Join thousands of weekly readers and receive practical marketing advice for FREE.
MarketingSherpa's Case Studies, New Research Data, How-tos, Interviews and Articles

Enter your email below to join thousands of marketers and get FREE weekly newsletters with practical Case Studies, research and training, as well as MarketingSherpa updates and promotions.


Please refer to our Privacy Policy and About Us page for contact details.

No thanks, take me to MarketingSherpa

First Name:
Last Name:
Sep 04, 2002
Blog Post

Should merchants be encrypting their customers' email addresses?

SUMMARY: No summary available.
Which would you rather have to change, your email address or your credit card account?

In today's MarketingSherpa, we pointed out that the list of opt-in email addresses that you have collected from site visitors is most vulnerable when it is sitting on your list host's (or your own) server.

I've given this a bit more thought, and it occurs to me that while most merchants encrypt the credit cards of the customers who make purchases from them (if you're not, you should be), none that I know of encrypt the email addresses of customers. An encrypted field makes the database far less valuable to a hacker, and protects your customers even from an employee who is in a position to take a backup of your database home with him.

Yet, upon further reflection, it's obvious to me that (at least in the United States), most email users who have had their email addresses for more than a year and are in the addressbooks of other professionals *at that address* would be far more willing to have to get a new credit card number (and update any companies that directly debit their accounts) than get a new email address, and try to reach everyone who might have contacted them at their current email addresses. Yes, I know there are services that will handle email forwarding, but between finding an infinite number of people from whom I *want* to hear via email, and contacting the handful of companies that charge my credit card monthly, it's a no-brainer. I AM my email address in a way that I am not my credit card account.

Then, why is it that email vendors (A.K.A. List Hosts) don't generally encrypt email addresses of subscribers on their servers?

What, you know of someone who does? Please tell us and we'll blog it here.

In the meantime, we'd like you to take our very brief survey about your answer to my first question above and your perception of list security in general. Click here (only 5 brief multiple-choice questions).
See Also:

Post a Comment

Note: Comments are lightly moderated. We post all comments without editing as long as they
(a) relate to the topic at hand,
(b) do not contain offensive content, and
(c) are not overt sales pitches for your company's own products/services.

To help us prevent spam, please type the numbers
(including dashes) you see in the image below.*

Invalid entry - please re-enter

*Please Note: Your comment will not appear immediately --
article comments are approved by a moderator.

Improve Your Marketing

Join our thousands of weekly Case Study readers.

Enter your email below to receive MarketingSherpa news, updates, and promotions:

Note: Already a subscriber? Want to add a subscription?
Click Here to Manage Subscriptions

Best of the Week:
Marketing case studies and research

Chart Of The Week

B2B Marketing

Consumer Marketing

Email marketing

Inbound Marketing

SherpaStore Alerts


We value your privacy and will not rent or sell your email address. Visit our About Us page for contact details.