Why order matters in list cleansing
List cleansing is not a single tool; it is a sequence of distinct checks, each catching a different category of problem. Running them out of order wastes money. Paying for PAF validation on 50,000 records before you have removed internal duplicates means you are paying to validate addresses you were going to suppress anyway. Paying for email verification before TPS screening means you are verifying email addresses on contacts you cannot phone, which is fine for a multi-channel campaign but wasteful if your only channel is telephone.
The sequence below is built around cost efficiency: cheapest and broadest checks first, most expensive and narrowest checks last. Each step passes a cleaner file to the next one.
The six-step UK list cleansing workflow
Step 1: Deduplication against your CRM
Before you touch the file with any external service, remove records you already hold. Typical deduplication catches three categories: exact internal duplicates within the file (the same email address appearing twice), cross-file duplicates against your CRM (a prospect you already hold as a customer), and fuzzy duplicates (same person, slightly different name or address formatting). See our detailed guide to data deduplication best practices for matching rules that work on UK names and postcodes.
A fresh cold consumer purchase typically contains 3-7% duplicates. B2B files from a single source supplier run lower, around 1-3%, but when merged with your existing CRM contacts the overlap rises sharply. One retail financial services client we worked with found 18% overlap between a newly purchased B2B file and their existing account base; without deduplication they would have been calling and mailing existing customers as cold prospects.
Cost per step: near zero if you run deduplication in your own CRM or marketing platform. Third-party deduplication bureaux charge £2-5 per 1,000 records for fuzzy-match processing.
Step 2: PAF postal address validation
Royal Mail's Postcode Address File (PAF) is the definitive database of UK delivery points. PAF validation standardises address formatting, corrects common OCR errors (e.g., "Rd" to "Road", "St" to "Street" where ambiguous), flags addresses that do not exist in the file, and appends the full PAF-standard address including the correct postcode.
PAF validation tells you whether an address is a real, deliverable delivery point. It does not tell you whether your target person lives there. An address can be PAF-valid but have had three different occupants in the past two years. That is what Step 3 handles.
Typical rejection rate at PAF stage: 2-6% for a consumer file compiled within the last two years, rising to 8-15% on older files. B2B addresses validate at a higher rate (1-3% failure) because registered business addresses change less frequently than residential ones.
Cost: £1-4 per 1,000 records, depending on volume and supplier.
Step 3: NCOA (National Change of Address)
The National Change of Address (NCOA) register is built from Royal Mail redirection data and consumer notifications. It flags two categories: Goneaways (records where the individual has explicitly notified Royal Mail they have left the address with no forwarding address) and movers (records where a new address is available). For more detail on how the process works in practice, see our article on NCOA UK postal cleansing.
Goneaway flags are suppressions: you remove the record or at minimum do not mail it. Mover records give you an updated address, which is valuable for a postal campaign but means the original address-based targeting (e.g., postcode sector targeting) may no longer be valid.
On a consumer file that is 12-24 months old, NCOA typically flags 4-9% of records as Goneaway or mover. Files older than three years see 15-25% flagged. For B2B files, NCOA is less critical because business addresses are more stable, but it still catches office relocations and dissolved-company addresses.
Cost: £2-6 per 1,000 records. Some postal fulfilment houses include a basic NCOA wash in their mailing costs.
Step 4: Suppression screening (MPS / TPS / CTPS)
This step has two variants depending on channel.
Direct mail: Wash against the Mailing Preference Service (MPS), administered by the Direct Marketing Association (DMA). MPS registration is voluntary for consumers, so suppression rates are lower than TPS: typically 5-12% of a cold consumer file. MPS suppression is not legally mandated under PECR in the way TPS is, but the ICO expects it as part of fair processing and it is referenced in the DMA Code. Ignoring MPS increases complaint rates and ICO risk. For more detail on the TPS wash process, see our dedicated guide.
Telephone: Suppression against the Telephone Preference Service (TPS) for consumer numbers and the Corporate TPS (CTPS) for business numbers is a legal requirement under PECR Regulation 21. Calling a registered TPS number without prior consent is a civil contravention enforced by the ICO. Typical TPS suppression on a cold consumer telephone file: 15-28%. CTPS suppression on B2B files: 8-18%.
Cost: TPS/CTPS wash through an ICO-approved provider costs £3-8 per 1,000 records. MPS wash runs £2-5 per 1,000 records.
Step 5: Email address verification
Email verification runs in three layers, each catching different failure types. Syntax validation (layer 1) removes addresses with formatting errors: missing @ symbols, invalid TLDs, illegal characters. MX record lookup (layer 2) checks whether the domain has a valid mail exchange server configured; a domain with no MX record cannot receive email. SMTP mailbox-level verification (layer 3) connects to the recipient server and confirms the specific mailbox exists without sending a message. See our full explanation of email verification before send for detail on how each layer works.
In our experience, layers 1 and 2 alone catch around 60% of undeliverable addresses on a cold consumer file. Layer 3 catches the remaining 40%, which are live domains with dead individual mailboxes. For a B2B file, business email addresses decay faster than consumer ones because employees change jobs; layer 3 SMTP verification is where most B2B email failures are caught.
Typical removal rate at Step 5: 5-12% of a consumer file, 8-18% of a B2B file compiled 12+ months ago.
Cost: £3-8 per 1,000 records for full three-layer verification.
Step 6: Mortality screening
Mortality screening is the final step for consumer files where the target audience includes individuals aged 50 or over. It matches records against mortality registers compiled from General Register Office death notifications and similar sources, flagging records for individuals who have died.
Sending direct mail or making telephone calls to recently deceased individuals causes genuine distress. Relatives who receive marketing addressed to a deceased family member frequently complain to the ICO and to the brand. The ICO has referenced mortality-mailing complaints in enforcement contexts. For B2B files, mortality screening is rarely necessary because deceased individuals' contact records become invalid almost immediately through natural business processes.
Typical removal rate: 0.5-2% on a consumer file compiled within the last 18 months, rising to 3-5% on files three years or older. Cost: £1-3 per 1,000 records.
Full six-step workflow reference table
The table below summarises each step's purpose, what it catches, what it misses, and typical costs and loss rates for consumer versus B2B files.
| Step | Check | What it catches | What it misses | Typical loss: consumer | Typical loss: B2B | Cost per 1,000 |
|---|---|---|---|---|---|---|
| 1 | Deduplication + CRM suppression | Internal duplicates, existing customers/contacts | Fuzzy matches on different data points (e.g. same person, two email addresses) | 3-7% | 5-12% | £0-5 |
| 2 | PAF postal validation | Non-existent addresses, formatting errors, invalid postcodes | Valid address, wrong occupant | 2-6% | 1-3% | £1-4 |
| 3 | NCOA (Goneaways and movers) | People who have moved or flagged Goneaway with Royal Mail | Unregistered movers; squatters; multi-occupancy changes | 4-9% | 2-5% | £2-6 |
| 4 | MPS / TPS / CTPS suppression | Registered opt-outs for mail and telephone channels | Recent registrations (28-day lag); unregistered preferences | MPS 5-12%; TPS 15-28% | CTPS 8-18% | £2-8 |
| 5 | Email verification (3-layer) | Syntax errors, dead domains, dead mailboxes | Catch-all servers; role addresses (info@, admin@) that receive but never read | 5-12% | 8-18% | £3-8 |
| 6 | Mortality screening | Deceased individuals (consumer files, 50+ audiences) | Very recent deaths (register has 2-4 week lag); deaths not registered | 0.5-2% | Not applicable | £1-3 |
When to run a partial cleanse rather than all six steps
Full six-step cleansing makes sense for large purchased files and for any consumer file targeting an older demographic. Partial cleansing is the right choice in three situations.
First, when your campaign is single-channel. A direct mail campaign needs Steps 1-4 (deduplication, PAF, NCOA, MPS) but not Step 5 (email verification). Running email verification when you are not sending email adds cost with no campaign benefit. Step 6 (mortality) is still recommended if the audience is 50+.
Second, when you are working with a recently purchased file from a reputable supplier. A quality data supplier will have PAF-validated and NCOA-cleaned the file before sale. You still need to run your own CRM deduplication (Step 1) and channel-appropriate suppression (Step 4), but Steps 2 and 3 may not add much. Ask the supplier for the date of their last cleanse run before deciding.
Third, when the list is small and the campaign is high-value. A B2B ABM campaign targeting 300 specific companies does not need bulk postal cleansing at per-1,000 rates. Manual verification and LinkedIn cross-referencing make more sense at that scale.
Minimum viable cleanse for compliance
Whatever the campaign, you must at minimum run Step 1 (deduplication and CRM suppression) and the channel-appropriate suppression in Step 4. TPS suppression before telephone marketing is a legal requirement under PECR; skipping it is an ICO enforcement risk, not just a waste problem. MPS suppression for direct mail is expected practice under the DMA Code and referenced in ICO guidance.
How list cleansing meets the GDPR accuracy principle
Article 5(1)(d) of UK GDPR requires that personal data be "accurate and, where necessary, kept up to date." For a marketing database, this is an active obligation: data goes stale, people move, people change jobs, people die. Holding a three-year-old consumer file and mailing it without cleansing is a potential Article 5 breach, not merely a waste-of-postage problem.
The Information Commissioner's Office (ICO) does not prescribe a specific cleansing schedule, but its guidance on accuracy makes clear that organisations must have processes to review and update data. A documented cleanse schedule with dated records of each run, supplier used, and suppression counts is the most defensible evidence you can produce if your accuracy practices are questioned.
Two cleansing steps are the most directly relevant to accuracy: NCOA (Step 3) updates postal addresses for people who have moved, so your records reflect their current location; and email verification (Step 5) confirms whether a contact point is still live. The suppression steps (Step 4) are more about fair processing and PECR compliance than accuracy, but running them also removes records that have explicitly opted out, which is relevant to the lawfulness principle under Article 5(1)(a).
In practice, a cleanse run every six to twelve months for active consumer files, with TPS/CTPS suppression refreshed monthly for continuous telephone campaigns, puts you well inside what the ICO considers reasonable.