Email has become an indispensable, valuable tool for marketers and cybercriminals know it, which is why it’s also become a favorite target. With an estimated 4.6 billion email users by 2025, email will remain an important marketing asset — its high ROI can generate $42 for every $1 spent.
Seth Blank is the Chief Product Officer at Valimail, an identity-based, anti-phishing company. A serial entrepreneur and startup executive with multiple acquisitions under his belt, he brings 20 years of experience in building successful teams and scalable, profitable technologies. Seth chairs multiple industry committees building email authentication technologies.
As brands continue using email in their digital marketing campaigns, it’s never been more critical to address the challenge of protecting email from hackers. Without a robust security system and process in place, brands run the risk of incurring serious damage to their reputation — not to mention their bottom line.
The most effective way companies can protect themselves and their customers from cyber attacks, like malware, phishing scams and spoofing, is to incorporate email authentication into their marketing tech stack.
It’s time to up your email security game
Email marketers can tap into a number of strategies for:
- Addressing and handling mailbox policy changes like the recent Mail Privacy Protection updates rolled out by Apple
- Improving deliverability and increasing open rates
- Maintaining consumer privacy via regulations such as CCPA and GDPR
The best strategy for keeping emails running smoothly? One protocol — the gold standard for strong email authentication — is Domain-based Message Authentication, Reporting & Conformance, or DMARC. This effective tool ensures only brand-authorized emails reach their intended recipients. It adds a layer of protection preventing unauthorized users and cybercriminals from targeting customers and employees with malicious emails that include phishing links, malware, spoofs, or suspicious attachments.
While all marketers believe their emails are secure and useful (and that their target consumers want to receive them),when brands adopt DMARC, they see an average 10% increase in email deliverability.
Using the power of DMARC to authenticate email
All brands, regardless of size, can attract unwanted attention from cybercriminals. In 2020, business email compromise (BEC) attacks impersonating trusted users within organizations cost businesses $1.8 billion in financial losses, according to the US Federal Bureau of Investigation’s Internet Crime Complaint Center.
By adopting DMARC, companies protect themselves from costly phishing attacks, spoofing, malware and other scams. DMARC enables mailbox providers to reliably assign a reputation to an unauthenticated identity — and treat this type of mail differently from authorized mail. By implementing DMARC, brands ensure authorized mail gets the treatment it deserves, whether it’s routed to the inbox or spam folder or rejected outright depending on sending habits.
The greatest benefit, though, comes from DMARC’s ability to improve reputation and deliverability by stopping malicious emails sent under the guise of a brand name.
DMARC stops BEC attacks
In 2020, 71% of IT and cybersecurity professionals said their organizations experienced a BEC attack. In this type of phishing attack, hackers spoof the business email accounts of company leaders and executives for financial gain. But it isn’t just individuals impersonated by hackers:
- 53% of phishing emails appear to originate from bosses or managers
- 66% of phishing emails display names of individual targets
- 68% of phishing emails show company names
Because it classifies as unauthenticated any cybercriminal’s attempt to use your domain, DMARC effectively blocks these untrustworthy emails from even arriving to intended recipients’ inboxes. The Department of Homeland Security (DHS) has mandated the implementation of DMARC for all US Civilian federal government agencies, in recognition of its effectiveness in stopping BEC attacks.
Build brand resilience when security and marketing collaborate
Collaborations between marketing and security leaders benefit the brands they support. Marketing teams bring insights into the strategies, tactics and tools they use to drive conversions and increase revenue. Security personnel shed light on the importance of using stricter security controls to comply with regulations, fend off phishing and BEC attacks, and avoid direct or indirect financial consequences of a successful email breach.
A multifaceted approach can empower each department to understand the other’s goals, motivations and priorities while also securing buy-in for adopting DMARC as an effective — and necessary — digital marketing tool.
DMARC offers tangible benefits
DMARC ensures emails’ legitimacy by filtering out phishing scams and malicious messages. By preventing hackers from co-opting and using domain names, risks to brands decrease. Organizations publishing a DMARC record for their domains — and actively enforcing that policy on inbound emails sent from external sources — are less likely to experience a breach which can:
- Cost significant time and resources to resolve
- Damage brand reputation
- Erode customer trust
- Prompt additional security or audit requirements
- Trigger legal action or regulatory fines
The typical email recipient has likely never heard of DMARC or BIMI (Brand Indicators for Message Identification), an emerging email specification enabling the use of brand-controlled logos within supporting email clients and which leverages deployed DMARC protection.
BIMI is intended as a reward for domains publishing a DMARC policy at enforcement. The email community wants more domains publishing DMARC records because the ecosystem benefits. The organizations behind BIMI’s creation developed the email specification in the hope that logos would drive engagement, including open rates and clicks.
DMARC and other authentication technologies are the email equivalent of driver’s licenses and other government-issued identification. This tech offers a way to verify the claimed identity associated with the email address appearing in a message’s “From” field. Once verified, the identity has attributes reliably associated with it — and those attributes can lead to other benefits (arriving in the intended inbox) or punitive actions (sent to spam or not delivered at all).
DMARC marketers should use these security features to demonstrate their commitment to customer security and efficient communication. And when brands achieve enforcement, they’re assured that anyone sending emails under their name is legitimate.
We’ve also featured the best email services, best email clients and best email hosting providers