Blog

MD5 Suppression Lists Change the Way Lists are Shared

By Arvind Sehtia
6 October 2015

md5 suppression lists

When the CAN-SPAM Act was passed in 2004, it created a brand new demand for e-mail marketers to share their suppression lists with companies who do promoting on their behalf.

What Are Email Suppression Lists?

Suppression lists are the e-mail addresses of customers who’ve unsubscribed. Suppression lists need to be shared to confirm consumer opt-outs are honored across affiliate promoting partners.  

Why Does Sharing Email Suppression Lists Matter?

Every time a "report spam" request is sent because of one of your emails, it harms your reputation. When emails are removed across affiliates it decreases the chances of recipients clicking on the “Report Spam” button.

How Are Suppression Lists Shared?

One of the most common ways of sharing suppression lists is in plain test. While many companies have grown accustomed to sharing their suppression lists in plain text, this can be the least secure sharing technique. Spammers have worked out ways in which to steal these lists and use the e-mail addresses for additional uninvited e-mails.

Is There An Alternative to Plain Text?

Yes! Because of the growing threat from spammers, the e-mail selling trade is speaking up in support of MD5 encryption, a secure technique of sharing suppression lists. MD5 suppression lists encrypt suppression list data thus e-mail addresses are not exposed, guaranteeing that the list will be used only for CAN-SPAM compliance.

Suppression list abuse is a major issue for ESPs, advertisers, and ultimately customers because the impact on mailing and brand reputation can be vital. The impact on inboxes of consumers is also significant and should be taken into account.

Typical methods for sharing data “securely” include the use of public-key encryption or passwords on a ZIP file. The problem is that those methods still provide a plain-text human readable version of the data after the password is applied. With MD5 there is no way for the recipient of the data to send email messages to the list – the data can only be used for compliance purposes and not for mailing.

Supporting the MD5 format as a suppression list distribution method will enable database vendors and marketers to support clients that are concerned about suppression list abuse and will not share their suppression lists in plain-text.

Using MD5 also eliminates the risk of accidentally sending email to a marketer’s suppression files. MD5 also greatly reduces the risk of addresses being stolen and abused by a person in the chain of custody of the suppression list. Additionally, you can also use the same method to suppress existing in-house data when buying new MD5 suppression lists. It is a great way to acquire net new unique records without sharing your existing data with list vendors.

What is MD5?

MD5 (Message-Digest algorithm 5) encryption is an industry standard that has been used for years to protect passwords and verify that downloaded files have not been corrupted. An MD5 hash is typically expressed as a 32-character hexadecimal number that looks like this: 9e107d9d372bb6826bd81d3542a419d6

MD5 is a one-way hash process - once an email address has been turned into an MD5 hash it cannot be turned back into the original source email address. But because the MD5 hash is consistent for each email address, two lists of MD5-hashes can still be compared with each other to determine if there are any matching records. This allows an advertiser to distribute a list of MD5 hashes that can be used by an affiliate or publisher to scrub their list – but without ever disclosing any real email addresses!

Obviously this is safer than distributing the email addresses in plain text because it prevents human error, accidents, theft, and fraud. By using MD5 instead of plain text, advertisers can be 100% confident that their unsubscribe list will never accidentally be sent an email message, will never be exposed to a third party, and will never be stolen or abused.

 Keep Clean Data

Leave a Reply

Your email address will not be published. Required fields are marked *