Protection Against Cyber Threats and Ensuring Inbox Delivery: In today’s fast-paced and digitalised world, communication security is paramount. For many companies, email is a central means of communication in informing customers, staying in contact with them, and managing business processes – including in the financial sector. In the financial sector in particular – such as in banks and insurance companies – sending commercial emails carries significant risks, both for the company and its customers. The particularly sensitive customer data makes these institutions prime targets for sophisticated email phishing attacks by cybercriminals.

What companies now have to consider when communicating by email with their customers

Shops have closed, restaurants too, hotels are empty – the Corona pandemic has brought many regions to a virtual standstill in recent weeks, and many small and medium-sized businesses into a dangerously precarious situation. But as we all know, necessity is the mother of invention, and so many entrepreneurs have moved their business to the Internet, where there are no – at least for the human body – dangerous viruses. And customers are shifting their purchases to the World Wide Web while the shop doors are closed.

A good reputation, relevant content, and consistent list hygiene are the basis

Resolutions belong to the New Year like fireworks and cava, but most of the time they remain what they are – just resolutions – and are never consistently put into practice. The Certified Senders Alliance (CSA) has come up with 10 resolutions for the year 2020, which you should definitely stick to, at least if you want to run successful email marketing campaigns in the coming year and rely on a trusting relationship with existing and future customers.

A valuable asset: high-quality address lists

Make sure that you only include addresses which you have legally generated in your mailing list, from people who you know want to receive your information and whose consent you can prove at all times. This not only gives you legal security, but also protects your reputation and builds trust with your customers. A small mailing list with high-quality addresses is better than a large mailing list with addresses from perhaps questionable sources. In any case, use the double opt-in (DOI) procedure. In case of doubt, you must be able to clearly prove at any time that you have the consent of every person to whom you have sent an email. And by using DOI, you are always on the safe side.

Speak plainly

Be open and honest, even when it comes to attracting new subscribers to your newsletter. Say what you want in clear and understandable words; do not “hide” your request for advertising consent. The addressee will notice at the latest when they receive a newsletter that they did not consciously request and will then just unsubscribe angrily – or even worse – mark your email as spam.

Careful – Trap!

Don't fall into the trap. If you send an email to a spam trap, your reputation as a serious sender suffers and you quickly end up on a blacklist. Stay clean and maintain your address lists regularly and carefully. Remove inactive addresses from your lists immediately and don't send to old addresses that you haven't used for years.

Stay clean

If your email service provider (ESP) offers the option to use a feedback loop, then do so! You will then receive feedback from your provider about addressees who have classified your email as spam or junk. This also helps you with maintaining list hygiene but, of course, only if you remove the relevant addresses from your list immediately.

Caution with lotteries

If you co-sponsor a lottery or competition in order to generate addresses: Make sure that the number of sponsors is small (max. 8) and that you have access to the addressees’ declarations of consent at all times.

Keep your word

Stick to agreements: If you have consent to send a newsletter about fashion, don't send car ads. If there is already a customer relationship with the addressee for a specific product, make sure that you only send them information about the same or similar products. In other cases, only send advertising for products or services that are mentioned in the declaration of consent. Avoid using “woolly” industry terms such as “finance and insurance” or “mail order” in the declaration text.

Law is law

Adhere to the EU General Data Protection Regulation (GDPR). Always. Not only because you are now threatened with heavy fines for non-compliance, but also because a breach of the law endangers your good reputation and the trust of your customers. If you meet the criteria of the Certified Senders Alliance (CSA) and are certified there, you are largely on the safe side, also with regard to the GDPR.

Don’t be a phish

Protect yourself and your brand from being misused for phishing. Use the SPF, DKIM, and DMARC standards when sending your emails. With the help of Domain-based Message Authentication, Reporting & Conformance (DMARC), Sender Policy Framework (SPF), and Domain Keys Identified Mail (DKIM) you can make your emails clearly recognizable for a mailbox provider and at the same time determine how they should handle emails that allegedly originate from you. As a result, phishing emails can be reliably detected and filtered before they reach the recipient and cause possible damage to your customer.

It’s the content that counts

If you know your customer's expectations and provide them with exactly the content they want to read, you have already taken a big step towards conversion. At what point in the customer journey is the addressee of my newsletter at the moment? How do I address them? What information is relevant and interesting? Relevance creates interest, binds existing customers, and generates new ones. If you stick to the above-mentioned good intentions, (almost) nothing stands in the way of successful email marketing. But – wait – there is still a tenth resolution:

Last, but not least: The CSA Email Summit

Visit the CSA Email Summit 2020 from April 22 - 24 in Cologne, Germany. Over three days, marketing experts, computer educators, and executives from more than 15 countries will discuss new developments in the email industry. Here you will learn first-hand what makes a good email, how to protect yourself and your brand from misuse, and how to maintain the trust of your recipients. For more information about the Summit, click here.   Author: Julia Janßen-Holldiek, Director

BIMI is an acronym of Brand Indicators for Message Identification. It is an open standardcreated jointly by several big players in the email market, such as Google, VerizonMedia/Yahoo, and Linkedin. In the past, several mailbox providers (MBP) developed individual techniques to get abrand’s logo into the recipient’s inbox. This approach has several disadvantages:

• The MBP needs to maintain a repository of logos.
• The brand owner needs to get in contact with every MBP in order to make sure the correct logo will be used.
• As each individual MBP implements its own way of supporting logos, each individual brand owner has to implement each MBP’s specification separately.

BIMI has been developed to resolve the mentioned disadvantages above.

Once you’ve ruined your reputation, life gets a lot simpler. This might be the case for private individuals, but it’s a different story in business. Mail-order retailers, service providers, and the banking industry are profoundly dependent on their good reputation, and are therefore also intent on maintaining and optimizing it on the Internet. If their customers become the victims of a “Man in the Middle” attack, this goodreputation can go down the drain in a matter of moments. In a “Man in the Middle” attack, the attacker manages to get between the customer and the business, and impersonates the business. Such an attack is also possible in the other direction, targeting the business as a supposedly trusted customer.

Since its emergence, the email has established itself as a fast and uncomplicated communication medium. Alongside pure text, the email is also suitable for quickly exchanging small files like text documents and images. Although there are now a range of cloud-based serviceson offer for data exchange, the email is often still the first choice when data like documents and pictures need to be sentquickly to one or more recipients.

Consent for the sending of marketing emails is only valid if the statement of purpose issufficiently specific and the consent is given based on an understanding of the situation.However, there are frequently uncertainties regarding the formulation of the consentdeclaration, and these may indeed mean that it does not correspond to therequirements mentioned above. These uncertainties are compounded in the case ofcompetitions involving a variety of sponsors.

It is standard practice for Email Service Providers (ESPs) to maintain client-specific or even global suppression lists (do-not-contact lists), in order to prevent the importation into the system of email addresses for which contact must under no circumstances be re- established. This may be because the recipient has complained in the past and has made the desire not to receive further emails from this sender explicit.

Improve the delivery & deliverability of your commercial emails: Increase your inbox placement rate and reduce the impact of spam filtering on your communication. Protect yourself against legal and financial risks through complete compliance with legal standard. Protect your reputation through early warning from the eco Complaints Office and daily Spam Trap Reports. Strengthen your trustworthiness with the CSA seal of quality

In its decision from 15.02.2018 (Az.: 29U2799/17), the Higher Regional Court in Munich needed to deal with the question of whether the sending of a marketing email is permissible from the operator of a dating site to members who had registered without charge. The marketing email was sent without the express consent of the members who had registered without charge. As a result,it needed to be decided whether this usage of email addresses for marketing purposes was permissible according to §7 Para. 3 UWG (an existing customer relationship). The legal interpretations presented in the court’s decision are not undisputed and conflict at least in part with other court decisions.