Red alert: burner email addresses pose post-cookie risk for remarketing and first party data plays
The most likely post-cookie solutions currently rely on emails as identifiers. But there are warnings temporary or disposable email addresses could come back with a vengeance. That spells trouble for publishers, brands and adtech firms.
What you need to know:
- Emails look set to be a key identifier in the post-cookie world.
- Disposable email addresses could pose a significant risk to first party database, and waste huge amounts of remarketing spend.
- The high potential for higher volumes of spam may drive a shift to disposables, per marketing consultancy The Lumery.
- One new US startup, LockrMail, allows users to create one shield email address that receives all email correspondence.
- Publishers are already worried about sharing even hashed email data.
It’s that historical value exchange, the lifeblood of the internet economy… Now you are getting the same product, but you’re giving an email address. The price is so much higher, you’re giving up the sanity of your inbox. Consumers are reacting in an equal, opposite manner.
Brands and publishers need to be overcautious about how they use emails in first party data strategies or risk fuelling a rush towards temporary or disposable email addresses, experts have warned.
With global shifts in privacy legislation, tracking changes in Apple’s iOS14.5 and the impending demise of the third-party cookie, alternatives to online targeting strategies may rely on personal identifiers like email addresses to keep track of a user’s online behaviour.
“All of these new privacy regulations have pushed Apple and Google to make proactive changes under the guise of privacy. As a direct result of the deprecation of cookies, every single publisher or brand is asking consumers to register,” said Keith Petri, CEO of LockrMail – a startup that allows people to manage emails and hide their own using a single, public-facing email.
“That’s the impetus of why all these publishers are requiring email addresses. That’s why consumers are turning to temporary or disposable email addresses.”
While there’s no concrete data to quantify the impact of burner email addresses, there are studies that call into question the integrity of first-party databases. These questions are especially pertinent as publishers push to generate higher ad revenues with curated audiences containing some, potentially, fake personal information. One recent survey of marketers found that one in five marketers believe bots and fakes comprise 25 per cent of their first-party data.
Apple now lets users hide their email when using its 'sign in with Apple' feature, automatically generating an Apple email address instead of their personal one. Browser extensions like Temp Mail allow users to “forget about spam, advertising mailings, hacking and attacking robots” and store 50 fake addresses for free – or paying for up to 500. Petri says publishers should compare their databases to lists of known burner email domains like burnermail.io, mailbeaver.net and digdig.org.
“Some brands won’t let you look at a product to debate if you want to spend without getting your email. They would rather forego the sale than let you not sign in,” Petri said.
“It’s that historical value exchange, the lifeblood of the internet economy… you’re showing up to the Washington Post and you’re trading your attention for access to content. Now you are getting the same product, but you’re giving an email address. The price is so much higher, you’re giving up the sanity of your inbox. Consumers are reacting in an equal, opposite manner.”
Not happy, Spam
Widely publicised data hacks and misuses of personal information, like the recent Cambridge Analytica data scandal, mean consumers are more careful with information like email addresses, Kevin Nugegoda, a tech lead from marketing and tech consultancy The Lumery, said.
“It’s very difficult for some people to change their email addresses,” he said. “Once it’s out there, it’s out there.”
A move towards disposable email addresses was in part due to privacy concerns, as well as users’ long experiences of spam.
“It comes back to why. Why have we gotten back to this point? The main thing has been, if we look back on the history – I’ve been in the industry for many years – going back when consent was optional, brands didn’t have good suppression strategies.
“You might have the service centre of a company, marketing, price alerts, products you’re interested in… There was once a time when all of those were sent from different teams. We’re still coming up against brands that use a different messaging system for service messaging, marketing, invoicing.
“That spam, as it became known as, that barrage from one brand, is part to blame.”
It comes back to why. Why have we gotten back to this point? The main thing has been, if we look back on the history – I’ve been in the industry for many years – going back when consent was optional, brands didn’t have good suppression strategies.
Organisations that collect and rely on first-party data may be impacted by widespread use of emails as key identifiers in the post-cookie world – user backlash could push them towards temporary or disposable email addresses.
"This is not a new problem, people using burner email addresses or simply having a personal email address set up to sign into publishers and never checking it – it has existed for as long as webmail has existed," Dan Stinton, Managing Director of Guardian Australia, said.
"It's potentially a bigger concern going forward if post-cookie ID solutions like Unified ID 2.0 [driven by] The Trade Desk, and other similar solutions which rely on hashed email addresses, become one of the dominant ways marketers run digital campaigns. In our experience, it's not such a material problem. The vast majority of email addresses we collect are legitimate email addresses."
Stinton said Guardian Australia will continue to collect first-party data from those who directly interact with their content. "What we're not sure about is whether we would want to share that data – even hashed – with any third parties," he said. "We're very concerned about the privacy implications."
You’ve bot mail
Fake or disposable emails have been around for years. Criminals create armies of bots for ad fraud purposes, which can disrupt first-party databases if administrators aren’t careful.
“We want to protect marketeers from polluting their data sets, from completely garbage data – it’s always about the funnel,” Dimitris Theodorakis, head of detection at Human Security (formerly White Ops), said.
“If you get these conversions that are fake, you then have all sorts of consequences in the way your operation is working. People from a call centre reaching out to numbers that don’t exist or are other people.
“You’re often remarketing to those emails that are completely garbage, you’re wasting money on retargeting campaigns, which impacts the overall return on investment of advertisers.
“People create bulk fake accounts – like millions of accounts – or trying to take over accounts from other users by leveraging using stolen identities. The average person has not very good hygiene across services.”
Counter: cancel the service
Subscription services and publishers are well within their rights to cancel access when emails bounce back, Nugegoda said, and should insist users understand their email address is part of the cost of doing business. Currently, many sign-in services use emails as automatic usernames, meaning the actual email address is effectively redundant after the first sign-in.
“You then receive a verify link, but once that’s done, you don’t need that mailbox to proceed,” he said.
“You don’t need the inbox. If I was a brand managing a service, or even a login wall rather than a paywall, I would probably be enforcing a practice of you will receive regular service emails from us, but if you get a bounce back from that email address, I think it would be well within brands rights to terminate the service of that account.