Email Suppression List Data Security
Managing email lists and suppression files with the utmost security.
Protecting customer email data and providing secure data distribution are UnsubCentral’s top priorities. UnsubCentral works with a limited set of technology partners who have met rigorous security requirements and certifications. UnsubCentral’s management and technology teams have implemented a strict security policy that includes performing ongoing security audits to identify potential risks and applying controls to mitigate and manage those risks.
Securely Distributing Suppression Lists
UnsubCentral highly recommends hashing (similar to encrypting) your data when distributing suppression lists. The UnsubCentral platform supports:
- MD5: The current industry standard one-way hashing algorithm for secure list distribution. MD5 converts plain-text email addresses into 32-character alpha-numeric hashes. This method of secure list distribution is a required standard for all ESP members of the Email Sender and Provider Coalition (ESPC).
- SHA-256: A more secure one-way hashing algorithm than MD5. SHA-256 converts plain-text email addresses into 64-character alpha-numeric hashes.
- Salt: A “Salt” is an added layer of security in the form of a password that can be added to either MD5 or SHA-256.
- List Scrubbing: Provides customers the option to not distribute their lists. Email partners upload their mailing lists to UnsubCentral to be scrubbed against selected suppression files. UnsubCentral then provides a clean mailing file to the designated email partner. List scrubbing is the most secure option, as lists are not distributed.
Client Security Controls
- User interface access rights
- API and automated transfer access rights
- Multiple user access options to provide different levels of access within customers’ organizations
Data Security Within UnsubCentral
- ISO 27001 Certified
UnsubCentral utilizes the Amazon Elastic Compute Cloud (Amazon EC2) environment to host customer data. EC2 is ISO 27001 certified.
ISO 27001 (ISO/IEC 27001) is a global security standard that sets out requirements for an Information Security Management System. In order to achieve the certification, a company must show it has a systematic and ongoing approach to managing sensitive company and customer information.
- SAS70 Compliant
Amazon Web Services are also evaluated every six months by an independent auditor in accordance with Statement on Auditing Standards No. 70 (SAS70) Type II audit procedures.
- 100% of UnsubCentral’s operations staff are Red Hat Certified Engineers and maintain a U.S. Department of Defense (DoD) SECRET clearance.
- Restricted access: We limit SSH access to the back-end systems to our office location only.
- Encrypted transfer of data: SFTP and 128-bit encryption for automated data transfers. PGP encryption is also available.
- 24/7 Monitoring: An operations team is on call 24/7 to handle any issues pertaining to security or service availability.
UnsubCentral performs ongoing security audits including periodic customer security reviews.
UnsubCentral is a member of the Performance Marketing Association, as well as the Online Trust Alliance. In May of 2015, UnsubCentral was recognized on the Online Trust Alliance Honor Roll for our commitment to email compliance.