and check if you're tagged as spam and fix that, before doing the big push.
Big Red Flag for the spam button: newsletter comes from a different domain than it links to.
Don't switch your newsletter to a new domain. Use your domain, or don't send it.
newsletter@yourdomain.com is totally fine.
If your email reminds me (upfront!) how and when and why I specifically gave you (and not some other third party) my email address, and promises that you are advertising this newsletter one time, and it is opt-in, and you keep your promise, I am highly unlikely to mark it spam.
Now, this presupposes that it was really me who gave you my email address. I have a fairly generic email address because I got on gmail early. There are many variants of it, but sometimes people forget to add the trailing numbers or letters, so I get misdirected email all the time.
If the misdirected email is personal, I usually respond letting them know of the issue.
If the misdirected email shows a clear understanding that I might not have been the one who really signed up then I give them a pass.
If the misdirected email blithely assumes that I am the one who signed up, then I blithely assume that its senders are too fucking stupid to use the internet and it goes straight into the spam bucket. (And this is usually an easy call because they use the name of the person with the similar email address, which is not my name. My email address is firstinitiallastname@gmail.com and there are many different first names that start with the same initial.)
Any failure on any of those other points starts to increase the likelihood of it being marked spam, and...
> The unsubscribe links must work without even opening the email, according to gmail rules.
So here's where I'm a hard-ass and maybe even worse than google's rules.
If I see the RFC8058 unsubscribe link, it is too late. I only notice that link after I've decided to mark your email as "spam" and google asks if I'm sure, or if I merely want to unsubscribe.
Why did I decide to mark your email as spam? One possible reason is that I read through it, decided that the sender legitimately had my email address and was acting honorably, and then clicked the unsubscribe link embedded in the email.
When I do that, one of two things happens. Either I get some form of "thank you, you've been unsubscribed" or nothing happens because the sender assumes that I am OK with them executing javascript on my computer.
This is a privilege I jealously guard and only reluctantly offer to as few websites as possible.
Even if I previously gave you my email address, that did not come with an open invitation to use my computing resources for your own purposes.
It is an unwinnable situation.
With all respect, why would I care what an impossibly hardass tech person would do if I sent them an email in an unwinnable situation? The vast majority of our users are not this technical, let alone a hardass HN denizen who advertises the fact that the mere compliance with Google’s rules will piss them off due to a misunderstanding of how unsubcribe works.
Here is what we might both agree on: email sucks. You shouldn’t be reachable by anyone who just has your address, and it is not your job to be vigilant. Then all these problems go away.
Are you deliberately being obtuse, or is it natural? I don't need to use gmail's web interface if I don't want to, but as it happens, I do let google's javascript execute on my computer.
> The mandatory unsubscribe LINK uses HTTP, not even HTML.
Two links are required. One in the header, and one in the email. As I wrote, if I read to the end of the email to make a decision, then I will click on the link in the email. Which often goes to a webpage with javascript on it.
> It is an unwinnable situation.
Did I write that I mark everything as spam? No? Why not, I wonder? Did it ever occur to you that if I am describing when I mark things as spam, that there are things that I don't mark as spam? No? Do you even read what you yourself write? No? You should try it sometime.
> With all respect, why would I care what an impossibly hardass tech person would do if I sent them an email in an unwinnable situation?
With all respect, if you wrongly believe the rules I gave are unwinnable, you shouldn't care. I won't be receiving further missives from you, and nature will take its course in determining whether I was an outlier or the canary in the coalmine.
>So here's where I'm a hard-ass and maybe even worse than google's rules. If I see the RFC8058 unsubscribe link, it is too late. I only notice that link after I've decided to mark your email as "spam" and google asks if I'm sure, or if I merely want to unsubscribe.
The way I read it, this is an unwinnable situation. We must supply this link, in order to comply with Google's rules. If you see this link, it's too late. You're making it as spam. Because I may run javascript on your computer.
Having re-read it, it sounds instead like: you're likely mark it as spam before you get to this link (even though the web interface surfaces the unsubscribe button right in the list of emails -- but you don't use that interface).
Well, I guess there is a narrow path to "victory": mention that it may have been someone else who signed up, then if you see the unsubscribe link, you click it, then I'm supposed to say "thank you" and not serve any javascript. Anything else, and you click SPAM. Or maybe you already did.
That's an obtuse reading.
I am looking at the email. The email has a different link, mandated by the can-spam act in it.
Gmail has a bunch of icons at the top. There is not one for "unsubscribe".
So, I read your email, decide it is legitimate but I am not interested. I click on the link (not RFC8058) in the body of the email message itself to unsubscribe.
If that link takes me to a page that does nothing because it wants to execute javascript on my computer, then we are done.
Look, I'm not a terrible writer and this isn't that difficult.
> Well, I guess there is a narrow path to "victory": mention that it may have been someone else who signed up, then if you see the unsubscribe link, you click it, then I'm supposed to say "thank you" and not serve any javascript.
Oh, well, you did understand. Sort of. Except I view this as a common-sensical extremely wide path. If it's the first time that you're emailing me, you damn well better realize that it might have been a fake signup, and how the fuck am I supposed to know your intentions if you attempt to serve javascript? What part of removing me from your database requires you to execute shit on my computer?
And by the way, about this part of that statement:
> if you see the unsubscribe link
If you're playing "hide the link" then you've already shown that your intentions aren't honorable.
> Anything else, and you click SPAM.
I don't actually click spam all that often. Only on, you know, spam.
Look, you're the one who mentioned that you might have collected some of these email addresses 10 years ago. I'm just giving you a heads-up. Not only may they have forgotten about signing up, but the addresses themselves might have been recycled by now.
> Or maybe you already did.
Nope. I've been upfront and transparent. I thought you were being that way, too, given your first comment. I even upvoted it because I thought all the downvoting was a bit excessive.
But the intransigence and mischaracterization here is stunning.
Look, there are two possibilities here. (1) is that I'm not that extreme, in which case you're probably fucked. (2) is that, yes, I'm an outlier, and if you satisfy my needs, then you probably won't have enough emails marked spam to trigger google's filters.
Now, if you truly feel that my conditions offer only a narrow path to victory, then you're probably not really someone I should be offering this advice to in any case, because our interests are not congruent. My only solace is that maybe you won't take the advice and you'll receive a banning for your efforts.
NO. DO NOT DO THAT !
That is terrible advice and it is against the law.
Opt-in has to be done without inducement and of a person's own volition.
Sending a mail to someone saying "pretty please sign up" is not valid opt-in. It is spamming a bunch of people hoping they will opt-in. It does not matter if you got their mail another way (e.g. if they purchased a product, you can't then spam them trying to get them to opt-in for your mailing list).
One of the fundamental reasons the opt-in law exists is to stop people doing the shit you suggest and ensure that lists are correctly built in a clean manner.
But it's been 10 years. Can we send them a newsletter now with an unsubscribe link? Does GDPR have an expiration date on that stuff? Yes it was affirmatively opt-in.
Be aware that under various regulations, you're potentially already at risk of accusation in terms of unwarranted data retention. If you haven't got a good reason to have kept those email addresses, something like the GDPR might not interpret that favourably. While the GDPR doesn't specify actual time limits, they are expected to be proportionate. Financial records are generally 7 years unless otherwise legally required, so for a decade, you would be saying that these email addresses are more critical/valid than that. That may be the case, I don't know your business, but be careful if you don't want some very awkward questions asked. Just the hassle of having to deal with complaints you might get (and various regulators would take notice of 1 million instances) is likely to be more than it's worth for most.
The suggestion downthread to send a very clear "we still have your address, would you like to opt in to this newsletter, otherwise we'll remove it" is not a bad one, but even then, some people will object to you still having it at all.
Yes, there is a clearly valid business purpose under GDPR for retaining the email addresses of users who want to learn how to use your app better and opted in. If you plan to send a newsletter out.
Other than those voluntarily entered emails (which aren’t even linked to the user), we haven’t retained literally any information about our users, despite having millions of users download and use the app over a decade. Which is far beyond pretty much any social app I know. But almost no one actually cares.
I really wasn't trying to chastize, honestly it was intended as a friendly dollop of advice as someone who's dealt with this kind of thing. But since you have replied, I would say:
> Yes, there is a clearly valid business purpose under GDPR for retaining the email addresses of users who want to learn how to use your app better and opted in.
Relevance is likely to be seen as contextual. Someone wishing to do something a full decade ago is not likely to be seen as sufficient evidence to justify contacting them now in case they still wish to. That's a big chunk of the point about time-limiting data retention - the data gets less relevant and more problematic over time. I get that you're not trying to colour outside the lines here, but from the perspective of your users, and anyone looking at their potential complaints from a regulatory perspective, the window in which they reasonably consented to contact has closed (and probably some time ago).
The regulations are there, ostensibly, to protect consumers. They will be interpreted in that light. I can almost guarantee that if you sent an email to your downloader base 10 years after they last heard from you, being ignored will be the best case, and the worst will be reports to local regulators.
I would be glad to respect it if there was.
As it is, laws do allow for things they didn’t explicitly prohibit, and especially good-faith things like welcoming people to try the free app again, which they themselves downloaded and asked to be exucated about, since it’s improved, and showing them how and why to use the improvements.
I would personally see 10 years as "a long time" in this kind of context (although that may be contextual depending on what your product does, obviously). If you can honestly claim/show good faith, that is usually acknowledged, but my point was rather how it would be seen out of the blue from an organisation that has been silent for 10 years (my personal first thought would be "why the hell have they still got my information?", but I am well aware that I'm not the average).
Genuinely, I don't mean to imply bad faith on your part, only to suggest the reactions it may receive, and how careful you should be with your messaging.
[0]: https://commission.europa.eu/law/law-topic/data-protection/r...
I'm sorry but what sort of BS excuse is that ?
The whole point is that YOU are supposed to know: a) What data you have b) What you need it for
It is simply not possible for data protection law to spell out an exact cut-off time because there are so many permutations.
For example, if its for tax reasons then you need to keep it for the duration dictated by tax laws.
But if its email addresses you randomly harvested a decade ago, I think every man and his dog would agree that a decade is too long. Even more so if there is a material difference in permitted use of the harvested address.
P.S. There is no such thing as "good-faith things" in GDPR legislation. Please don't make shit up.
- non-legally speaking, consent for anything is never illimited in time. So whatever the law says, you're probably doing a dick move, I'm sure you can conceive that most people you're going to email would rather not get this email and you're planning to do it anyway. So if you act against these people's interest, don't be surprised if they react negatively (reporting the email as spam, complaining, reporting you to authorities)
- legally speaking... IANAL, but I don't think that you're correct that you have a legal basis to have kept this data, and even less to use it for marketing purposes. I don't think that you'd win the argument that the consent is still "informed" after many years of not hearing from you. If a reasonable person would no longer expect to hear from this company, then I don't think you still have consent under GDPR (could be wrong, IANAL)
Wait too long — respect people’s attention and time so much that you don’t send them anything unless it is ready and benefits them - and apparently it’s spam when you finally do contact them. Meanwhile, if you were just drip feeding them slop once a month, then you’re fine.
I happen to agree with the article author, the email ecosystem is totally broken, that’s far more of a problem than small teams who have well-meaning intentions and respect for their users’ time. You’re blaming the victim, rather than the email system that’s open to SPAM and dominated by gmail.
I think at this point it’s pretty reasonable to assume the worst of email marketers, and I don’t care if you think otherwise :)
What percentage of those million remember the existence of your app?
Unless you're sure both of those are VERY high, you would be an absolute imbecile to spam them.
The other trick I've noticed is companies will add new categories and default those on. I'll see a whole page of categories and somehow the last one will be enabled even though I'm sure I'd have turned them all off when I disabled the bulk of them.
Another worse offender is gitlab. They send promotions hidden as a part of this is obligatory account related into telling blah blah and adding BTW see these extra features for more payments.
So you know exactly who it is, but you won't just tell me in the email? I have to open the app/site so you can tick your engagement box for the day?
So glad I'm off that shit hole. It's just full of pompous picks anyway.
Honda doesn’t let you find where your car is (which is a paid service) unless you share your precise location with them.
And people wonder why I make unique email addresses for every site and even multiple for some sites. It's for exactly this (and to see who's selling it). My only real recourse is to delete the email address. Thanks mozmail, and thanks bitwarden for integrating. But it's also dumb as shit that we have to do things like this.
This, right here, is the solution.
We got political spam from one of our credit card issuers. It ended with this BS:
> ABOUT THIS EMAIL: This email was sent by [lender] to provide important account servicing information regarding your [lender] account. You may receive account servicing emails even if you have requested not to receive marketing offers by email for your [lender] account.
That outright lie had me ready to toss a brick through their front door. I haven’t been that righteously furious in ages.
And you can't even try to unsubscribe without creating an account. And, if I don't _have_ an account, it is (pretty much by definition) NOT transactional.
However well meaning, collectively all those companies are still just a bunch of sociopaths. This might be a bit dark, but I think a reasonable real world analogy here is stalkers and restraining orders. A stalker isn't motivated to listen to you when you tell them to stop talking to you. That's why you get the restraining order.
Do you know how exceedingly hard it is to grow a business and how shameless you have to be in the face of adversity to make it work?
It sucks. You have to do this stuff to get a customer relationship. The thing Apple and Google get for free and try so hard to snip you out of.
Maybe it wouldn't be so bad if we regulated market monopolies and caused them to break up. More money to go around.
Font Awesome is a good business, but you know the gettings are tough when they have to do this.
A lot of y'all complain about this, then act surprised when businesses have to lay off or go under. We can't all be advertising behemoths like Google.
Google, which by the way, used monopoly power to take 92% of "URL bars" and turn them into proxy bidding wars for brands and trademarks they do not own. Totally illegal horse shit that passes costs onto consumers and makes it easier for big business to squash small brands (I've had big business spend ads on my tiny little trademark).
You're all angry at the wrong people.
how is this my problem? Do you think wanting to be one of the cool entrepreneurs is a right or something? I don't care if the in your words shameless hustle goes under because you're spamming my mail with your fifteenth startup idea, that's my attention you're wasting, go get a real job.
I'll take trustworthy big business over shameless small business, I hope Google filters more of the stuff. I'm always astonished by people who try to justify their sketchy business practices with their underdog status. Those are by the way the exact same people who, once they succeed, do what they accuse Google of
However, that doesn’t change the fact that I don’t want to be spammed and will even use the nuclear option and delete my account completely if spamming continues.
Your customers are not your minions, some would accept such communication and some would refuse. Tricking users into receiving emails will not work in the long term if your products suck.
Your dreams of business success aren’t my problem, and neither is your shamelessness.
That's a bit carried away, don't you think?
There are unsubscribe buttons with laws that enforce that they work.
Meanwhile hyperscalers are constantly in your eyes and ears and they have a million ways to bypass those regulations and get into your headspace regardless.
Your URL bar is an ad. Your phone default settings and push notifications are ads. Your app store is an ad. Every new feature or OS update is an ad. Your new tab screen is an ad. Your browser updates are ads.
Dollars are spent on attention. You don't make it in this world without securing some attention.
Some have worked themselves into a place of eternal captive attention, everyone else is either climbing the mountain or running the treadmill.
And all those employees' livelihoods depend on it working. Otherwise they starve.
Be thankful you, as presumably an engineer, don't have to be exposed to this game. It's Darwinian and adversarial, zero sum, a fight to survive.
Maybe you're happy working for someone who does all this work for you or figured out a tiny niche where it isn't necessary. But reality is much different.
I purchase a product from company X. They require an email and will not let me buy without it. I actually do want an email confirmation that the order went through and even that my product shipped.
I do not want emails about "we released a new thing" or "we have a sale" or "it's Tuesday and we want you to remember we exist". Signing me up without an explicit opt-in using information you required me to provide is absolutely unethical.
"X is even worse" does not make Y ethical, good, or acceptable. What your least favorite corporations do isn't relevant.
Other people are inconsiderate monsters who litter in national parks and abandon mattresses on the side of the road. BP and Exxon did more damage to the environment than I ever could. It's still unethical if I drop my garbage on the ground.
I love your word choice here. "Securing" almost perfectly defines it, because you are acting with hostility against the person whose attention you are seeking to capture.
No thanks. I reject this as the abusive practice and mentality that it is.
The premise is that people are specifically opting OUT of those emails. Feel free to keep "hustling", feel free to treat people as resources to exploit, just don't be shocked and upset when those resources treat you like a parasite to be removed from their lives without concern for your financial wellbeing.
How do you define ads? Those are not ads in my book. An update is not an ad, I can't think of any valid interpretation of that other than "existence is an ad because people who interact with it might want to do do again" but at that point the word "ad" has lost all useful meaning.
To be fair, I think echelon was calling out that there are absolutely ads in browser updates now. "Try Firefox VPN!" "Look what's new in Chrome!", etc.
In some countries it's not just "unethical", but outright illegal. Laws and rules vary, but all is equal to the spam button and the whims of those wielding it.
I never consent to advertising. If I receive an advertisement, that means it was forced on me. Which I consider unethical.
They don't. Period. Full Stop. There are tons of companies that I have told to stop sending me emails that just... continue to do so. And some that won't _allow_ me to tell them to stop (I need to create an account to tell them not to email me... but they shouldn't be emailing me if I don't have an account).
So no, they don't work.
Unless I asked for it, it is both unethical and will turn me as potential customer away, and it is illegal (GDPR).
This reminds me of a local bricks and mortar small business that closed down and the wife posted a completely tone deaf:
"It is a horrible shame that our long sought out dream had to die because the local "community" was not willing to support it."
I missed the part where "community" meant we are obligated to expend our own resources for your profit.
Doubly galling was the fact that there was generally "his n hers" G Wagons parked out front of their business. Doing better than 95% of the community and still pissed that the community wasn't giving them more.
You're fighting small biz and accept the world big tech has created to extort all of us.
You'd yell at that local brick and mortar for sending you a half off coupon in your email because it's spam, but my guess is you're fine with perpetual smartphone upgrades and not owning the entire vertical taxation and lock-in stack.
We're allowing ourselves to become serfs of big business that would no sooner outsource or lay us off.
The puzzling moral superiority is what really gets me.
Just don't complain when your tech company lays you off or your job has been automated out of existence. You might have to learn what hustle and sales really are.
Now, explain to me why I am somehow obligated to support their business?
This is why B2B is easier than B2C.
A consumer will pay $10/mo and ask for the moon. Threaten to leave. Get angry at an email.
A business will drop $10k no questions asked and your product can be garbage. As long as it solves or attempts to solve a pain point. Emails won't be seen as spam. Except by ICs/eng, perhaps.
> ask for the moon. Threaten to leave.
That's normal business thing. What significantly helps reducing this, though, is the business is not promising the stars and engaging in all kinds of dark patterns with deals, cancellation friction, etc.
> Get angry at an email.
Particularly e-mail they did not ask for, and is not directly related to the thing they're paying $10/mo for.
I learned about the Analogue 64 from a marketing email, and I bought it.
I see emails showing me new API features are available. Sometimes that's useful.
I see Font Awesome has new fonts. Useful.
I see a16z wrote an article that seems interesting to me. Useful.
I filter out the 95% of stuff I don't want. I'm not seeing ads for clothing, but my wife might and she might find that useful.
You're thinking that because you don't like it the practice should end entirely across the board?
You very rarely make it in this world without trying.
And if you don't like it, there's "unsubscribe".
Not everyone is lucky enough to be Apple. And even they send lots of marketing emails.
Engineers complain too much. The reality on the ground is much more steep and treacherous.
I often receive emails from (among other things) fashion brands to which I never subscribed. There are clearly multiple people worldwide who, mistakenly or intentionally, are giving my `firstname.lastname@gmail.com` at checkout or whatever rather than their own.
Every time I receive one of those emails I do two things:
1. Use their unsubscribe link on a private window, connecting with a VPN exit point in their country (or nearby). If asked, I select the "I never subscribed" or "This is spam" option.
2. Mark the email as spam on GMail, rejecting GMail's proposal to unsubscribe instead (as I already did).
I have no mercy and feel no guilt at reducing their email server's reputation. The only exceptions I make are the rare emails that ask me to confirm "my" subscription before sending "me" their stuff. That I respect, and I just ignore and delete.
The onus for clearly communicating that you are going to mail me anything other than transaction updates is with the sender, not the receiver.
No. We're not. Perhaps we should be angry at both, but we definitely should be angry at you.
Spam is bad. If your business can't survive without sending spam, your business shouldn't survive.