Adding Security Increases Email Optin Rates
The days of squeeze pages are pretty much over, and getting email optins is becoming increasingly difficult as visitors become more guarded in releasing personal information. Adding visible security can overcome some of these concerns. Topics: Do We Want Sales Or Invalid Email Addresses; The Tests; The Simple Optin Under Visitor Control; Optins Using Forms; Envelopes Please; Conclusion; Practical Implementation
Do We Want Sales Or Invalid Email Addresses?
Our products are software applications of various kinds, and long ago we learned that we would have very few sales if we required an email address before we downloaded a trial copy. We recently revisited this, but knew that we would have to make some adjustments, such as still not requiring an optin for a product download, but we do want one for something that has value but no direct cost.
The Tests
We have a well defined baseline: starting from zero, any optins can only be an improvement. But, given the increasing rate of email hijacking, the fact that email headers are sent in the clear, as are form data, exposes the optin information unless otherwise protected in some way. We wondered if asking for an optin in an obvious security context (using SSL) would help, so we had some product pages ask in secured contexts, and others in nonsecured contexts, to see if there were any differences. We would run a pair for several weeks, then reverse the security contexts, repeat the test run, and judge the results. The optin message was identical in all cases, and no attempt was made to specifically optimize it (e.g., variously submit buttons vs standard anchor tag for the optin action). In all cases, the optin was inline on the page, either with direct html or referencing a javascript file that generates the inline html when the page is loaded. Finally, all submittals using the form tag are posts.
The Simple Optin Under Visitor Control
The simplest is with a mailto: anchor tag for the optin action. There is no security context, but the optin email is generated by the visitor in their email client program, most often independent of the visitor’s browser. This has three distinct advantages: 1) The security context is that of the visitor, and isolated from bad scripts that may be lurking in the browser; 2) The visitor is sending us an email, which can be used as a defense in the event of a spam complaint; and 3) No need to have an SSL environment. There are three disadvantages: 1) The entire email is sent in the clear; 2) The target address can easily be detected and hijacked; and 3) Exposure to DenialOfService attacks if no CAPTCHA mechanism is in place.
Optins Using Forms
The optin action is done on another page which does whatever processing is required to handle and respond to the optin. We used an active page that is in an SSL environment (via an https post), which displays a ‘what happens next’ message, with a button/link that either returns to the invoking page or delivers the optin object. Half of the presentations were done with an obvious SSL image on the optin action, with the flyover hint indication stating that the information was being protected by SSL, with the other half not having these security indications.
Envelopes Please!
For the simple optin, this was only presented after a download had been done, which about five percent of the visitors did, even though there was no requirement.
If a form optin was presented, then the presentation with the visible SSL security indications had 15% more optins than when these were not present.
Conclusion
Making it clear and obvious to the visitor that their information will be handled in a secure manner increases the likelihood that they will optin, provided that the offer has some perceived value.
Practical Implementation
The generation of the optin presentation, be it with html or through a script (e.g., javascript) is fairly straightforward, and virtually all of the email management services, such as AWeber, provide templates that generate them automatically. However, most of them do not offer an SSL environment. Acquiring and installing an SSL certificate should only be done by a trained individual. Some programming skill is required if an intermediate SSL environment is added between the optin page and any email management service, but this is well defined and should not take very long.
Tags: optin, personal security