Exclusion & suppression list management

When we send sample data to a prospective client we are regularly pleased to hear that some of the contacts are already on the client’s subscriber lists. Why is this good? Because it shows that we are sourcing precisely the right type of B2B prospects for their requirements. 

There is also contact data that the client already holds in unsubscribe lists (aka ‘suppression lists’) and together with subscriber lists are referred to as ‘exclusion lists’.

Obviously, though we don’t want to charge for data that the client already has.
So, how do we ensure that we do not send contact data to our clients that they already hold? 

Some organizations simply send their exclusion lists to their vendors in a ZIP file using public-key encryption or passwords. This gives some security in the transmission chain but does not prevent the recipient from adding that data to their own database. If you have any reservations that your data provider might do this, then you really should reconsider that supplier. It is a poor data supplier that would consider adding unverified data from a client to its own database and risk destroying its reputation. To be absolutely confident though, consider hexadecimal hashing to encrypt the exclusion list.

Hexadecimal hashing is a scary term for what is actually a simple method for the client to distribute its existing data to the vendor to scrub the contact list without having to disclose the actual data such as contact email addresses.

Hashing is a simple method of encrypting and then sharing data. By using non-proprietary (open source) scripts, for instance by way of spreadsheet macros*, a client can create a ‘one-way’ encrypted list to share with the vendor. This list cannot be reverse engineered to produce the original data, even by the company that encrypted the data in the first place. The vendor then creates their hashed list. Hashed lists are consistent for each data point so the vendor can compare their list with the clients’ hashed contact data list to de-dupe.

There are online portals that allow vendors and clients to upload their naked lists and the comparison/scrub is performed automatically but these portals of course have their own risks.

The industry-standard protocols are: 

• MD5/6 hashing (Message Digest) is a cryptographic function that converts email addresses into 32-character alphanumeric patterns. This is the most popular algorithm available, and this is an important consideration as both parties need to use the same technique.
• SHA-256 hashing (Secure Hash Algorithm) is a more secure algorithm, also converting into 32-bit character alphanumeric patterns.
• SHA-512 hashing is the most secure algorithm at present and uses 64-bit patterns.
• SHA-3 is a more recent version of SHA encryption but has yet to be adopted across the board.

Isn’t this contrary to data privacy regulations such as GDPR? Actually, the reverse is true. Organisations must maintain a suppression list of contacts that have opted out of their marketing efforts. If these contacts are deleted from the database entirely then the organisation cannot comply with data privacy regulations to respect unsubscribe mandates because the same data may be added in the future. By retaining the bare minimum of information, database rules can ensure that the same contact data is not re-added.

ESG Global takes the integrity and security of our clients’ data extremely seriously and will guide you step-by-step to quickly and easily create an encrypted exclusion list so that we can ensure you only buy 100% guaranteed contact data.

London | Mumbai: +44 (0) 207 609 2800 | New York: +1 (0) 646 757 1645 | Email: [email protected]