Badsender of the week: babies, {entry.firstname}, RGPD and sponsorships!

Woooooot ?? This week's Badsender is back??? Let's not get carried away! But since a bird in the hand is worth two in the bush... hope springs to life.

Anyway, I'm going to start with some storytelling, because yes, when you're a company, you have to do some storytelling, except that this time, the storytelling is ultraperso... well, I'm going to be a father for the 3rd time... and it fills me up with happiness... but it also fills up the advertising ambitions of quite a few people! I'm a target... well, mostly my wife, but as we use the same IP, sometimes the same terminals... they get confused a lot !

All this to tell you that this morning, I received this email from the website "Envie de Fraises", an ecommerce website well known by all those who want to stay well dressed during pregnancy... which is not always easy:

My eyes are obviously directly attracted by this magnificent {entry.firstname}, a warning sign that there is a squid in the pie! So, I google the variable quicklyThe email must not have been sent by a commercial email router, probably a home-made development.

Going through the email a bit, a good contest. Classic. But absolutely nothing in the footer! No identification of the sender of the message (the lambda eye would have concluded that it is Envie de fraise or Materniteam, but I have a doubt). And even less unsubscribe link. RGPD BONJOUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUR !!!!!!!!!!!!

It was enough to make me want to know more!

In search of the lost sender!

This is not really the first time that I have done research to find out the real sender of an email. Often, the most reliable research method is to look for the domain names and to find the owners of these.

So there are two of them. The domain kx2.co (without m) which is used on all the tracking links, the From:, the technical domains, ... and Enviedefrais.com which is used for the hosting of images.

By doing a little research on the whois of kx2.coWe just know that the organization is called "Cassiop", but no other complementary information. So we have to do a search in Googleto make the link with the company Kimpleapp: "The company that makes your consumers play all year long". They have a very nice page saying thatthey are ready for the RGPD.

But how did they get my data?

Having received this email on my personal address... which is not really a very protected data since I subscribe to everything and anything... I would have appreciated to have a clue in the email, but no, nothing! So, I turn to my wife and ask her if, by chance, she would have given my email address to Envie de Fraise. BINGO! It is indeed her who did it! Wanting me to participate in a contest, and therefore sponsored me.

Where is the permission for sponsorship?

Would you like me to give you a little diagram of what sponsorship traditionally is in an eCRM action? Okay, let's do that, I'll be right back... scribble, scribble, ... here we go!

Well, okay, it's not the scheme of the year, but it was done quickly!

The classic case, you want to generate new contacts, to make your brand known, so sponsorship seems to be a good idea! It allows you to encourage your existing customers (and satisfied ones if possible) to spread the word.

Need help?

Reading content isn't everything. The best way is to talk to us.


If we look at this diagram :

  1. We select customers who are satisfied, perhaps those who have just made a purchase so that it is fresh in their minds.
  2. We send them an email...
  3. ... which will redirect them to a form in which they will be able to encode email addresses of their friends for a small carrot.
  4. We add the friends in a database and...
  5. ...we send them an email...
  6. ... email that refers to a contest (and if you are really good, you can even manage to complete the... loop.

The problem with this practice? At no time will the brand organizing the sponsorship action have collected the consent of the sponsored persons with the sending of the first email. It is the sponsor who encodes... often in good faith (here it was clearly the case, I swear).

If we except this problem of consent (which is colossal and therefore blocking whatever happens), we could have had some reassuring elements:

  • An unsubscribe link doesn't look like much, but it's always practical... and reassuring. Without it, you're sure to get a lot of spam complaints (I don't know how many times I've already said that)
  • A link to the terms and conditions or privacy policy
  • A mention of consumers' rights regarding their private data (you know, the sentence that says, you have the right to access, delete, modify, blah blah blah, to use these rights, please contact blah blah...)
  • A reminder of the collection source, such as "This message was sent to you by {sponsor.name} {sponsor.firstname} as part of a sponsorship operation organized by Envie de Fraises.

Even if all this does not remove the lack of consent.

So, in order to respect the consent, how do I organize a sponsorship action?

The right question! First, you don't ask your customers to enter the email address (or any personal data) of their friends, family and contacts, they are not entitled to give consent for third parties.

Secondly, you consider that it is not up to you to communicate (aka "send messages") with the referrals, but to the sponsor directly! How do you do this? By generating unique codes or unique URLs.

If you go back to the diagram drawn above, instead of having a step 4 in which the data of the sponsored persons are recorded in the database, you generate a unique code allowing to identify the sponsor. This code (or better, the unique url), will be distributed by the sponsor ... where he wants. He can send it by email, he can share it on social networks (with a small potential of virality)... when someone will click on it, he will have access to the action. This mechanism has the advantage of motivating the sponsor to share the unique url as widely as possible by promising him a higher benefit if he does so.

Your advantage as a brand? Collect data with meaningful consent, collect data from consumers who are truly interested in the action, generate less negative sentiment... don't generate badbuzz.

Pssst, the CNIL talks about sponsorship on its site, it's short, but it has the merit to exist : https://www.cnil.fr/fr/cnil-direct/question/271

Identity card

Generic email information:

  • Subject of the email Participate in the Envie de Fraise contest!
  • From : Your birth gift
  • Reply-to : non@configure.com (sisi, it's true)
  • Preheader : None
  • Platform of routing : Probably homemade!

Checklist :

  • Link to privacy : KO
  • Link to unsubscribe : KO
  • DKIM : OK
  • Text version : KO
  • List-unsubscribe : KO
  • Friendly reply : KO
  • Mobile ready Not tested

Support the "Email Expiration Date" initiative

Brevo and Cofidis financially support the project. Join the movement and together, let's make the email industry take responsibility for the climate emergency.

Share
The author

Laisser un commentaire

Your email address will not be published. Les champs obligatoires sont indiqués avec *