Email security: What marketers need to know
How can you stem the tide of spamming, phishing and other cyber threats? Contributor Alyssa Nahatis walks you through email authentication standards and deliverability best practices to help ensure your email marketing stays safe.
Email is one of the most valuable channels for marketers to communicate with consumers. Sixty-one percent of consumers prefer to receive offers from brands over email, and marketers have responded by optimizing and personalizing email content to deliver the best experiences possible, according to a survey by Adobe (my employer).
It sounds like a perfect relationship. But while email may be the best way for brands to reach consumers, it’s also one of the most common threat vectors for cybercriminals looking to steal sensitive information, such as passwords and credit card data.
In Symantec’s 2017 Internet Security Threat Report, the company found that one in 131 emails contained malware, which was the highest rate in five years. Phishing, cybercriminal, spamming and spoofing all represent serious challenges to email marketers and legitimate threats to their target audience.
While brands themselves can’t stop cybercriminals from attacking, they have an obligation to protect their brand identity and do their best to ensure security for their customers and subscribers. This requires an understanding of email authentication, the benefits of different authentication standards and why they are necessary for protection. Marketers need to be aware of these issues and understand email authentication and deliverability best practices.
Understanding email authentication standards
Three common email authentication standards are currently used in the industry, with some used in tandem.
- Sender Policy Framework is an IP-based authentication solution that allows an owner of a domain to specify which email servers/IPs are authorized to send messages based on that domain.
- DomainKeys Identified Mail (DKIM) is a cryptographic, signature-based form of authentication that allows a sender to take responsibility for the message in a way that can be validated by the receiver.
- And finally, there is Domain-based Message Authentication, Reporting and Conformance, commonly known as DMARC. It is the most recent authentication standard and is quickly being adopted by industries that are frequently targeted by cybercriminals due to their sensitive nature, such as financial services and health care.
The protocol gives domain owners visibility into who is abusing their domain and potentially damaging their brand. It also provides insight into email authentication status and control over how senders’ messages are handled when authentication fails.
While many brands may be perfectly safe using a combination of SPF and DKIM, it is clear that DMARC is the strongest, most secure form of authentication and offers the highest level of protection.
Best practices for marketers
While the risk of email threats is serious and potentially damaging, marketers need not fear. There are a number of guidelines to ensure authentication and deliverability which, combined, help minimize risk and protect consumers. Here are a few tips for marketers on how to ensure email security:
- Develop an understanding of authentication, and consider which standards are the best fit for your needs. In many cases, DMARC should be considered for additional security, but a combination of SPF and DKIM can be sufficient. These decisions should be part of a companywide approach to security and involve key IT decision-makers.
- Encourage two-way communication between the email marketing team and internal security experts to develop a deeper understanding of the threats their customers face and how they can play a role in protection.
- Maintain a strong reputation with ISPs (Internet Service Providers) by controlling content and data and following technical recommendations. ISPs, mailbox providers and spam filters play a critical role in email security and are a valuable partner in the effort to protect consumers.
- Monitor and track deliverability of your own emails. This is good practice for business reasons as well as security concerns.
- Develop an emergency plan in case your subscribers become victim to a cybercriminal spoofing your brand. Don’t wait until it happens; get ahead of the situation to ensure brand reputation and sensitive data are protected.
By adopting appropriate email authentication standards and following deliverability best practices, marketers can help ensure the safety of their consumers and maintain a thriving email marketing practice.