CSA Host Verification

According to item 2.13 of the CSA criteria, an email sender must have sole control over the outbound email servers/hosts. In the new version of […]

Download
Phishing and Spam in Times of Corona

What companies now have to consider when communicating by email with their customers Shops have closed, restaurants too, hotels are empty – the Corona pandemic […]

Read more
What is a feedback loop and when can it be used by mailbox providers?

A feedback loop is a technical service provided by mailbox providers that reports back spam clicks from email recipients to the sender. This function is […]

Download
Email Transport Encryption STARTTLS vs. DANE vs. MTA-STS

This document deals with the encrypted transport of messages between two email servers. Encryption during transport is crucial for a basic level of security for […]

Download
DMARC and Domain Alignment in Email Marketing

It’s not always the case that everything runs smoothly on the Internet. Spam, phishing,Man-in-the-Middle attacks, spoofing; the list of sophisticated methods villains of theInternet utilize, […]

Download
What is BIMI?

BIMI is an acronym of Brand Indicators for Message Identification. It is an open standardcreated jointly by several big players in the email market, such […]

Download
One-Click Unsubscribe (RFC8058) is now a mandatory CSA criteria

Since the new CSA Rules of Procedure came into effect on 1 July 2019, One-Click Unsubscribe (RFC8058) is now a mandatory CSA criteria for newsletters. […]

Download
DANE as Basis for Secure Data Transmission of Emails

Once you’ve ruined your reputation, life gets a lot simpler. This might be the case for private individuals, but it’s a different story in business. […]

Download
Can Suppression Lists be Used in a GDPR-Compliant Manner in Email Marketing?

It is standard practice for Email Service Providers (ESPs) to maintain client-specific or even global suppression lists (do-not-contact lists), in order to prevent the importation […]

Download
Domain Alignment for Email Authentication

Authentication is absolutely essential for professional email transmission. If you want to go further than SPF and DKIM and use DMARC, then alignment is obligatory. […]

Download

CSA Host Verification

According to item 2.13 of the CSA criteria, an email sender must have sole control over the outbound email servers/hosts. In the new version of the CSA criteria which apply from 2022, Certified Senders must also prove this using a unique token for each host the CSA Host Verification.

REGISTER NOW

Phishing and Spam in Times of Corona

What companies now have to consider when communicating by email with their customers

Shops have closed, restaurants too, hotels are empty – the Corona pandemic has brought many regions to a virtual standstill in recent weeks, and many small and medium-sized businesses into a dangerously precarious situation. But as we all know, necessity is the mother of invention, and so many entrepreneurs have moved their business to the Internet, where there are no – at least for the human body – dangerous viruses. And customers are shifting their purchases to the World Wide Web while the shop doors are closed.
This has consequences: The mail providers WEB.DE and GMX, part of the 1&1 Group, have seen an increase by a whopping 40 percent in email use since the beginning of the Corona crisis, with shopping emails increasing by more than 30 percent. This development is in principle not a problem, but resourceful cyber criminals are taking advantage of the current situation by abusing the trust of the recipients. A Google search for the terms “email” and “Corona” results almost exclusively in hits that deal with phishing. Governments around the world, for example, have been warning against phishing emails coming purportedly from trusted companies like the government itself or the recipient’s bank. Customers are enticed to provide personal data via a link in the email, and this data immediately lands in the hands of the fraudsters.
A second problem is spam.Phishers are taking advantage of the fact that, in response to the COVID-19 lockdown, companies are increasingly maintaining customer relationships via email; and that the recipients, in turn, recognizing the need for this, perhaps do not exercise the level of caution necessary when opening an email. This is not only an annoyance for the recipients of such emails: in the worst case, it really can cost them money. But there is also a flow-on effect: The high volume of such emails can also have consequences for quite reputable senders of emails – if, for example, such phishing mails are sent in your name, or the name of your business, as in the case mentioned above. Emails with dubious offers of breathing masks or disinfectants exploit the recipients’ fears as a form of enticement. Spam mails have even appeared in the name of the World Health Organization (WHO). Mailbox providers are aware of this and are implementing their spam rules even more rigorously. Particularly importantly for legitimate email senders: Once your emails have landed in the spam folder of a recipient, they will not make it into that recipient’s inbox in the future either. In this context, it is therefore especially important for senders to adhere strictly to certain rules to ensure that their mails are delivered. Especially small and medium-sized companies, having moved their business activities to the Internet in the face of the crisis and now increasingly sending emails, often have little idea either of how to protect themselves from being abused through phishing attacks, or of the impact of losing their good reputation by being labelled as supposed spammers. The Certified Senders Alliance (CSA), a white-listing project of eco – Association of the Internet Industry in cooperation with the German Dialog Marketing Association (DDV), has made it its declared goal to increase the quality of commercial emails and through this to improve deliverability and protect the reputation of the senders. The CSA’s email experts recommend that companies adhere to the following five basics to protect their identity on the Internet and ensure that their emails end up in the recipient's inbox now and in the future.

Use only high-quality addresses

Include in your mailing list only addresses you have legally obtained, of people who you know you want to receive your information, and whose consent you can always prove. This not only gives you legal security, but also protects your reputation and establishes trust with your customers. A small mailing list with high-quality addresses is better than a large mailing list with addresses from more dubious sources. In any event, you should use the Double Opt-In procedure. If push comes to shove, you must be able to clearly prove, at any time, that you have the consent of every person to whom you have sent an email. And with Double-Opt-In (DOI), you are on the safe side.

Make sure you create a professional impression

Pay attention to quality in the choice of images and words in your emails. Pixilated images or buttons, or a meaningless subject line leave a negative overall impression. Make absolutely sure that all links in your email function, and follow the “rules of the game”: Each link should reflect the information being advertised. Make sure that your overall image is trustworthy, rather than merely covering the legal requirements.

Express yourself clearly

Be honest, even when it comes to attracting new subscribers to your newsletter. Say what you want in clear and understandable words, and do not attempt to camouflage your request for consent for advertising. The addressee will notice it at the latest when he or she receives a newsletter that he or she has not consciously requested, and will then angrily cancel it again or – even worse – mark it as spam in their inbox. Create a context for the recipient so that they know why and on what basis you are communicating with them. Set a clear expectation in the recipient's mind by choosing a subject that also reflects the content of the email. And if possible, address the recipient personally.

Do not be a phisher

Through authentication, protect yourself and your brand from being abused for phishing. Use the Sender Policy Framework (SPF), Domain Keys Identified Mail (DKIM) and Domain-based Message Authentication, Reporting and Conformance (DMARC) standards when sending your emails. With the help of DMARC (SPF and DKIM) you have the possibility to make your emails clearly recognizable for a mailbox provider and at the same time determine how emails that are purportedly from you should be handled. This allows phishing emails to be reliably detected and filtered before they reach the recipient and cause possible damage to your customer.

Look for a partner

You have never heard terms like SPF, DKIM, and DMARC? You have only sent individual emails so far, but would like to expand your email communication in the current situation? Sending on a large scale requires compliance with extensive standards for transactional emails (e.g. invoices, order confirmations, etc.) and newsletters. The CSA has brought together the required technical and legal standards in the CSA criteria. Are you thinking about having your email sent via an email service provider? CSA-certified senders have committed to adhering to the CSA criteria and thus to ensuring a very high standard in emailing. You can find certified senders here. If your Email Service Provider (ESP) offers the option, use a feedback loop. Your provider will then provide you with feedback about recipients who classify your mail as spam or junk. This also helps you with list hygiene, as long as you remove the relevant addresses from your list immediately. The CSA library also contains other informative articles on current challenges.

REGISTER NOW

What is a feedback loop and when can it be used by mailbox providers?

A feedback loop is a technical service provided by mailbox providers that reports back spam clicks from email recipients to the sender. This function is used when a recipient clicks on the “spam button” in the interface of his or her email account to complain about receiving an email from the mailbox provider.

REGISTER NOW

Email Transport Encryption STARTTLS vs. DANE vs. MTA-STS

This document deals with the encrypted transport of messages between two email servers. Encryption during transport is crucial for a basic level of security for the exchange of messages.The exchange of messages between an email client and a server or the end-to-end encryption of messages are not covered in this article. If the aim is to create a secure overall system, these aspects should be considered in addition to the recommendations in this article.

REGISTER NOW

DMARC and Domain Alignment in Email Marketing

It’s not always the case that everything runs smoothly on the Internet. Spam, phishing,Man-in-the-Middle attacks, spoofing; the list of sophisticated methods villains of theInternet utilize, is long. In almost all cases a medium is involved which we all use on dailybasis: Email. For obvious reasons, cyber-criminals do not use their own identities. Rather, they like to make use of well-known companies and brands; often paymentservices, banks, online shops, or delivery companies. Basically, every brand can beaffected.

REGISTER NOW

What is BIMI?

BIMI is an acronym of Brand Indicators for Message Identification. It is an open standardcreated jointly by several big players in the email market, such as Google, VerizonMedia/Yahoo, and Linkedin. In the past, several mailbox providers (MBP) developed individual techniques to get abrand’s logo into the recipient’s inbox. This approach has several disadvantages:

  • The MBP needs to maintain a repository of logos.
  • The brand owner needs to get in contact with every MBP in order to make sure the correct logo will be used.
  • As each individual MBP implements its own way of supporting logos, each individual brand owner has to implement each MBP’s specification separately.
BIMI has been developed to resolve the mentioned disadvantages above.

REGISTER NOW

One-Click Unsubscribe (RFC8058) is now a mandatory CSA criteria

Since the new CSA Rules of Procedure came into effect on 1 July 2019, One-Click Unsubscribe (RFC8058) is now a mandatory CSA criteria for newsletters. Senders are legally required to offer newsletter recipients a cost-neutral possibility to unsubscribe without requiring knowledge of log-in data. For a long time, this has been solved with unsubscribe links or buttons in the newsletter. The one-click unsubscribe link unsubscribes the recipient immediately from the newsletter. Making subscribers login or additionally confirm the cancellation of subscription is not permitted.

REGISTER NOW

DANE as Basis for Secure Data Transmission of Emails

Once you’ve ruined your reputation, life gets a lot simpler. This might be the case for private individuals, but it’s a different story in business. Mail-order retailers, service providers, and the banking industry are profoundly dependent on their good reputation, and are therefore also intent on maintaining and optimizing it on the Internet. If their customers become the victims of a “Man in the Middle” attack, this goodreputation can go down the drain in a matter of moments. In a “Man in the Middle” attack, the attacker manages to get between the customer and the business, and impersonates the business. Such an attack is also possible in the other direction, targeting the business as a supposedly trusted customer.

REGISTER NOW

Can Suppression Lists be Used in a GDPR-Compliant Manner in Email Marketing?

It is standard practice for Email Service Providers (ESPs) to maintain client-specific or even global suppression lists (do-not-contact lists), in order to prevent the importation into the system of email addresses for which contact must under no circumstances be re- established. This may be because the recipient has complained in the past and has made the desire not to receive further emails from this sender explicit.

REGISTER NOW

Domain Alignment for Email Authentication

Authentication is absolutely essential for professional email transmission. If you want to go further than SPF and DKIM and use DMARC, then alignment is obligatory. But even without DMARC, alignment is a correct and important step to implementing an authenticated email.

REGISTER NOW

    Get in touch with us