Curate By

  • Theme
  • Sector
  • Channel
  • Communities
  • Show All

Connect to


After the GDPR Apocalypse: Poor Deliverability Made it Even Worse!


Written by Guy Hanson, Chair of the DMA Email Council and Senior Director of Professional Services at Return Path

As we emerge blinking from the GDPR apocalypse, I’m reminded of Star Wars: “I felt a great disturbance in the Force... as if millions of voices suddenly cried out in terror and were suddenly silenced. I fear something terrible has happened!”

We all stared in disbelief at our inboxes on May 25th as literally hundreds of re-permissioning and privacy policy update emails flooded in. I’ve subsequently heard from the mailbox team at Orange that weekly email volumes increased by 20%. . . and so did spam notifications. ESP Adestra reported that it was the busiest single day in their history!

Whether this madness was necessary is open to debate. The Guardian 1 reported, “The vast majority of emails flooding inboxes across Europe from companies asking for consent to keep recipients on their mailing list are unnecessary and some may be illegal.”

An obvious implication was a big rise in email spam filtering rates. We always see this during high-volume events such as Black Friday - even major mailbox providers like Gmail and Microsoft have finite band-width and processing capacity. May 25th was no exception, and spam filtering rates rose by around 25% 2 as subscribers became more and more fed up with the tsunami of consent and privacy updates.

We also saw big shifts against other important performance email metrics. Compared with a 90-day benchmark covering February to April, in May we saw:

  • Average Read rates did increase by between 14% and 17% demonstrating there was at least a level of positive engagement with these campaigns.
  • However, Deleted Unread rates 3 (an important engagement metric which negatively impacts filtering decisions) increased by between 20% and 36% - double the uplift in Read rates.
  • Not Spam rates 3 (an important positive engagement metric which positively impacts filtering decisions) plummeted by between 80% and 90%, meaning far fewer subscribers were checking their junk folders for missing emails. Gmail has stated that Not Spam notifications are an “order of magnitude” more important than Complaints in determining good vs bad senders, and the resulting spam filtering decisions that are applied against them.

The big negative swings help explain why spam filtering levels went up as email subscribers disengaged from the barrage of GDPR emails they were receiving. With some senders these variances were extreme!

  • Re-permissioning: A major video games/consoles/accessories retailer ran 4 waves of re-permissioning emails throughout May. The data below is benchmarked against the average Read and Filtering rates for their marketing emails (Index=100):
Wave Read Rate Spam Filtering
1 125 83
2 112 312
3 77 440
4 69 507

While initial engagement was good, by the 4th wave of their spam filtering rates had increased 5 xs! Across all waves, 44% of emails ended up in subscribers’ junk folders, and with some individual sends this number was over 80%!
The DMA’s recent Marketer Email Tracker 4 report calculated the average lifetime value of an email address at £28.56. If a sender with 1M subscribers missed the opportunity to re-permission 440K of those subscribers because of spam filtering, and assuming 10% would otherwise have responded, the deliverability impact is around £1.25M!

Privacy Policy Updates: We saw similar deliverability disasters for the “Privacy Updaters”. One standout example was a major transport provider which emailed customers on May 23rd with “We’ve updated our privacy policy”. 78% of these emails ended up in the recipients’ spam folders (mine included)!

This poses a really interesting question because ICO guidance states:

You must regularly review, and where necessary, update your privacy information. You must bring any new uses of an individual’s personal data to their attention before you start the processing. (Full text here). 5So programs that sent Privacy Policy Update emails that ended up in the spam folder have effectively failed to bring these new uses to their subscribers’ attention.

On average 16% 6 of all permission-based UK email fails to achieve inbox placement. We know this was around 25% higher in the run up to May 25th, and some individual senders saw spam folder rates above 80%. Significant parts of these senders’ lists are potentially still GDPR-non-compliant as a result.

  • Marketing-first vs Legal-first: Marketo 7 has published an excellent report postulating that GDPR has created a cultural split in marketing:
    • Marketing-first: Senders who have used the legislative changes around data to improve customer engagement, ensuring a level of efficiency in their marketing and getting closer to their customer.
    • Legal-first: Senders who have focused almost exclusively on the process and compliance aspects of GDPR, without considering the opportunity it presents.

Taking “Repermissioners” as a proxy for Marketing-First and “Privacy Updaters” as a proxy for Legal-First, we can see average program performance from the two “tribes” (as Marketo calls them) was notably different, even before GDPR preparations began in earnest:

Average Metric


Privacy Updaters/Legal-First

Read Rates



Spam Filtering Rates



Complaint Rates



Deleted Unread Rates



This data suggests the “Repermissioners/Marketing-First” senders are naturally more customer-centric than the “Privacy Updaters/Legal-First” senders, and this was reflected in their approach to GDPR.
We have already seen significant success stories from email programs that embraced GDPR early as an opportunity to strengthen customer relationships:
  • Manchester United has seen a 25% increase in Read rates, while Complaint rates have reduced by ½. Spam filtering rates are now only 1/3 of this sender’s pre-GDPR levels.
  • Lloyds Bank has seen a 22% increase in Read rates, while Deleted Unread rates have reduced by ½. Spam filtering rates are now only 1/6 of this sender’s pre-GDPR levels.
  • Royal Society for the Protection of Birds (RSPB) 8 has seen an Open rates uplift of 15%, while Click rates have almost doubled, since introducing a new best-in-class GDPR compliant sign-up process.

Email deliverability in particular, and program performance in general, is increasingly a function of subscriber engagement, and senders who build strong relationships with their customers will amplify positive behaviours and mitigate negative ones. For progressive marketers, GDPR has represented a great opportunity to reinforce this, and they are benefitting from more responsive, higher-value email customers as a result.

For more information on DMA Email Marketing Best Practice please review the guide here

Notes & Credits:

  1. The Guardian: “Most GDPR emails unnecessary and some illegal, say experts” (May 21st, 2018)
  2. Return Path: Methodology – we reviewed over 150 email programs that took steps to achieve GDPR compliance during May 2018. The data is sourced from Return Path’s consumer network, in excess of 2M real-life mailbox owners who have consented to having their inbox activity monitored at an aggregated and anonymised level.
  3. Return Path: “The 2018 Hidden Metrics of Email Deliverability”
  4. DMA: “Marketer Email Tracker 2018”
  5. ICO: “For organisations/Guide to the General Data Protection Regulation (GDPR)/Individual rights”
  6. Return Path: 2017 Deliverability Benchmark Report
  7. Marketo: The Two Tribes of Marketing
  8. RSPB: metrics provided by the program owner.
Hear more from the DMA

Please login to comment.