MD5-Hashed Suppression Lists and The Affiliate Marketer
Posted By Josh Feldman - June 28th, 2009
The Graphical Version of the MD5 Algorithm
If you’re an affiliate marketer, specifically an email publisher, you may have noticed a large move in the encryption of suppression lists, specifically MD5-hash encryption. If you are unfamiliar, here’s an overview of how MD5 suppression works and why they’re becoming a larger part of the email compliance world.
Basically, MD5 calculates a hash for each record (in this case, for each email address) and ouputs a “hash”, which is a unique hex number containing alphanumeric values (numbers and alphabetical characters). Here is an example of what an MD5-hashed value would look like:
4a9d970a38b63f32496638e519ff34b3
Usubcentral, one of the largest providers of suppression utilities and management for email marketers, is one of the primary introducers of this process into the marketing realm, so I will use their process as a specific example.
How MD5 hashing/encryption works in regard to email marketing:
- An advertiser has their suppression list(s) uploaded into the Unsubcentral system. It is then encrypted into MD5 hash.
- The emailer uploads their encrypted ’send’ list across a secure channel.
- The list is automatically encrypted.
- The system scrubs the send list against matching MD5 values, so if you had:
4a9d970a38b63f32496638e519ff34b3 in you list, and the suppression list had the same value, the record would be scrubbed.
- The list is decrypted and sent back to the emailer in readable, unhashed format.
Why is this a good idea? Simply put, the advertiser, emailer, and unsubcentral never ‘handle’ or ’see’ any of the readable email addresses. This prevents a slew of issues from happening, specifically suppression abuse, in which suppression lists are stolen and ’sent to’ as if they were normal opt-in data.
We find that many advertisers have made the move to do this, while many have not. What are your thoughts on MD5 encrypted suppression processes? Let me know!
