You're talking about Transactional emails? You cant unsubscribe from TRANSACTIONAL emails. That's why they're transactional...not marketing. It's really important to differentiate that.
I'm asking how does Google differentiate between a transactional and a non transactional email?
They also say in their guidelines
> *Marketing messages and subscribed messages* must support one-click unsubscribe, and include a clearly visible unsubscribe link in the message body.
So how is Google determining what is a Marketing/Subscribed message? If they're not, then am I required to tack on this header to ALL emails regardless of type or risk getting binned?
If you’re sending transactional emails like password resets or MFA, then the emails will have close to a 100% open rate. This is (likely) an important factor that Google uses to judge whether email is transactional, or more generally whether it is desired by recipients, alongside other factors like having a very low complaint rate.
100% open rate on transactional emails feels too high to me. Something like an e-commerce purchase might kick off multiple emails (purchase made, shipped, arrived), none of which the user opens
Kicking off a chain of emails a user cannot easily opt out of could well be the sort of emails users want to lose. There probably should be a one-click 'stop emailing me' button, for this and future purchases. Which would be a support burden, yes.
We’ve received your order … we’ve taken payment for your order … your order has left our warehouse … your order has arrived in another warehouse … your order is with a delivery driver … all for a $5 cable.
So... let's assume many users do this, and let's assume Google factors in the opening rate into the transactional-email-likeness score, and that transactional-email-senders become widely aware of this...
Then senders' incentive will become to make the subject line into clickbait for the content, so that you'll open the message. So instead of subjects like "Order placed", "Order paid", "Order shipped", "Order out for delivery" you'll get uniform subjects along the lines of "IMPORTANT UPDATE TO YOUR ORDER". You will lose efficiency getting through your emails, and over time the metric will lose its indicativeness. Everybody loses.
Some of these emails are legally required for online shops. Doesn't matter if the user wants to receive them or not, they _have to_ be sent and actually delivered to the user's inbox.
I'm not sure how the 'actually delivered' would be enforced. Does Google have an affirmative requirement to deliver a 3rd parties message? I hope not.
My gmail address received 35 emails yesterday (which didn't get spam filtered). All but 3 of those got auto-archived by the filters I have in gmail. I would love google to just do this automatically.
Practically I might need another message or two a week that didn't hit my inbox.... but that's fine as long as it's as it is still searchable.
Sorry, to clarify, I only mean this particular type of transactional email: password reset, MFA.
But even for other types of transactional emails, like shipment confirmations, I would expect the open rate to be much higher and/or the complaint rate to be much lower than for marketing email.
If they support SMS 2FA they need to be prepared for this too because it costs a lot. Yeah, so people need to ensure that reset is at least a little hard to abuse. After all, it's a bad experience for their users if they receive a shit ton of reset emails anyway.
That could potentially cause them problems, yeah, if you were able to do that endlessly. In practice most companies will have some kind of rate limiting in place around features like that (by IP, cookie, captcha, etc.)
IP and cookie-based rate-limiting are trivially bypassed. In fact, any kind of rate-limiting is ineffective here, especially for smaller organisations, because you only need to generate a small fraction of the traffic they normally send out. If they separate transactional mail from other types of mail (something that is frequently recommended), then how many illegitimate password reset emails do you think an attacker needs to trigger to get to, say, a 5% failure rate? Smaller organisations don’t send out an awful lot of transactional email.
True, but modern CAPTCHA rate limiting is not easily bypassed, and a lot of the solutions are free.
Together with cookies, you can show the captcha only to visitors that are not already recognized in some way, giving them a limited number of actions before showing the captcha. And regardless of whether you want one on your password reset page, you almost certainly want one on your login page anyway.
Ahhh I see what you mean now, but it wasn't clear in your initial question.
Gmail's algorithms analyzes, and has been doing over the last ~20 years, a combination of factors to classify emails as promotional or transactional!
Nothing in the code itself of your email will indicate that, other than the presence of an unsub link + the rest of the footer (which is the obvious sign that's a marketing email)
Maybe transactional emails don't need an unsubscribe link like marketing emails, but they do need a "not my account; please stop" link to avoid the spam button.
Lack of opt-in into those will have me keep marking those as spam. Just like those US political newsletters that also don’t feel like they need to verify mails.
US political emails are even more annoying when you aren’t American. I flag all that stuff as spam without hesitation. If you do that, I hope your entire domain ends up flagged as spam.
I had the idea to do a 1 dollar donation and then see the campaign getting flagged for illegal campaign contributions, but that is probably illegal for me as well.
Hah. I have josephg@gmail. I sometimes wake up to threads of 6+ password reset attempts over an hour from someone who doesn’t know their own email address. For a couple years I got pay stubs. And monthly cell phone invoices from India.
I think that email address gets more email for other people than email for me at this point.
Same. Flights trips -- including PNR. Invoices. School reports. Tons of telephone bills. Frequent Uber trips (somewhere in Africa, for some reason). The list goes on and on. And my email address is short but not that common, but still get hit a few times per week.
It really drives me crazy that none of them have any type of email confirmation before accepting an email address as valid.
Because many people are not great at entering their email addresses correctly and many sites don't require any sort of address verification/confirmation.
If you have a common word or common name email address at a big email provider then you almost certainly are getting: password reset emails, billing invoices/order confirmations, tax info, childcare/education notices, medical appointment confirmations, local government notices, business conversations, wedding invitations, etc.
All legitimate and not spam but intended for a different recipient.
my wife gets these regularly. there's a few people in the UK (we're in the US) that have similar gmail addresses as hers, and use her email address often. she'll get restaurant reservation notices, dr appt confirmations, tv repair schedule confirmations, delivery notices, etc. She's called the vendors a couple of times, and also called the people directly a a couple times. "You've entered your email wrong, please stop using my email".
One person, one time, understood the situation, thanked her, and updated things. And a year later, we got email for them. There's lots of mischief we could get up to, if so inclined, but we're not like that.
Someone last year accused her of 'hacking' in to their computer and stealing emails, so she's basically given up. But these people are missing their dr appointments, delivery change notifications, etc. And by 'these people', I'm meaning - it's perhaps 4 other people with slight variations of the same spelling.
Well, I wish my ISP would stop marking ads and promotions as "transactional". Just because they have a system that prohibits unsubscribing, doesn't mean they should be allowed to abuse that system.
I've had a website that sent me no fewer than 6 emails over the course of 10 days for a single transaction, 5 of which were full of ads and links to their website and products. I emailed them and asked them to stop and their response was there was no way to opt out, they were transactional for new accounts.
My ISP constantly sends me emails about "staying safe online" and "the holiday season". At the bottom of the email, it says "THIS IS A SERVICE-RELATED EMAIL", supposedly to excuse the lack of any unsubscribe link.
Unfortunately you are no longer allowed to take them to court over this, as their terms of service simply say you are no longer allowed to sue them :) just like all tech companies that know they're committing lawsuit-worthy offenses.
I'm asking how does Google differentiate between a transactional and a non transactional email?
They also say in their guidelines
> *Marketing messages and subscribed messages* must support one-click unsubscribe, and include a clearly visible unsubscribe link in the message body.
So how is Google determining what is a Marketing/Subscribed message? If they're not, then am I required to tack on this header to ALL emails regardless of type or risk getting binned?