Protect your data with Suppression List Security
Managing email lists and suppression files with the utmost security.
Protecting customer email data and providing secure data distribution are UnsubCentral’s top priorities. UnsubCentral works with a limited set of technology partners who have met rigorous security requirements and certifications. UnsubCentral’s management and technology teams have implemented a strict security policy that includes performing ongoing security audits to identify potential risks and applying controls to mitigate and manage those risks.
Securely Distributing Suppression Lists
UnsubCentral highly recommends hashing (similar to encrypting) your data when distributing suppression lists. The UnsubCentral platform supports:
- MD5: The current industry standard one-way hashing algorithm for secure list distribution. MD5 converts plain-text email addresses into 32-character alpha-numeric hashes. This method of secure list distribution is a required standard for all ESP members of the Email Sender and Provider Coalition (ESPC).
- SHA-256: A more secure one-way hashing algorithm than MD5. SHA-256 converts plain-text email addresses into 64-character alpha-numeric hashes.
- SHA-512: The preferred standard in hexadecimal hashing, and one of the most secure methods of data encryption available. Most industries are trending towards the use of SHA-512 encryption.
- Salt: A “Salt” is an added layer of security in the form of a password that can be added to either MD5 or SHA-256.
- List Scrubbing: Provides customers the option to not distribute their lists. Email partners upload their mailing lists to UnsubCentral to be scrubbed against selected suppression files. UnsubCentral then provides a clean mailing file to the designated email partner. List scrubbing is the most secure option, as lists are not distributed.
For more information regarding hashing and encryption, and how we incorporate it into our unsubscribe ecosystem, click here.
Client Security Controls
- User interface access rights with SAML 2.0 support
- API and automated transfer access rights
- Multiple user access options to provide different levels of access within customers’ organizations
Data Security Within UnsubCentral
- Restricted access: We limit SSH access to the back-end systems to our office location only.
- Encrypted transfer of data: SFTP, FTP/s and 128-bit encryption for automated data transfers. PGP encryption is also available.
- 24/7 Monitoring: An operations team is on call 24/7 to handle any issues pertaining to security or service availability.
UnsubCentral performs ongoing security audits including periodic customer security reviews.
UnsubCentral is a member of the Performance Marketing Association, as well as the Online Trust Alliance. In May of 2015, UnsubCentral was recognized on the Online Trust Alliance Honor Roll for our commitment to email compliance.