Email security: What marketers need to know

How can you stem the tide of spamming, phishing and other cyber threats? Contributor Alyssa Nahatis walks you through email authentication standards and deliverability best practices to help ensure your email marketing stays safe.

Chat with MarTechBot

Computer Security Lock Privacy Ss 1920 I6amxoEmail is one of the most valuable channels for marketers to communicate with consumers. Sixty-one percent of consumers prefer to receive offers from brands over email, and marketers have responded by optimizing and personalizing email content to deliver the best experiences possible, according to a survey by Adobe (my employer).

It sounds like a perfect relationship. But while email may be the best way for brands to reach consumers, it’s also one of the most common threat vectors for cybercriminals looking to steal sensitive information, such as passwords and credit card data.

In Symantec’s 2017 Internet Security Threat Report, the company found that one in 131 emails contained malware, which was the highest rate in five years. Phishing, cybercriminal, spamming and spoofing all represent serious challenges to email marketers and legitimate threats to their target audience.

While brands themselves can’t stop cybercriminals from attacking, they have an obligation to protect their brand identity and do their best to ensure security for their customers and subscribers. This requires an understanding of email authentication, the benefits of different authentication standards and why they are necessary for protection. Marketers need to be aware of these issues and understand email authentication and deliverability best practices.

Understanding email authentication standards

Three common email authentication standards are currently used in the industry, with some used in tandem.

  • Sender Policy Framework is an IP-based authentication solution that allows an owner of a domain to specify which email servers/IPs are authorized to send messages based on that domain.
  • DomainKeys Identified Mail (DKIM) is a cryptographic, signature-based form of authentication that allows a sender to take responsibility for the message in a way that can be validated by the receiver.
  • And finally, there is Domain-based Message Authentication, Reporting and Conformance, commonly known as DMARC. It is the most recent authentication standard and is quickly being adopted by industries that are frequently targeted by cybercriminals due to their sensitive nature, such as financial services and health care.

The protocol gives domain owners visibility into who is abusing their domain and potentially damaging their brand. It also provides insight into email authentication status and control over how senders’ messages are handled when authentication fails.

While many brands may be perfectly safe using a combination of SPF and DKIM, it is clear that DMARC is the strongest, most secure form of authentication and offers the highest level of protection.

Best practices for marketers

While the risk of email threats is serious and potentially damaging, marketers need not fear. There are a number of guidelines to ensure authentication and deliverability which, combined, help minimize risk and protect consumers. Here are a few tips for marketers on how to ensure email security:

  1. Develop an understanding of authentication, and consider which standards are the best fit for your needs. In many cases, DMARC should be considered for additional security, but a combination of SPF and DKIM can be sufficient. These decisions should be part of a companywide approach to security and involve key IT decision-makers.
  2. Encourage two-way communication between the email marketing team and internal security experts to develop a deeper understanding of the threats their customers face and how they can play a role in protection.
  3. Maintain a strong reputation with ISPs (Internet Service Providers) by controlling content and data and following technical recommendations. ISPs, mailbox providers and spam filters play a critical role in email security and are a valuable partner in the effort to protect consumers.
  4. Monitor and track deliverability of your own emails. This is good practice for business reasons as well as security concerns.
  5. Develop an emergency plan in case your subscribers become victim to a cybercriminal spoofing your brand. Don’t wait until it happens; get ahead of the situation to ensure brand reputation and sensitive data are protected.

By adopting appropriate email authentication standards and following deliverability best practices, marketers can help ensure the safety of their consumers and maintain a thriving email marketing practice.


Contributing authors are invited to create content for MarTech and are chosen for their expertise and contribution to the martech community. Our contributors work under the oversight of the editorial staff and contributions are checked for quality and relevance to our readers. The opinions they express are their own.


About the author

Alyssa Nahatis
Contributor
Alyssa Nahatis is Director of Deliverability Americas & Global Services for Adobe, where she manages a team of experts focused on helping clients implement more innovative and effective email strategies to optimize their inbox delivery. Alyssa is an industry veteran, working in the email marketing field since 2000, and active in industry organizations such as the DMA’s Email Experience Council where she is a MAC Board Member, Vice-Chair of the Education & Events Committee, and Chair of the 2018 Email Evolution Conference Planning Committee. She’s also a Co-Chair of The Messaging, Malware and Mobile Anti-Abuse Working Group’s (M3AAWG) Guide Program, and a Vice-Chair of the Program Committee.

Fuel up with free marketing insights.