For years, marketers and publishers have relied on third-party cookies for retargeting and monetization, overlooking the myriad problems they posed. However, cookies have raised concerns about lack of consumer consent, device addressability, and poor durability, and have invited serious scrutiny as a result.
Today there are several solutions being touted as cookie improvements, but marketers and publishers should beware that many don’t solve the initial problem raised by cookies, as these replacement identifiers also lack durability, provide limited addressability, and do not improve transparency and choice. Fortunately, some solutions already work better today than cookies do. Authenticated, people-based addressability should remain at the very top of the marketing tactic list.
Another solution that is often talked about is the use of hashed emails (HEMs). Let’s take a closer look at why this solution may not be an improvement over cookies.
Key Takeaways
- HEMs aren’t future-proof: They lack persistence, can be reversed, and provide limited visibility across devices and channels, making them a fragile replacement for cookies.
- RampIDs offer a stronger alternative: With broader matching, support for responsible use of data, and stability over time, RampIDs address the shortcomings of HEMs.
- Marketers gain scale and trust: RampIDs are interoperable with major industry identifiers, supported by more than 650 partners, and built to support global privacy program requirements – ensuring accurate measurement and responsible addressability at scale.
What is a hashed email?
A hashed email (HEM) is a type of identifier created by applying a cryptographic hashing function (such as SHA-256 or MD5) to a user’s email address. This process converts the email into a unique string of numbers and letters that is not immediately human-readable. The idea is that brands, publishers, or platforms can use these hashed strings as identifiers without exposing the raw email address.
For example, the email [email protected] might be transformed into a long alphanumeric code. If another company applies the same hashing method to the same email address, this may result in an identical hash, allowing the two parties to recognize a user in common without directly sharing the email itself.
HEMs gained traction because they offered a marginally more secure alternative to third-party cookies, particularly as marketers looked for ways to maintain audience targeting and measurement in a cookieless future. Publishers, advertisers, and identity vendors often promoted HEMs with the belief that they:
- Enabled cross-site tracking and activation
- Supported audience matching between partners
- Extended the life of email identifiers
Why publishers and advertisers considered HEMs
The push toward HEMs stemmed from three major trends:
- Cookie deprecation: As much of the web is already cookie-free, marketers are searching for durable identifiers to maintain addressability.
- Authenticated traffic: With more websites and apps requiring logins, email addresses have become a common anchor for identity.
- Perceived privacy: Because HEMs are not directly human-readable, some marketers view them as an alternative way to share and activate customer data.
However, HEMs carry major drawbacks that make them less effective and secure than durable, tokenized identifiers such as LiveRamp’s RampID.
Why HEMs Fall Short
While HEMs are often positioned as a quick fix for a cookieless future, they carry limitations that undermine their effectiveness. From security concerns to weak persistence and measurement challenges, HEMs fail to provide the durability, interoperability, and security that modern marketers need. Below are the key reasons why relying on HEMs can create more problems than they solve.
- HEMs aren’t secure
- An email address is not a comprehensive online identity
- An email address is not persistent
- HEMs weaken measurement
Hashed emails aren’t secure
Proponents of HEMs hail the solution’s cryptographic, one-way encryption process that creates a code unique to the email. However, HEMs are a universal identifier – the same HEM is sent by brands to all activation endpoints. While an email in hashed form may not be human-readable, they are standardized algorithms, and many firms are now offering services that can reverse email hashing to correctly guess consumers’ email addresses, identifying users on a personally identifiable level. Of equal or greater concern is that these email lists can be, and are, easily repurposed and rehashed to violate user privacy.
An email address is not a comprehensive online identity
Identity resolution providers such as LiveRamp provide value by tying multiple identifiers (including email) to a real, person-based identifier. Using email address data that a user declares as the base of identity will create a brittle conception of the consumer that may not extend comprehensively across devices, households, and environments that require a log-in using a different identifier. Since HEMs don’t protect directly identifiable personal data, they’re an inappropriate solution for data collaboration with other parties. Furthermore, because they’re not a durable people-based identifier, identity matching with HEMs for the purposes of data activation is weak.
An email address is not persistent
Email addresses change with each new job, with new software, and with maturity. Email addresses are elective identifiers, and consumers can elect to change them at any point, often without any fee. Inconsistencies also create fragile matching. HEMs require both parties to not only have the same individual email address, but that address must be stored in the same syntax for HEMs to join. HEMs also can’t match against other common directly identifiable personal data, such as name and postal information (NAP) data, or against digital device identifiers used to recognize visitors and prospects. This match weakness is exacerbated in programmatic bidstreams, where each call from brand to DSP to SSP to publisher will go through this same probabilistic match test and cause drop-off in audience reach.
HEMs weaken measurement
Analytic accuracy is strengthened by using durable, omnichannel, person-based identifiers that are stable even when the consumer updates their directly identifiable personal data. As noted above, HEMs change when a customer’s email changes, and HEMs don’t resolve to single individuals across channels, harming long-term incrementality measurement for attribution or building training data for machine learning.
Hashed emails vs. RampID
HEMs offer a step forward from cookies, but they still have limitations. RampID goes further as a durable, secure identifier that works across the ecosystem. The table below highlights the key differences.
| HEMs | RampID | |
|---|---|---|
| Definition | An email address that’s been encrypted using a hashing algorithm. | A people-based, interoperable, and secure identifier built on an authenticated identity infrastructure. |
| Persistence | Stays tied to an email but can break if users change or stop using that email. | Stable, durable identity that persists across channels, partners, and ecosystems. |
| Accuracy | Dependent on the quality and cleanliness of the email database. | Verified and authenticated, reducing duplication and inaccuracies. |
| Interoperability | Often siloed. Limited portability across platforms and partners. | Interoperable across publishers, platforms, and partners for data collaboration. |
| Privacy | Considered PII. If exposed, hashes can be reversed with enough computing power. | Designed to be secure, enabling responsible data collaboration and activation. |
| Future Outlook | Useful but limited as cookies go away. Not scalable across the open web. | A leading cookieless solution with wide ecosystem adoption. |
How RampID solves the challenges presented by hashed emails
While HEMs may appear to offer a quick fix for identity, they fall short in durability, responsible data use, and accuracy. LiveRamp’s RampID was designed to overcome these weaknesses, giving marketers and publishers a secure, people-based solution that scales across the ecosystem and provides the following benefits:
- Stronger and broader matching
- Responsible use of data
- Persistence over time
- Ecosystem-wide interoperability
- Future-ready identity
Stronger and broader matching
Unlike HEMs, which require both parties to have the exact same email address formatted and hashed in the same way, RampIDs can match across multiple identifiers. They work whether data is based on email, postal, phone, cookies, MAIDs, or IPs, reducing audience drop-off and extending addressability across environments. RampID matching has been proven to deliver 44% higher match rates than HEM-to-HEM matching across leading publishers.
Responsible use of data
HEMs are reversible, exposing consumers and presenting data leakage risks. RampIDs are tokenized and obscure directly identifiable personal data, assigning unique encodings for each partner. That means two companies referencing the same individual will see different RampID formats, eliminating universal tracking threats and preserving consumer trust.
Persistence over time
Email addresses change often, but RampIDs remain stable even as names, addresses, or digital devices shift. LiveRamp maintains these links in its longitudinal identity graph, ensuring consistent recognition of individuals and households over time. This persistence enables accurate attribution, incrementality measurement, and machine learning training.
Ecosystem-wide interoperability
No identifier has more operational support through the programmatic ecosystem than RampID. It is accepted across DSPs, SSPs, publishers, and more than 650 global partners, enabling marketers to activate, measure, and optimize campaigns without loss of scale.
Future-ready identity
RampIDs are interoperable with other industry identifiers like UID2, OpenID, and Lotame Panorama ID, giving marketers flexibility in their tech stack. RampID has been developed to support customers’ privacy program requirements and provide tools to enable compliance as regulations evolve.
Is there a possibility for the industry to adopt a “universal” ID?
There’s no silver bullet for a cookieless marketing future, but RampIDs were thoughtfully designed as a global post-cookie identifier, and for over a decade, clients have benefited from this stable technology with much greater reach and accuracy than weaker, device-based identifiers such as cookies and HEMs.
Publishers and marketers should have their choice of IDs to activate first-party data, which sometimes means using multiple identities. LiveRamp’s neutral infrastructure is accessible to any identity. As more interoperable IDs are added, customers will continue to have flexibility and security in their tech stacks as they strive to create meaningful connections with their consumers.
How LiveRamp can help you move beyond HEMs
For marketers who want to maximize reach and return, and for publishers who want to maximize yields, RampID offers more. HEMs may look like an easy replacement for cookies, but their weaknesses in security, persistence, and accuracy make them a fragile solution. RampIDs provide the durability, security, and scale needed for modern marketing.
Ready to move beyond HEMs? Discover how LiveRamp’s identity solutions can help you develop a future-ready data strategy and unlock responsible addressability at scale.
Hashed Email FAQs
What does a hashed email look like?
A hashed email is a long string of letters and numbers created by applying a hashing algorithm (like SHA-256) to an email address. For example, [email protected] might become something like 7c4a8d09ca3762af61e59520943dc26494f8941b.
What is the difference between a hashed and an unhashed email address?
An unhashed email is the plain-text address you use every day (e.g., [email protected]). A hashed email is the same address run through an algorithm that produces an obfuscated alphanumeric string. The unhashed version is directly identifiable, while the hashed version is meant to mask it – though it can often still be traced back to the original email.
Is a hashed email PII?
Yes. Even though hashed emails aren’t immediately human-readable, they are still considered personally identifiable information (PII). That’s because the hash can often be reversed or matched back to an individual, making it possible to re-identify the person behind the email.
Can HEMs and RampIDs work together, or is it better to choose one?
RampIDs can work in cases where HEMs do, but they also succeed where HEMs fail – such as mismatched email formats, multiple identifiers per user, or when only postal, phone, or digital IDs are available. Unlike HEMs, RampIDs are not reversible, enable companies to secure consumer data, and are widely supported across DSPs, SSPs, and publishers, making them a more durable choice.
How do RampIDs improve the customer experience compared to hashed emails?
RampIDs drive better experiences by enabling accurate omnichannel campaigns, helping companies secure customer data through non-reversible IDs, and delivering more reliable analytics. They’re stable over time, interoperable with other IDs, supported by more than 650 partners, and support compliance – giving marketers both flexibility and consumer trust that HEMs can’t match.
