Let’s talk about privacy. SparkPost is well known for having the world’s largest email data network but what we’re most proud of is that it’s also the most ethical and has the most robust privacy stature in the industry. And with today’s rapidly evolving privacy landscape, it’s more important than ever that you treat privacy as a key consideration when choosing your partner for email sending and analytics.
Our core mission is uniting sending and analytics to help empower senders to be more effective and frankly better. Part of being better is not only staying ahead of emerging privacy legislation around the world, but also collecting data in an ethical manner, going above and beyond what the law calls for.
When we looked at acquiring eDataSource, one of the most exciting things about the business was the privacy and quality standards they had around their data, which we felt to be far and away the best in the industry. This is because of what they (now we) do, as well as what they don’t do.
SparkPost leverages eight different data sources between its sending and analytics products. One of those eight data sources is permissioned panel data. The panel is comprised of purely commercial mail that has been shared with explicit permission by data panelists. Panel data has long been a trusted source of effectiveness in both the online and offline worlds. The best example of this is Nielsen, which for 70 years has collected permissioned panel data to understand how people watch television, what ads and programs are popular, etc. Because of general privacy abuses by poorly permissioned apps, some service providers have moved to restrict and curtail panel usage on their platforms. We, of course, comply with the requirements of all our receiver partners. We also believe that, like in the offline world, permissioned panel data constitutes one of the strongest views of user behavior and that seeking explicit permission from persons is the only ethical way to collect their data.
What isn’t in our list of data sources is a large active typo sensor network, a type of spam trap. Typo traps also known as ‘lookalike-domains’ are domains that ‘look like’ a major service provider like ‘gmail.com’ or ‘yahoo.com’, but differ in small ways in order to receive mail that was destined for a valid recipient but where there was a minor and purposeful typographical error. An example of this would be email@example.com or firstname.lastname@example.org. These typos are extremely common (how many times have you accidentally mistyped your own email address?), and in practice affect every sender in the world. Any place where there is data entry will have data hygiene issues as humans are fallible. Even with the strictest confirmation standards possible you will send confirmation pings to these addresses, and the reality is that even ‘really good’ senders will often send to these addresses for weeks or months until engagement based sending criteria steps in and suppresses sending from their list.
Our data suggests that just under 0.06% of commercial mail destined for any of the major providers actually goes to a typo domain. This may not seem like a lot until you consider that the percentage is applied to literally trillions of messages. Most of the delivery analytics businesses operate extremely large typo trap networks collecting over 99% of those common typos, and receive, collect and (presumably) index the emails destined for those addresses. Running huge typo trap networks as a sensor and source of email is a practice originated with Threatwave (acquired by ReturnPath – now Validity), but is also used by smaller and newer providers like 250ok.
From an ethical standpoint, this practice is very troublesome because the collection happens without the knowledge or permission of the intended recipient, who is also not afforded any protections from this invasion of privacy under GDPR or CCPA. We believe that knowingly collecting and indexing email destined for another user but whose address was simply mistyped upon entry is wrong. To draw another offline parallel, if I knowingly took and opened a letter for my neighbor but which was delivered to my mailbox, whether it was due to sender error (reversing digits in the address for instance) or delivery error, I could be committing a federal offense. Luckily for the companies that do this in the online world, email is not regulated in the same way that postal mail is, so nobody’s going to go to jail for collecting misaddressed emails. But ‘legal’ and ‘ethical’ are often two different things, which is why you won’t see us operating this type of sensor network.