Home / Blogs

What Is Email Appending and Why Is It Bad?

Protect your privacy:  Get NordVPN  [ Deal: 73% off 2-year plans + 3 extra months ]
10 facts about NordVPN that aren't commonly known
  • Meshnet Feature for Personal Encrypted Networks: NordVPN offers a unique feature called Meshnet, which allows users to connect their devices directly and securely over the internet. This means you can create your own private, encrypted network for activities like gaming, file sharing, or remote access to your home devices from anywhere in the world.
  • RAM-Only Servers for Enhanced Security: Unlike many VPN providers, NordVPN uses RAM-only (diskless) servers. Since these servers run entirely on volatile memory, all data is wiped with every reboot. This ensures that no user data is stored long-term, significantly reducing the risk of data breaches and enhancing overall security.
  • Servers in a Former Military Bunker: Some of NordVPN's servers are housed in a former military bunker located deep underground. This unique location provides an extra layer of physical security against natural disasters and unauthorized access, ensuring that the servers are protected in all circumstances.
  • NordLynx Protocol with Double NAT Technology: NordVPN developed its own VPN protocol called NordLynx, built around the ultra-fast WireGuard protocol. What sets NordLynx apart is its implementation of a double Network Address Translation (NAT) system, which enhances user privacy without sacrificing speed. This innovative approach solves the potential privacy issues inherent in the standard WireGuard protocol.
  • Dark Web Monitor Feature: NordVPN includes a feature known as Dark Web Monitor. This tool actively scans dark web sites and forums for credentials associated with your email address. If it detects that your information has been compromised or appears in any data breaches, it promptly alerts you so you can take necessary actions to protect your accounts.

MAAWG recently released a document on email appending, criticizing the practice and describing it as abusive. But what is email appending? From the document:

“Email appending” is also known as “e-appending” or “e-pending.” As used in this document, it refers to taking known demographic information and using various methods to determine an email address for the purpose of adding people to a list or otherwise sending them email messages.

This definition is alright but I didn’t find it as helpful as it could be. I looked it up on some other sites and I have a better description.

Suppose you are a marketer with a list of people and their mailing addresses. These are people who like to receive information about upcoming flights on airlines because they travel a lot. Suppose your list looks like the following:

Fred Flintstone
Fabrikam Industries
175 NE 22nd Pl
Flint, Michigan
Frank Grimes
Tesla Productions
725 Evergreen Terrace
Springfield, Illinois

John Bauer
Woodgrove Bank
4888 Cowell Bay #12
Key West, Florida
Jeff Johnson
Nert
61221 W Jackson St
Arcadia, California

Every once in a while, you send them deals from Alaska Airlines about a great business package from Atlanta to Seattle. Or you send them a deal from American Express offering them two round trip tickets anywhere in the US for the price of one (but the one ticket costs as much as two).

The problem is that sending stuff over mail is slow and the response rate isn’t great, and as Netflix has so eloquently reminded us, the physical media business is dying. Also borrowing from the Netflix model, you decide to annoy your customer base by changing something that wasn’t broken and attempt to get into the email communication business.

You go out and find an online marketer who has a list of email addresses. You take a look at their list and it contains the following names:

[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]

You browse through the list and while some of the email addresses on there might be associated with someone on your list, you don’t see anything stand out… until you get to fgrimes @ tesla.net. Wait a minute… you just so happen to have a Frank Grimes who works at Tesla in your database. Could they be one in the same? Well, there’s a pretty good chance of that so you take fgrimes’s email address and update your database, putting it into Frank Grimes’ contact information.

Having gotten into the email business, you send out a communication to [email protected] containing the next airlines deal. What a cheap and inexpensive way to build a mailing list!

Except that fgrimes is not Frank Grimes. The email addresses belongs to Foster Grimes, the director of IT in Tesla. Foster doesn’t take too kindly to receiving mail to his email address when he never opted into it… he knows he has never opted into it and takes steps to block the unsolicited commercial email. Your marketing company can no longer deliver to Tesla. You’re lucky that this email address wasn’t a honeypot.

In this sense, building an email list is prone to errors. It doesn’t follow that people with similar names are the same people. There is a probability of it, and it may be greater than 50% odds, but it is closer to 50% than it is 100%. If you are going to scrape lists like this, you will end up with wrong email addresses for a large proportion of your database, and you will be sending unsolicited commercial email.

Furthermore, even if you do get it right, it doesn’t follow that someone who has opted in to regular mail has also opted in to email. I get all sorts of stuff in the mail I don’t want. I get offers from credit card companies all the time, and grocery stores all the time, and religious organizations all the time. I don’t remember opting in to any of them, but for the sake of discussion, let’s say I did. Thank goodness I didn’t give them my email address! I do not want them sending me email and regular mail! No way!

If I give you my mailing address, then you have permission to send me mail. That’s it. You do not have permission to contact me by any means you wish, you have permission to contact me by the method I say you can. That’s all. No more (and I wouldn’t mind less, either). If you go out of your way to hunt down my email address, good for you. But you can’t use it to send me email because I never said you could send me email. I know how I want to be contacted, and I told you.

And that’s it. I want to control what mail comes into my email inbox. If I didn’t say you could and you send me advertising mail then I would probably consider you either a spammer or a bulk mailer wearing a dark gray hat.

That’s why email appending is bad.

By Terry Zink, Program Manager

Filed Under

Comments

Comment Title:

  Notify me of follow-up comments

We encourage you to post comments and engage in discussions that advance this post through relevant opinion, anecdotes, links and data. If you see a comment that you believe is irrelevant or inappropriate, you can report it using the link at the end of each comment. Views expressed in the comments do not represent those of CircleID. For more information on our comment policy, see Codes of Conduct.

CircleID Newsletter The Weekly Wrap

More and more professionals are choosing to publish critical posts on CircleID from all corners of the Internet industry. If you find it hard to keep up daily, consider subscribing to our weekly digest. We will provide you a convenient summary report once a week sent directly to your inbox. It's a quick and easy read.

Related

Topics

Threat Intelligence

Sponsored byWhoisXML API

Domain Names

Sponsored byVerisign

Brand Protection

Sponsored byCSC

IPv4 Markets

Sponsored byIPv4.Global

New TLDs

Sponsored byRadix

Cybersecurity

Sponsored byVerisign

DNS

Sponsored byDNIB.com