How to leverage email & SMS marketing to increase return visits
This guide details how venue operators can use email and SMS marketing to increase return visits by capturing verified first-party data through Guest WiFi and automating targeted campaigns via Purple Engage. It covers the full technical architecture from RADIUS-based captive portal authentication to GDPR-compliant consent flows, segmentation strategies, and trigger-based automation workflows. Marketing directors, CRM managers, and IT teams in hospitality, retail, and events will find actionable implementation steps and measurable ROI benchmarks throughout.
Listen to this guide
View podcast transcript
Executive summary
Venue operators and IT teams face a persistent challenge: converting first-time visitors into loyal, returning customers. While generic marketing campaigns struggle for attention, automated email and SMS marketing driven by verified first-party data delivers measurable results. According to 2025 industry data from Sakari, SMS achieves a 98% open rate and a 45% response rate, far outpacing email's 22% open rate and 6% response rate. Email remains a vital channel for longer-form content and nurture sequences, making the two channels complementary rather than competing.
This guide details how to build and deploy an email and SMS marketing architecture using Purple Engage. We cover the technical implementation of captive portal data capture, identity verification, and automated campaign execution. By integrating your existing wireless infrastructure - such as Cisco Meraki or HPE Aruba - with Purple's cloud overlay, you can automate marketing campaigns that drive return visits without deploying new hardware. Purple operates across 80,000+ live venues and processed 440 million logins in 2024, providing the data infrastructure to know what works at scale.
Technical deep-dive
Deploying an effective email and SMS marketing architecture requires three layers: data capture, identity verification, and campaign automation. Each layer has specific technical requirements that your network and marketing teams must align on before deployment.
The captive portal data capture layer
The captive portal is the entry point for all first-party data collection. When a guest connects to the Guest WiFi SSID, the wireless controller places the device onto an isolated VLAN. A RADIUS (Remote Authentication Dial-In User Service) accounting message is sent to Purple's cloud platform, which triggers a redirect of the user's HTTP or HTTPS request to the Purple captive portal. The portal is served from Purple's cloud infrastructure, so no on-premises server is required.
At the portal, the user is presented with a login form. To enable omnichannel marketing, the form must capture both the email address and mobile phone number. Critically, it must also present a conscious-choice opt-in checkbox for marketing communications. Under GDPR Article 7, this checkbox must be unchecked by default. Under CCPA, the user must have a clear right to opt out. Purple's portal builder enforces these compliance requirements by design.
Verification and identity resolution
Capturing contact data is only useful if that data is real and active. Purple Verify addresses this directly. When the user submits their phone number, the portal triggers an API call to an SMS gateway. The gateway dispatches a One-Time Password (OTP) to the number provided. The user must enter this OTP into the portal to complete authentication and gain internet access. This process eliminates fake data at the source. A verified phone number database is the foundation of any effective SMS marketing programme.
Purple operates as a cloud overlay on top of your existing hardware. We integrate directly with Cisco Meraki, HPE Aruba, Ruckus, Juniper Mist, Ubiquiti UniFi, Cambium, Extreme, and Fortinet. Your controller sends RADIUS Access-Request messages to Purple's RADIUS servers. Purple responds with Access-Accept or Access-Reject based on the authentication outcome. No hardware replacement is required.
Session tracking and return visit detection
Once authenticated, Purple logs the device's MAC address and associates it with the verified user profile. When the device reconnects to the Guest WiFi at a future date, the controller sends a new RADIUS Access-Request. Purple recognises the MAC address, authenticates the device silently, and logs the return visit event in the WiFi Analytics dashboard. This return visit data is the trigger for automated re-engagement campaigns.
Modern smartphones use MAC address randomisation to protect user privacy. iOS 14 and Android 10 onwards randomise the MAC address per network. Purple's matching logic handles this by prompting re-authentication when a new MAC address appears, linking it back to the existing user profile via the verified email or phone number.
Implementation guide
Once the data capture infrastructure is live, the focus shifts to campaign automation. Purple Engage allows you to build trigger-based workflows that react to visitor behaviour. The following four-stage deployment process applies whether you are operating a single hotel or a chain of 200 retail sites.
Stage 1: Network and portal configuration
Configure your wireless controller to redirect unauthenticated clients to the Purple captive portal. Set up a walled garden to allow access to Purple's portal domains before authentication. Point your RADIUS authentication and accounting to Purple's cloud RADIUS servers. This configuration is hardware-agnostic and works across Cisco Meraki, HPE Aruba, Ruckus, Juniper Mist, Ubiquiti UniFi, Cambium, Extreme, and Fortinet.
Stage 2: Portal design and consent architecture
Design the portal to capture email address and mobile phone number. Add SMS OTP verification for phone numbers. Include a separate, unchecked marketing consent checkbox with clear language explaining what the user is opting into. Log the consent timestamp, IP address, and exact consent wording for every opt-in. This audit trail satisfies GDPR and CCPA requirements.
Stage 3: Segmentation setup
Do not broadcast the same message to your entire database. Use Purple's analytics platform to build segments based on presence data.
The four core segments are: new visitors (first visit within the last 30 days), active regulars (two or more visits in the last 30 days), dormant first-timers (one visit, no return in 31 or more days), and lapsed loyalists (previously frequent, no visit in 31 or more days). Each segment requires a different message and channel. For a deeper look at how this fits into a broader data strategy, read our guide on What is a customer data platform .
Stage 4: Campaign automation
Set up three core trigger-based workflows in Purple Engage:
Post-visit follow-up. Trigger: RADIUS Accounting-Stop message received. Delay: two hours. Channel: email. Message: thank the guest for their visit and include a personalised offer for their next visit. This works particularly well in Hospitality and Transport environments.
Lapsed visitor win-back. Trigger: no RADIUS authentication in 30 days. Channel: SMS. Message: a time-limited offer to return. This is the highest-value campaign for Retail venues. Industry benchmarks show SMS click-through rates of 19% to 36%, compared to email's 2% to 5%.
Milestone reward. Trigger: fifth RADIUS authentication. Channel: SMS. Message: an exclusive loyalty reward. This builds visit habit and drives frequency.
Best practices
The following recommendations are drawn from Purple's data across 80,000+ live venues and from published industry benchmarks.
| Practice | Rationale | Benchmark |
|---|---|---|
| Limit SMS to 2 per month per user | 53% of opt-outs are caused by excessive frequency (Sakari, 2025) | Unsubscribe rate below 3.5% per send |
| Use SMS OTP verification | Eliminates fake numbers at source | Delivery rate 98-99% for verified lists |
| Separate consent checkbox | GDPR Article 7 requires active opt-in | Legal requirement across EU |
| Offer immediate value at opt-in | Increases opt-in rates by 15-25% (Purple, 2024) | Target 40%+ opt-in rate |
| Track WiFi reconnections post-send | Enables closed-loop attribution | Measure return visit rate per campaign |
For guidance on creating a strong first impression at the captive portal, see How to make a great first impression with your guest WiFi (and keep your brand consistent) .
Troubleshooting and risk mitigation
Low opt-in rates. If fewer than 40% of visitors are opting in, review the value exchange on the portal. An immediate digital reward, such as a discount code or loyalty points, typically increases opt-in rates by 15% to 25%, based on Purple's own data from 2024. Also check that the consent checkbox is visible and the portal loads quickly on mobile devices.
High unsubscribe rates. When unsubscribe rates climb above 3.5% per send, the cause is almost always frequency. Review your send cadence and reduce to a maximum of two promotional messages per month per user. Audit your segmentation to ensure you are not sending irrelevant messages to the wrong segments.
MAC address randomisation. iOS 14 and Android 10 onwards randomise MAC addresses per network. Design your portal to make re-authentication fast for returning users. Purple's matching logic links new MAC addresses to existing profiles when the user re-authenticates with a verified email or phone number.
SSID proliferation. Avoid confusing guests with multiple networks. Read Three SSIDs to rule them all: guest, Passpoint, and IoT WiFi for guidance on network architecture that supports clean data capture.
GDPR cross-border compliance. For venues operating across multiple EU countries, Purple logs the consent timestamp, IP address, and exact consent wording for every opt-in. This audit trail is exportable from the dashboard for regulatory review.
ROI and business impact
Automated email and SMS marketing campaigns deliver measurable return on investment when built on verified first-party data. The table below shows expected outcomes based on industry benchmarks and Purple's own data.
| Campaign type | Channel | Expected CTR | Expected conversion | ROI benchmark |
|---|---|---|---|---|
| Lapsed visitor win-back | SMS | 19-36% | 5-10% | $41 per $1 spent |
| Post-visit follow-up | 2-5% | 2-4% | $36 per $1 spent | |
| Milestone reward | SMS | 25-36% | 8-12% | $41 per $1 spent |
| Welcome sequence | 3-6% | 3-5% | $36 per $1 spent |
For a venue capturing 500 phone numbers per month, a 5% conversion rate on a lapsed visitor campaign delivers 25 attributable return visits per send. With Purple, you can track how many people received a message and subsequently connected to your WiFi again. That is closed-loop attribution - a direct line from marketing spend to physical footfall.
Key Definitions
Captive portal
A web page that a user of a public-access network is required to view and interact with before internet access is granted. Used to capture first-party data and secure marketing consent.
The captive portal is the primary mechanism for building a verified email and phone database from Guest WiFi users.
RADIUS
Remote Authentication Dial-In User Service. A networking protocol that provides centralised Authentication, Authorization, and Accounting (AAA) management for users who connect to a network.
RADIUS messages - Access-Request, Accounting-Start, Accounting-Stop - are the underlying network events that trigger automated marketing workflows in Purple Engage.
SMS OTP
One-Time Password delivered via Short Message Service. A verification code sent to a mobile phone to confirm the number is real and belongs to the user.
Used at the captive portal to verify phone numbers at the point of capture, ensuring a clean and actionable marketing database.
First-party data
Information a company collects directly from its own customers or visitors, which it owns and controls.
Guest WiFi is a primary source of first-party data. As third-party cookies are deprecated, first-party data collected at the captive portal becomes increasingly valuable for personalised marketing.
Conscious-choice opt-in
An explicit, active action taken by a user to agree to receive marketing communications, typically by ticking an unchecked checkbox.
Required for compliance with GDPR Article 7 and CCPA. Pre-ticked boxes or bundled consent within general terms and conditions are not permitted.
Closed-loop attribution
The ability to track a marketing interaction all the way through to a physical conversion, such as a return visit to a venue.
Purple achieves closed-loop attribution by tracking when a user receives an SMS or email and subsequently authenticates on the WiFi network, providing direct evidence of return visits driven by each campaign.
MAC address randomisation
A privacy feature in modern operating systems that generates a random Media Access Control address for each WiFi network, preventing tracking across networks.
IT teams must account for this when designing return visit detection logic. Purple handles it by linking new MAC addresses to existing profiles when the user re-authenticates.
Trigger-based workflow
An automated sequence of actions initiated by a specific event or condition, such as a user connecting to a network or reaching a visit milestone.
In Purple Engage, workflows are triggered by RADIUS network events. Trigger-based campaigns consistently outperform scheduled broadcasts in conversion rate and list health.
VLAN
Virtual Local Area Network. A logical segmentation of a physical network that isolates traffic between groups of devices.
Guest WiFi users are placed on an isolated VLAN before authentication to prevent them from accessing internal network resources while redirecting them to the captive portal.
Worked Examples
A 200-room Premier Inn property wants to increase food and beverage revenue from returning guests without discounting room rates. They use HPE Aruba access points and have no existing email marketing programme.
The IT team configures the HPE Aruba wireless controller to redirect guest traffic to the Purple captive portal on the guest SSID. The portal is configured to capture email address and mobile phone number, with SMS OTP verification enabled via Purple Verify. A separate, unchecked marketing consent checkbox is added with the wording: 'I agree to receive offers and promotions from Premier Inn by email and SMS. You can unsubscribe at any time.' The marketing team sets up two automated workflows in Purple Engage. First, a post-visit email triggered two hours after the RADIUS Accounting-Stop message, thanking the guest for their stay and offering a complimentary cocktail at the hotel bar on their next visit, valid for 90 days. Second, a lapsed visitor SMS triggered if the guest's MAC address has not authenticated in 60 days, offering a 15% discount on their next booking with a trackable link. Both campaigns are segmented to exclude guests who have not given marketing consent.
A large shopping mall with 150 retailers wants to re-engage shoppers who have not visited in the last 60 days. They use Cisco Meraki infrastructure and have an existing Salesforce CRM.
The venue configures Cisco Meraki to redirect to the Purple captive portal. Purple Engage is connected to Salesforce via the CRM connector, so all captured profiles sync automatically. The marketing team creates a 'Lapsed Visitor' segment in Purple for MAC addresses not seen on the network for 60 days. An automated SMS campaign is triggered for this segment, offering a 10% discount code valid at participating retailers for the upcoming weekend. The discount code is generated dynamically per user and tracked in Salesforce. A follow-up email is sent three days later to those who received the SMS but did not return, with a longer-form message featuring new retailer arrivals and upcoming events.
Practice Questions
Q1. A retail venue wants to start SMS marketing. They currently use a simple click-to-connect captive portal that does not require any user data. What is the first architectural change they must implement, and why?
Hint: Consider how you ensure the data collected is accurate and legally usable for marketing.
View model answer
They must update the captive portal to require phone number input and implement SMS OTP verification via Purple Verify. This ensures the phone numbers collected are real and active, which is a prerequisite for any SMS marketing campaign. Without OTP verification, the database will contain fake numbers, leading to high bounce rates and wasted spend. They must also add a separate, unchecked marketing consent checkbox to comply with GDPR before any campaigns can be sent.
Q2. Your marketing director wants to send a weekly SMS blast to all 50,000 contacts in the WiFi database promoting upcoming events. How do you advise them, and what alternative do you propose?
Hint: Think about the primary cause of SMS opt-outs and the concept of trigger-based segmentation.
View model answer
Advise against the weekly mass blast. Excessive frequency is the leading cause of SMS opt-outs, with 53% of unsubscribes attributed to too many messages. A weekly blast to 50,000 contacts will rapidly degrade the database. Instead, propose using Purple Engage to segment the database based on presence data and configure trigger-based workflows. For event promotion, target only users who have visited in the last 90 days and have not yet received a message about the specific event. Limit promotional texts to a maximum of two per month per user and measure unsubscribe rates per send to monitor list health.
Q3. A hotel group is expanding into Germany and France and needs to ensure their WiFi data capture strategy complies with local regulations. What specific captive portal configuration is mandatory, and what audit trail must be maintained?
Hint: Consider the rules around marketing consent under GDPR Article 7 and what evidence regulators require.
View model answer
To comply with GDPR, the captive portal must present a conscious-choice opt-in for marketing communications. The marketing consent checkbox must be separate from the general terms and conditions, and it must be unchecked by default. Pre-ticked boxes are not permitted under GDPR Article 7. The audit trail must record the consent timestamp, the IP address of the device, and the exact wording of the consent checkbox at the time of opt-in. Purple logs all of this automatically and makes it exportable from the dashboard for regulatory review. The hotel group should also ensure their data retention policy is configured to delete or anonymise profiles after the period specified in their privacy notice.
Q4. Six months after deploying Purple Engage, a venue's lapsed visitor SMS campaign shows a 4.2% unsubscribe rate per send. What does this indicate, and what three actions should you take?
Hint: The benchmark for a healthy unsubscribe rate is below 3.5% per send. Consider frequency, segmentation, and message relevance.
View model answer
A 4.2% unsubscribe rate exceeds the 3.5% benchmark, indicating the campaign is either sending too frequently, targeting the wrong segment, or delivering irrelevant content. Three actions: First, reduce send frequency to a maximum of two promotional messages per month per user and check whether the lapsed trigger is firing too often. Second, review the segmentation criteria - ensure the lapsed segment is defined correctly and that active regulars are not being included. Third, audit the message content to ensure it offers genuine value and is relevant to the recipient's visit history. After making changes, monitor the unsubscribe rate over the next three sends before drawing conclusions.