Since the beginning of e-mail in the 1980s, security has been an important topic. Most of us still have the "Heartbleed" issue from 2014 in our recent memories which enabled attackers to steal information which should have been encrypted. While there was not much possibility to fight spam or authenticate senders in the beginning years, nowadays there are a lot of technologies available. In order to be able to secure and authenticate your email messages, here are 6 technologies to protect your brand online.
If you want to see all the technologies in one place check out the infographic below:
For a deeper dive into each of the technologies, read on:
6 Technologies To Protect Your Brand Online
Email Authentication: Show them "I Am Who I Am"
Let’s start with 2 technologies which are very important for authentication. Whether you are sending hundreds or thousands of emails, you have to be aware of these technologies. They enable you to show the recipient's client that you are actually the sender who you claim to be.
1. SPF (Sender Policy Framework)
This technology permits IPs to send emails on behalf of the domains which are defined in DNS. You are defining the trustworthy domains. It is implemented quickly and without high effort, but the disadvantage however of the technique is that it doesn’t work with forwarding (e.g. used from mailing lists). When as a recipient you are having several email accounts which auto forward your emails, for example from your Outlook to you Gmail, then Gmail wouldn’t recognize the sender as being the original one, since there is an account in between with a different IP. This would prevent your email from being delivered to the Gmail inbox. Therefore, SPF always should be implemented in combination with DKIM.
2. DKIM (Domain Key Identified Mail)
With DKIM, outgoing mails get a specific digital signature; recipients can validate the signature with the public key (stored in DNS). With DKIM, recipients can be sure, that the mail (including sender address and external links) hasn’t been forged. That’s why DKIM is seen as a basis for domain-based reputation.
SPF and DKIM are essential #emailauthentication technologies to protect your brand
Click to tweet
Email Authentication: Monitor Who’s Trying to Claim Your Identity
For the larger brands who are more at risk, that their name is being used for and phishing there is a specific technology which can help you monitor that this is taking place. So you are able to act upon it and protect your brand. This technology is called:
3. DMARC (Domain-Based Message Authentication, Reporting and Conformance)
This technology uses SPF & DKIM for Authentication and adds the possibility to set a policy. How should an ISP handle messages which have failed Authentication with SPF and DKIM? You cannot adapt it to being delivered to the inbox, but you can define the alternative. Should the email be fully rejected or should it be arrived in Junk Mail? As a sender you will get a report on the amount of email deliveries that have passed and failed from each participating ISP. For example you know that you have sent 100,000 emails via Google, but the report gives you the numbers in return that 100,000 of your mails are delivered and 10,000 have failed. Then you know that someone is misusing you as a sender, so you are then able to take action upon this.
Email Encryption: Protect Your Email Content & Customer Data
4. TLS (Transport Layer Security)
This is the technology which encrypts email transmissions between sending and receiving MTA, so that mail content can’t be read from a man-in-the-middle. I have described this technology in more detail in my previous post about Security & Encryption.
Reputation Management – Battle Between Domain Versus IP
Many ISPs still focus on IP-based reputation and don’t want to invest money in domain reputation without seeing the direct ROI. However, the last IPv4 addresses are being sold out quickly, which forces them to move to IPv6.
Reputation Management: battle between domain versus IP
Click to tweet
5. IPv6 (Internet Protocol Version 6)
IPv6 increases the number of available tremendously, with IPs 296 times (128 vs. 32 bit are used). There’s so many IPs for everybody available, that you can easily switch your IP address once you have established a bad reputation. That’s why to the trend is moving towards domain reputation. In order to secure your domain reputation, you would need DKIM as described previously. An IP cannot be falsified, since it is unique, but a domain is at bigger risk of being attacked.
Reputation Management – Lower Those SPAM Rates
To become a member of Certified Senders Alliance you have to meet certain criteria and one of them is having the List-unsubscribe header implemented. This is also last technology I want to share with you today, and it has to do with reputation management.
6. List-Unsubscribe Header
This is an easy option to handle unsubscribes for mass-mailers. Next to the well-known SPAM-button, this technology adds an unsubscribe button (see screenshot below) to the recipient’s email client.
By clicking this link (or sending an email to the address), the unsubscription process is triggered. The sender can add an http or mailto-link in the header of the email. Having this option as a button and not only having the SPAM-button in the top menu will decrease the likeliness of SPAM complaints by presenting the recipient an alternative option. SPAM-complaints are harming the reputation, while unsubscribes are not. ISP’s can easily implement the unsubscribe-functionality in their web interface.
This screenshot shows how Yandex has implemented information regarding authentication (here: DKIM) in their web interface. List-unsubscribe is connected to an unsubscribe button as well.
This is not the end…stay tuned!
With this information in hand you are armed with 6 technologies to protect your brand online. Your ESP can support you in implementing these technologies. But, this is only half of what you need. In order to take effect from the recipient side (ISP), you must implement those features as well. In terms of which ISPs are supporting which technologies today this will be covered in my next post. - I’ve tested 12 major ISPs in a case study with some interesting results - so stay tuned!