Managing contact exclusion lists
Before sending, an advertiser may provide you with an exclusion list to remove certain contacts from the mailing — you apply it in your ESP.
| Use case | Description |
|---|---|
| Opt-out contacts | Contacts who have unsubscribed from the advertiser's communications. Their exclusion is mandatory to remain GDPR-compliant. |
| Existing customers | The advertiser wants to target only new prospects and exclude their current customers. |
| Both | The advertiser merges both lists into a single file before sending it to you. |
This is not systematic — many campaigns do not include one. But when an advertiser sends one, here is how to receive and apply it.
Personal data — secure channel required
Exclusion lists contain personal data under GDPR. Do not request them by email or getinside messaging.
Any file containing addresses (even hashed) must go through a secure protocol.
Receiving the file
The recommended method is SFTP file transfer using FileZilla on the advertiser's side (Download FileZilla — free, Windows / macOS / Linux).
Create an SFTP access on your server and share these details with the advertiser:
| Field | What you provide |
|---|---|
| Host | Your SFTP server address (e.g. sftp.yourdomain.com) |
| Port | Usually 22 |
| Path | Deposit directory (e.g. /exclusion/incoming/) |
| Login | Dedicated SFTP username |
| Password | Generated, shared outside messaging apps |
Share credentials outside messaging apps
Use a password manager with secure sharing (1Password, Bitwarden…) or a one-time link (One-Time Secret).
My infrastructure is different (S3, Azure, GCP, SSH key, API…)
SFTP with SSH key
A more secure option, best suited for recurring work with the same advertiser. The advertiser generates an SSH key pair and sends you their public key — your technical team adds it to the server.
| Field | What you provide |
|---|---|
| Host | Your SFTP server address |
| Port | Usually 22 |
| Path | Deposit directory |
| Public SSH key | The advertiser's .pub file, to be added by your technical team |
S3 bucket (AWS)
| Field | What you provide |
|---|---|
| Endpoint | e.g. s3.eu-west-1.amazonaws.com |
| Bucket | Your bucket name |
| Directory | Destination prefix (e.g. exclusion/) |
| Access Key ID | Dedicated access key (write permissions only) |
| Secret Access Key | To be shared outside messaging apps |
GCP bucket (Google Cloud Storage)
| Field | What you provide |
|---|---|
| Bucket | GCS bucket name |
| Auth token | Service account JSON file with Storage Object Creator role |
Azure Blob Storage
Generate a SAS Token restricted to the Write operation, valid for 48 hours. Renew it for each campaign.
| Field | What you provide |
|---|---|
| Storage account | Your Azure account name |
| Container | Blob container name |
| SAS Token | Signed access token (Write only, 48h) |
API / Endpoint (Eulerian or other)
If you use Eulerian, the integration with the advertiser is native — no file to manage.
For any other ESP or DMP with an audience API, share your endpoint documentation with the advertiser.
Apply exclusions in your ESP
Import the file into your router before scheduling the send.
Check the received file
Verify the encoding (UTF-8), separator, and header. If the file contains SHA-256 hashed emails, check that your ESP handles this format.
Create a dedicated exclusion list
Do not mix advertiser exclusions with your own unsubscribes. Create a separate list with an explicit name (e.g. EXCLUSION_ADVERTISER_NAME_YYYYMMDD).
Apply the exclusion at send time
In the send settings, activate the exclusion list for this campaign. Verify that the final send volume reflects the exclusions — if the numbers don't change, the exclusion did not take effect.
Confirm to the advertiser
Let the advertiser know it is done. If anything is wrong (incorrect format, unexpected volume), flag it to getinside immediately.
FAQ
The file contains SHA-256 hashed emails — what should I do?
Most modern ESPs (Mailchimp, Brevo, Klaviyo, Mailjet…) accept SHA-256 exclusions — check your router's documentation. If not, ask the advertiser for a plain-text file via a secure channel (SFTP).
The advertiser wants to send the list by email — what do I say?
Decline and point them to this page. Email addresses are personal data: sending them via messaging is not GDPR-compliant.
Do I need to keep the file after the send?
No. Once the exclusions are imported and the send is confirmed, delete the file from your server.
What if I receive the file on the day of the send?
Apply the exclusions before sending, even if it delays the send. Sending to opted-out contacts risks complaints and damages your sender reputation. If in doubt, contact getinside.
Next step
Exclusions applied? Go back to Tracking & Sending to finalise.