Over on the Magill Report, Stephanie Colleton from Return Path shares her thoughts on how to tell whether or not an email message is legitimate.
Let’s add to that some more thoughts from Return Path’s Lauren Soares.
Then let’s add to that some of my own thoughts specifically for email senders.
Every company sending email today ought to:
- Use DKIM Authentication. It’s not the end-all, but authenticating your email makes it easier for the receiving ISP to denote good mail versus bad mail. (Sure, spammers authenticate their mail, too. But authentication doesn’t overcome a bad sending reputation.)
- Utilize DMARC, if you can. It doesn’t make sense for everyone, but for domains sending lots of bulk mail (marketing messages, transactional messages) and if you’re representing a brand that is, was, or could become a phishing target, you really ought to consider using DMARC.
- Think about your from address and link domains. If your main domain name is domain.com, don’t send mail as domain3.com or domainmail.com. If you need to use a specific domain or subdomain for an outsourced service provider, make it a subdomain under your main domain name (email.domain.com instead of domainemail.com).
- Think about what you’re actually putting in the body of those email messages. Be careful not to do the things that phishers do. If you’re a financial institution, is it safe to include links back to a login page? How much PII (personally identifiable information) are you putting in email messages?
I’m sure I’m barely scratching the surface here. What else should senders be doing to help reduce, mitigate or prevent phishing/domain misuse? What else should companies be doing to help educate their subscriber base on how to tell good emails from bad emails?
Thanks for the tips to avoid spam, I think it’s really important for businesses to be aware of these things nowadays, as many of us can neglect that part of our communication process and hand it off to the tech guy to deal with! I think this is also a concern for businesses who want to be easily approachable for the customer, and who of course would post their email address on their web site. But this makes the e-mail address very susceptible for spammers. One way to prevent this is to use contact forms with a CAPTCHA on your website, though it can be less attracting to customers. But I think the important thing is to make sure you represent your own business as not being thought of as spam in the customer’s eyes. I think all mail that is not considered interesting to the customer is spam for him/her. We businesses should make sure to communicate messages with value – I think that’s where recognizing spam starts, with ourselves as the ones sending the message!