All the authentication and DMARC in the world can’t save you from stupid. I just got a survey request from my bank. Or, at least, it claimed to be from my bank. From: Barclays International Banking Survey <internationalbanking@barclayssurveys.com> The mail passed SPF (though the SPF record suggests this is being mailed from all over the place) and was validly DKIM signed for...
Phishing is an online threat that’s been around for more than 20 years. I initially heard of it in relation to spammers taking over an AOL account to send out spam. These days phis is more dangerous and more sophisticated. Phishing is not just used to send spam. It’s used to take over elections; it’s used to steal millions of dollars. Experts estimate that globally phishing...
Using unique addresses for signups gives me the ability to track how well companies are protecting customer data. If only one company ever had an address, and it’s now getting spam or phishing mail, then that company has had a data breach. The challenge then becomes getting the evidence and details to the right people inside the company. In one case it was easy. I knew a number of people...
April was a big travel month for us. I went to Las Vegas for meetings around the Email Innovations Summit and to New Orleans, where Steve spoke on the closing keynote panel for the EEC conference. I wrote several posts this month about privacy and tracking, both in email and in other online contexts. It’s increasingly a fact of life that our behaviors are tracked, and I wrote about the need for...
Yesterday I had the pleasure of attending my first ESPC semi-annual meeting. I was scheduled to talk on a panel about list hygiene with a couple vendors. Because some folks didn’t make it, I also sat on the panel talking about blocklists. It was a fun day. I got to meet and talk with some colleagues I haven’t seen in an age. And I met some new faces and had interesting interactions...
One of the questions I get from folks about delivery is what the optimal text to image ratio there should be in an email. I’ll be honest, I hate this question. Why? Because the question is actually irrelevant. I’ve seen companies with a single image and no text get to the inbox. I’ve seen companies with no images get to the inbox. The text to image ratio is not going to make or...
I talked last week about how incentivizing people to sign up for your mailing list could be effective when it’s done well. This week I’m staying at a Large International Hotel Chain and I’ve got a great example of what happens when it’s done poorly. The “free” wifi requires you to join the hotel’s loyalty programme. I’ve done that in the past, so I...
We’ll be in New Orleans next week for the EEC conference. Steve will be on the closing keynote panel taking about subscription bombing. Say hi! while you’re there!
Happy Friday!
“I can’t believe you are wearing one of those,” they said while sneering at the Pebble watch I was wearing. Yes, that’s how someone introduced themselves to me at a conference last year. Apparently, I’m not allowed to wear smartwatches, or something. It wasn’t clear what their problem was or why they thought that was a good opening line. Best I can figure, it...
We often talk about confirmed opt-in (aka “closed-loop opt-in” or “double opt-in”) as the gold standard for address acquisition for permission-based mail. It’s not the only way to gather permission, and in some ways it’s a rather blunt tool that can discourage people from completing a sign-up process if it’s done badly – the confirmation email...
RSS - Posts