
Securely Storing Opt-Out Email Addresses - mbrubeck
http://michael-coates.blogspot.com/2010/12/securely-storing-opt-out-email.html
======
win_ini
This isn't really storing emails securely (in fact it reduces security in some
cases - such as password resets) Most organizations have bigger email list
problems than this - they are keeping email lists in spreadsheets, and other
accesible places. In addition, those addresses may be needed for operational
purposes - such as notifying some Customers of a breach or recalls on
products. Emailing someone for either of these scenarios are not viewed as
"Spam" by CAN-SPAM. in addition, you need a record of opt-outs to be CAN-SPAM
compliant...using this technique actually makes you non-compliant.

In the end, the best thing to do is use a proper email provider or marketing
automation vendor that can properly allow you to setup emailing preferences
and opt-outs (and can enforce adding unsubscribe links, etc to ALL your
emails). These systems store the date/time and IP address of the computer that
opted out for compliance reasons. Finally - these systems generally will
aggressively SUPPRESS from sending to unsubscribed users (even so far as
preventing sending the same email twice accidentally) by marketing users
accidentally.

While the stored email opt-outs can be used if hacked into - I would assume
this would be just as bad as getting the rest of your list....in the end this
is kind of security through obfuscation. The best remedy is to store ALL your
email addresses in a secure, audited system that is protected properly and
enforces email best practices across an organization.

