My Role

Product Manager

Stakeholders

VP Engineering Legal Customer Support

Collaboration with

Product Design Engineering Legal Customer Support Data Science

Duration

3 Weeks, Q2 2022

TL;DR

I developed a product roadmap, scoped solutions, and delivered a new unsubscribe landing page to reduce abuse of the import email feature and prevented GDPR violations and a costly legal fallout.

Context

An import email feature was shipped in Q2 2021 in order to reduce platform switching friction. However, due to company-wide layoffs and re-structuring, it didn’t receive the proper follow-ups and support, resulting in bad actors abusing the feature.

After joining the product team in Q2 2022, this was the first project I led as the PM on the email product.

Problem

Bad actors were abusing Medium’s email delivery system by:

• Importing email lists they did not have consent to contact
• Reimporting email lists using multiple different Medium accounts
• Sending abusive and inappropriate content to recipients

This was made worse since some of these recipients were not Medium users, and therefore had not agreed to Medium’s terms of service. It was clear that some users had taken advantage of Medium’s email distribution tools, which eventually culminated in a formal GDPR violation notice delivered to our customer support team.

As a result, customer support and legal teams raised the issue as a high priority to the product team.

Sizing the Issue

Qualitative Data

Collaborating with the customer support team, I gathered qualitative information to identify the details and the severity of the issue.

At least 5 support tickets were opened related to this issue. Of the tickets opened, users mentioned that they never signed up for a particular creators’ emails, and that the content being delivered to their inbox was NSFW and unwanted. Furthermore, when they tried to unsubscribe, they would still continue to receive unwanted emails.

Quantitative Data

Working with Data Science, I was able to understand feature usage, and the scale of abuse.

• 4.1K imports containing 7.8M emails without associated Medium accounts, with 83% being valid emails
• 65% creators were free users (not a Medium member)
• 75% creators were creators in Medium’s monetization program

I deduced that it was likely a few bad actors were causing a lot of the damage and sending out a majority of the unwanted emails. Assuming creators who are in Medium’s monetization program are unlikely to abuse imports due to PPI information Medium had on file, and leveraging the 80:20 heuristic as well.

Goals

<aside> 🎯 1. Reduce the number of bad actors abusing the import feature

</aside>

<aside> 🎯 2. Prevent unsubscribed users from being imported again

</aside>

<aside> 🎯 3. Allow non-user recipients to unsubscribe from all creator emails

</aside>

Scoping

Developing a Roadmap

I scoped this project by first coming up with a list of solutions that would tackle the problem of abuse of the import feature. I evaluated each solution, and prioritized them based on the level of effort, complexity, effectiveness, impact, and user experience. An outline of the roadmap looked like this:

1. A global unsubscribe landing page for non-users (existing users could manage their preferences once logged in)
2. A global_blocked database that prevents blocked emails from being re-imported
3. Reducing the number of emails being uploaded per import
4. Limiting import feature to paying users, or creators in the monetization program
5. Develop internal tools for trust & safety team to handle tickets effectively

Some other solutions we rejected due to scope were:

• Sending emails via creator’s email address
• Developing an internal admin tool for support team to handle these tickets
• Develop additional features for creators to manage subscriber email list
• Asking recipients to confirm their subscription

Scoping Global Unsubscribe and Blocked List

Considering the urgency of the GDPR violation notice, I decided to start with solutions 1) and 2) in order to stop the bleeding and prevent immediate legal fallout. These solutions allowed users to easily unsubscribe from all creator emails, and prevent them from being imported again by putting them on a blocked list, adhering to GDPR requirements.

Edge Cases

One edge case that was part of this scope was the scenario in which a user on the global_blocked list created a Medium account. I decided that all email settings would reset to default should that happen in order to ensure a personalized experience on Medium.

Future Features

Depending on how effective the implementation of item 1) the global unsubscribe landing page and 2) global_blockedlists were, we would proceed with the roadmap to further prevent abuse of the import feature in the future.

Metrics

Some metrics to keep an eye on include: