Email address harvesting and opt-out: Do the crime, do the time

January 21st, 2005

by

Most email marketers agree that ethically, email address harvesting and sending unsolicited opt-out messages are taboo and should be avoided. I of course agree. It’s always fun to talk ethics, but let’s bring the discussion to a practical level. I contend that harvesting and opt-out are both impractical for legitimate email marketers.

Let’s look at why…

Harvesting of email addresses from the Web will inevitably pick up “honeypot addresses” that will end up in your opt-out database. A honeypot is an email address hidden in the page somewhere where no one will click on it, but email harvesters will still capture it. Any emails received at the honeypot address will then get the IP address of the sending mail server “blackholed” for a period of time, so that emails to other addresses on the receiving email server will not get delivered.

Frequently the ethical question is posed as to whether the opt-out email is spam if the content is squeaky clean. The answer is an unequivocal YES. It’s still spam because you do not have a prior business relationship with the recipient, you were not granted permission by the recipient in advance, and your email is unsolicited. It doesn’t have to be “bulk” to be spam. Spam is spam to the recipient regardless of whether you sent 100 or a million; it’s immaterial to the recipient what is going on outside of their inbox. And spam does not need to be a sleazy message to be considered spam. A church could “spam” people with donation requests by email if they are unsolicited.

So back to the practicality and repercussions for a moment… Imagine this: you send out unsolicited emails requesting people to opt-in and you have no prior business relationship with them. Some of them inevitably will report you to SpamCop. Your ISP will be notified by SpamCop, and they will need to either give you the boot or justify in a response to SpamCop why you don’t deserve the boot. ISPs take SpamCop very seriously, as they don’t want their SMTP servers blacklisted. More than a couple SpamCop complaints and your ISP is going to be very grumpy with you.

So in all, this whole approach is quite an impractical one. Spammers must be very good at hiding their tracks (e.g. by sending spam out through “zombies” which are PCs compromised by viruses/trojans) or must ‘move house’ constantly. Unless you’re willing to live like that too, you’ll find that the email harvesting and opt-out approaches will burn you.