Protection Against Cyber Threats and Ensuring Inbox Delivery: In today’s fast-paced and digitalised world, communication security is paramount. For many companies, email is a central means of communication in informing customers, staying in contact with them, and managing business processes – including in the financial sector. In the financial sector in particular – such as in banks and insurance companies – sending commercial emails carries significant risks, both for the company and its customers. The particularly sensitive customer data makes these institutions prime targets for sophisticated email phishing attacks by cybercriminals.

The Certified Senders Alliance is a service of the eco Association of the Internet Industry, in cooperation with the German Dialogue Marketing Association (DDV). Since its foundation in 2004, the CSA has acted as a neutral interface between mailbox providers and senders of commercial emails. The goal is to enhance the quality of commercial emails such as newsletters, invoices and order confirmations, while protecting email recipients. To achieve this goal, the CSA develops and establishes quality standards for commercial emailing, thereby actively contributing to the protection of users and strengthening the email communication channel.

The CSA Certification Monitor is a self-service tool for certified Senders to monitor deliverability and maintain their certification status. CSA Senders gain access to valuable mailbox and security provider data, providing a unique advantage.

According to item 2.13 of the CSA criteria, an email sender must have sole control over the outbound email servers/hosts. In the new version of the CSA criteria which apply from 2022, Certified Senders must also prove this using a unique token for each host – the CSA Host Verification.

Due to a recent increase in questions about this issue, we would like to shed some light on advertising so-called “secondary lotteries”, a type of unlicensed lottery. This type of lotteries offer bets on the outcome of regular (“primary”) lotteries, sometimes implying that they are selling real participation in said lotteries. As these types of “secondary” lotteries (as well as any unlicensed gambling service like online casinos) are illegal in many European Countries, advertising them is also considered illegal (for Germany, see Sections 4 and 5 of the Interstate Treaty on Gambling, GlüStV). Moreover, depending on the jurisdiction, this might also have criminal consequences, as participating in illegal gambling can be considered a criminal offence and, thus, advertising it might be considered instigating a crime. Lastly, this type of content might also break youth protection laws in some countries. Hence, advertising illegal gambling services also violates the CSA Criteria as it constitutes unlawful email content (Section 4.1). CSA certified senders are therefore strongly advised to raise awareness with their customers about this issue. Please note that, of course, not all advertising for lotteries is illegal – e.g. in Germany, legal and licensed lotteries can quite easily be identified via public information such as this list by the State Gambling Supervisory Authorities (https://innen.hessen.de/sites/default/files/media/hmdis/white_list.pdf).

What companies now have to consider when communicating by email with their customers

Shops have closed, restaurants too, hotels are empty – the Corona pandemic has brought many regions to a virtual standstill in recent weeks, and many small and medium-sized businesses into a dangerously precarious situation. But as we all know, necessity is the mother of invention, and so many entrepreneurs have moved their business to the Internet, where there are no – at least for the human body – dangerous viruses. And customers are shifting their purchases to the World Wide Web while the shop doors are closed.

A feedback loop is a technical service provided by mailbox providers that reports back spam clicks from email recipients to the sender. This function is used when a recipient clicks on the “spam button” in the interface of his or her email account to complain about receiving an email from the mailbox provider.

This document deals with the encrypted transport of messages between two email servers. Encryption during transport is crucial for a basic level of security for the exchange of messages.The exchange of messages between an email client and a server or the end-to-end encryption of messages are not covered in this article. If the aim is to create a secure overall system, these aspects should be considered in addition to the recommendations in this article.

A good reputation, relevant content, and consistent list hygiene are the basis

Resolutions belong to the New Year like fireworks and cava, but most of the time they remain what they are – just resolutions – and are never consistently put into practice. The Certified Senders Alliance (CSA) has come up with 10 resolutions for the year 2020, which you should definitely stick to, at least if you want to run successful email marketing campaigns in the coming year and rely on a trusting relationship with existing and future customers.

A valuable asset: high-quality address lists

Make sure that you only include addresses which you have legally generated in your mailing list, from people who you know want to receive your information and whose consent you can prove at all times. This not only gives you legal security, but also protects your reputation and builds trust with your customers. A small mailing list with high-quality addresses is better than a large mailing list with addresses from perhaps questionable sources. In any case, use the double opt-in (DOI) procedure. In case of doubt, you must be able to clearly prove at any time that you have the consent of every person to whom you have sent an email. And by using DOI, you are always on the safe side.

Speak plainly

Be open and honest, even when it comes to attracting new subscribers to your newsletter. Say what you want in clear and understandable words; do not “hide” your request for advertising consent. The addressee will notice at the latest when they receive a newsletter that they did not consciously request and will then just unsubscribe angrily – or even worse – mark your email as spam.

Careful – Trap!

Don't fall into the trap. If you send an email to a spam trap, your reputation as a serious sender suffers and you quickly end up on a blacklist. Stay clean and maintain your address lists regularly and carefully. Remove inactive addresses from your lists immediately and don't send to old addresses that you haven't used for years.

Stay clean

If your email service provider (ESP) offers the option to use a feedback loop, then do so! You will then receive feedback from your provider about addressees who have classified your email as spam or junk. This also helps you with maintaining list hygiene but, of course, only if you remove the relevant addresses from your list immediately.

Caution with lotteries

If you co-sponsor a lottery or competition in order to generate addresses: Make sure that the number of sponsors is small (max. 8) and that you have access to the addressees’ declarations of consent at all times.

Keep your word

Stick to agreements: If you have consent to send a newsletter about fashion, don't send car ads. If there is already a customer relationship with the addressee for a specific product, make sure that you only send them information about the same or similar products. In other cases, only send advertising for products or services that are mentioned in the declaration of consent. Avoid using “woolly” industry terms such as “finance and insurance” or “mail order” in the declaration text.

Law is law

Adhere to the EU General Data Protection Regulation (GDPR). Always. Not only because you are now threatened with heavy fines for non-compliance, but also because a breach of the law endangers your good reputation and the trust of your customers. If you meet the criteria of the Certified Senders Alliance (CSA) and are certified there, you are largely on the safe side, also with regard to the GDPR.

Don’t be a phish

Protect yourself and your brand from being misused for phishing. Use the SPF, DKIM, and DMARC standards when sending your emails. With the help of Domain-based Message Authentication, Reporting & Conformance (DMARC), Sender Policy Framework (SPF), and Domain Keys Identified Mail (DKIM) you can make your emails clearly recognizable for a mailbox provider and at the same time determine how they should handle emails that allegedly originate from you. As a result, phishing emails can be reliably detected and filtered before they reach the recipient and cause possible damage to your customer.

It’s the content that counts

If you know your customer's expectations and provide them with exactly the content they want to read, you have already taken a big step towards conversion. At what point in the customer journey is the addressee of my newsletter at the moment? How do I address them? What information is relevant and interesting? Relevance creates interest, binds existing customers, and generates new ones. If you stick to the above-mentioned good intentions, (almost) nothing stands in the way of successful email marketing. But – wait – there is still a tenth resolution:

Last, but not least: The CSA Email Summit

Visit the CSA Email Summit 2020 from April 22 - 24 in Cologne, Germany. Over three days, marketing experts, computer educators, and executives from more than 15 countries will discuss new developments in the email industry. Here you will learn first-hand what makes a good email, how to protect yourself and your brand from misuse, and how to maintain the trust of your recipients. For more information about the Summit, click here.   Author: Julia Janßen-Holldiek, Director