How can HubSpot ensure that no emails are sent to contacts without a DOI confirmation?

Mainata
Contributor | Diamond Partner

Hello everyone,

 

we may have a logic error somehow or we don't really understand how the GDPR and DOI work or interact in HubSpot.


So we in Germany always need a DOI confirmation before we can write to contacts.
Contacts are written to in HubSpot, even without a DOI confirmation. E.g. via any HubSpot form a contact comes into HubSpot and under "Legal basis for processing contact's data" she/he gets "Freely given consent from contact". That is enough for HubSpot to send mailings. A contact has to confirm a DOI email, then in HubSpot under “Marketing email confirmation status” they get the value “Confirmed” and only then they can receive newsletters.

 

The question is - how does HubSpot ensure that only contacts are written, that have confirmed a DOI mail?

 

Many thanks for your help!

 

Kind regards
Mainata

0 Upvotes
13 Replies 13
TiphaineCuisset
Community Manager

Hi @Mainata 

 

Thank you for reaching out. 

 

According to this documentation, when double opt-in is enabled, contacts who have not confirmed opt-in will be dropped from any marketing emails that do not include a subscription confirmation link. This includes new contacts who filled out a form and do not click the confirmation link in the double opt-in email, as well as existing contacts who have never received a HubSpot marketing email.

 

In addition, 

 

Hope that helps.
Have a lovely day,
Tiphaine.


Saviez vous que la Communauté est disponible en français?
Rejoignez les discussions francophones en changeant votre langue dans les paramètres !

Did you know that the Community is available in other languages?
Join regional conversations by changing your language settings !


0 Upvotes
Mainata
Contributor | Diamond Partner

Hi @TiphaineCuisset ,

 

thank you for your time and help! I appreciate that!

 

I know these landing pages and information, but it doesn't really work that way.

I've just tested again and I've got exactly the same result as the last time.

 

So we have a newsletter registration page. If a contact registers and does not confirm a DOI email, they have set the following values ​​in HubSpot:

 

Legal basis for processing contact's data: Freely given consent from contact

Marketing email confirmation status: -

 

That seems to be completely sufficient for HubSpot and allows this contact to be written to.

In Germany, of course, that's a problem.

A contact must have a DOI confirmation before being emailed.

 

How can HubSpot ensure that no unconfirmed contacts are written to?

 

In any case, it would be very helpful if we could find a solution to this. Otherwise, our customers run the risk of getting fine.

 

Thank you very much!

 

Kind regards

Mainata

0 Upvotes
TiphaineCuisset
Community Manager

Hi @Mainata 

 

Thank you for your reply. 

 

So I tested on my portal and I can confirm that with DOI enabled, and if the contact has not accepted the opt-in in the follow-up email, the marketing email isn't sent, it automatically suppresses this contact. If this is not the case, I would recommend connecting with HubSpot Technical Support, as Support is included in your subscription and they will be able to provide real-time assistance for this matter, where you are able to share screenshots and specific examples about this.

 

Without enabling DOI the only workaround would be the one that my colleague gave you in the German Community here

 

Thank you!

Best

Tiphaine


Saviez vous que la Communauté est disponible en français?
Rejoignez les discussions francophones en changeant votre langue dans les paramètres !

Did you know that the Community is available in other languages?
Join regional conversations by changing your language settings !


Mainata
Contributor | Diamond Partner

Hi @TiphaineCuisset ,

 

thanks for the great support and feedback!

 

We actually activated the DOI, but not for all pages, only for a dummy page, because we don't want to use the DOI email from HubSpot due to limitations.

 

Then we have to test again how the behavior will change if we activate the DOI for all pages.

 

Thanks again and if necessary, I'll be happy to contact you again.

 

Best regards
mainata

mfs_cea_au
Contributor

@TiphaineCuisset you said, "So I tested on my portal and I can confirm that with DOI enabled, and if the contact has not accepted the opt-in in the follow-up email, the marketing email isn't sent, it automatically suppresses this contact."

What exactly do you mean by "suppressess the contact"? I'm asking because I have GDPR enabled (on a form), as well as double opt-in (account wide?). The test email address I'm using gets the DOI email, but that same email also shows up in my newseletter / form list.

Is it possible to only have HS show true DOI signups? If not, is there some scheduled clean up for the sign ups that don't DOI? 

 

Basically, for me, DOI is a form of spam prevention. In that context, seeing signups that haven't actually complete the DOI adds no value to me. Either they're legit (good! show me!!) or they're not (don't show me. I don't care). 

 

This seems basic and obvious to me, so I must be missing something. What am I missing?  

0 Upvotes
TiphaineCuisset
Community Manager

Hi @mfs_cea_au 

 

Thank you for reaching out. 

 

Apologies about the word used, what I meant is that the contact who has not yet confirmed opt-in will be automatically dropped from any marketing emails - you have more information here

 

It's not possible in HubSpot to avoid creation of a contact who has submitted a form but has not confirmed opt-in yet. However, you could use the Marketing email confirmation status property to create a list of these contacts. You have more information on this property here

 

Hope that helps.
Have a lovely day,
Tiphaine.


Saviez vous que la Communauté est disponible en français?
Rejoignez les discussions francophones en changeant votre langue dans les paramètres !

Did you know that the Community is available in other languages?
Join regional conversations by changing your language settings !


0 Upvotes
mfs_cea_au
Contributor

@TiphaineCuisset - So the only way to remove spam / garbage signups is...manually? That's confusing, at best. Maybe my expectations are out of sync but elsewhere a "customer" is not a "customer" until they double opt-in (presuming that's the setting). 

 

fwiw, this is frustrating. Obviously, DOI is unavoidable. Else, anyone can be adding anyone else to a form / list. So the lack of DOI is clearly a signal for something undesired / nefarious. How can Hubspot help with this? Or maybe it doesn't?? 😞 

0 Upvotes
TiphaineCuisset
Community Manager

Hi @mfs_cea_au 

 

Thank you for your reply. 

 

I can see you have posted a similar question in this thread and that the conversation has gone further with our expert @karstenkoehler - and I can confirm everything he took time to explain.

 

A form submisson will trigger contact creation in HubSpot; and it is not possible to automatically delete contacts that have not yet confirmed opt in so that would have to be done manually: you could use the Marketing email confirmation status property to do that easily by creating a list.

 

I do want to reiterate that if a contact has not yet confirmed opt in and double opt in is enabled, they won't be able to receive marketing emails.

 

We do have a way to prevent spam form submissions from robots following those steps.- but nothing further than that could be done in HubSpot with the way it is set up. 

 

Thank you

Best

Tiphaine


Saviez vous que la Communauté est disponible en français?
Rejoignez les discussions francophones en changeant votre langue dans les paramètres !

Did you know that the Community is available in other languages?
Join regional conversations by changing your language settings !


mfs_cea_au
Contributor

Hi @TiphaineCuisset - Thanks again. 

 

With regards to CAPTCHA, I'm using a non-Hubspot form. Yeah, I could add it but aside from trying to keep the friction down for real people, the DOI is still the ultimate validation. 

Also, given GDPR, I would think it's best that HS keep non-DOI submits in purgatory (not in an account "officially") until those submits are DOI'ed. As it is, someone else can "opt in" for (e.g.) you, but then that means the account holder is responsible and potentially legally accountable for your personal info.  Frankly, I don't want any info I don't need, and until there's a proper DOI then I don't want that info. It's risk with no upside.  


0 Upvotes
mfs_cea_au
Contributor

@TiphaineCuisset - Well, I guess this is why it's "easy" to add Contacts, but that HS doesn't wanna work to hard to make sure they're "qualified"? 😞

Please note: when you reach your contact tier limit, you'll automatically be upgraded to the next tier, which will be reflected in your next billing cycle. Your contract will not automatically be downgraded if you remove contacts from your account. If you have questions about your contact tier, reach out to your account manager.

 

https://knowledge.hubspot.com/contacts/where-can-i-find-my-subscription-and-contacts-or-email-send-l...

 

Note: I'm not trying to be a jerk 🙂 But I do want to *fully* understand upfront what can / cannot be expected from HS; especially if I refer clients to the platform. 

0 Upvotes
TiphaineCuisset
Community Manager

Hi @mfs_cea_au 

 

Thank you for your reply. 

 

I asked the team and we hear you but that's not how DOI works, neither in HubSpot or with other providers like MailChimp. That cannot be changed in HubSpot.

 

With DOI enabled, contacts who have not yet confirmed opt in won't receive marketing emails, and if you want to delete these contacts you'll need to build a list with the previously mentioned contact property. 

 

As for contacts tiers - once you get a Marketing Subscription with HubSpot you only need to pay marketing contacts. You can define at the form level if contacts become an MC or not. You could then have a workflow that makes a contact a marketing contact after their DOI status changed. HubSpot email marketing and ad targeting tools will not work with non marketing contacts. 

 

Thank you

Best

Tiphaine


Saviez vous que la Communauté est disponible en français?
Rejoignez les discussions francophones en changeant votre langue dans les paramètres !

Did you know that the Community is available in other languages?
Join regional conversations by changing your language settings !


mfs_cea_au
Contributor

Um...The last time I used DOI with MailChimp, a new submit would not show on a list until the DOI loop was closed.  Maybe there was a way to see submits that didn't DOI, but I never found it. At the very least, "finding" such submits was the default behavior. 

 

In a GDRP world, imho, it would be best to keep personal info out of reach until there's a sufficient level of certainty that the info was submitted by The Owner of the info. That is, there was a DOI confirmation. Else, anyone could be submitting those details.  Hubspot is in the ideal position to do that.  I don't want "illegal" personal info. And I would think HS wouldn't want to enable that to happen.  I guess not 🙂 

 

We can debate all you want but as things are going today, HS is on the wrong side of history 🙂 

0 Upvotes
franksteiner79
HubSpot Moderator

Hi @mfs_cea_au 

 

Few things I would add.

 

  1. DOI is not a GDPR requirement. In fact it preceeds GDPR by a decade or two. And although GDPR legislation makes no reference to DOI, it is considered best practice to have them go hand in hand.
  2. Using HubSpot's GDPR settings will enable consent information options on HubSpot forms. The four options are: None, legitamite interest, checkbox for communciation & form submit for processing, checkbox for communication and processing. These will set the lawful basis for processing someone's data either implicitly or via active ticking of a checkbox. Which of the 4 options are being used is up to each customer.
  3. If DOI is being enabled in HubSpot, we also have three options - on all pages, enabled for some, disabled for some. Only option 1. "on all pages" will result in a portal-wide blocking of people without confirmed DOI receiving emails. For the other two options, a portal-wide supression list needs to be created and added to all email send. It is important to know that DOI is a one-time process. Meaning we wouldn't reconfirm someone's email repeatedly.

Seeing we track submissions, consent, communication preference and DOI as mentioned above there is a body of proof. There is nothing stopping a customer from marketing contacts for deletion if DOI hasn't been confirmed within a specified time-frame; although this seems bit overkill to me personally.

 

Cheers

Frank

0 Upvotes