CSA Host Verification

According to item 2.13 of the CSA criteria, an email sender must have sole control over the outbound email servers/hosts. In the new version of […]

Download
The Legal Notice in Newsletters: This is What Counts!

Everyone knows it, but not everyone has it: The legal notice in a newsletter! A missing or wrong legal notice be very costly. Time and […]

Download
“Secondary Lotteries”: a Type of Unlicensed Lottery

Due to a recent increase in questions about this issue, we would like to shed some light on advertising so-called “secondary lotteries”, a type of […]

Download
Phishing and Spam in Times of Corona

What companies now have to consider when communicating by email with their customers Shops have closed, restaurants too, hotels are empty – the Corona pandemic […]

Read more
What is a feedback loop and when can it be used by mailbox providers?

A feedback loop is a technical service provided by mailbox providers that reports back spam clicks from email recipients to the sender. This function is […]

Download
DKIM beyond authentication – Protecting Brand identity and reputation

This article evaluates the benefits of DKIM beyond the pure technical usage. It includes the evolution of further related standards that have been developed to […]

Download
Email Transport Encryption STARTTLS vs. DANE vs. MTA-STS

This document deals with the encrypted transport of messages between two email servers. Encryption during transport is crucial for a basic level of security for […]

Download
10 Resolutions for Successful Email Marketing in 2020

A good reputation, relevant content, and consistent list hygiene are the basis Resolutions belong to the New Year like fireworks and cava, but most of […]

Read more
DMARC and Domain Alignment in Email Marketing

It’s not always the case that everything runs smoothly on the Internet. Spam, phishing,Man-in-the-Middle attacks, spoofing; the list of sophisticated methods villains of theInternet utilize, […]

Download
What is BIMI?

BIMI is an acronym of Brand Indicators for Message Identification. It is an open standardcreated jointly by several big players in the email market, such […]

Download

CSA Host Verification

According to item 2.13 of the CSA criteria, an email sender must have sole control over the outbound email servers/hosts. In the new version of the CSA criteria which apply from 2022, Certified Senders must also prove this using a unique token for each host the CSA Host Verification.

REGISTER NOW

The Legal Notice in Newsletters: This is What Counts!

Everyone knows it, but not everyone has it: The legal notice in a newsletter! A missing or wrong legal notice be very costly. Time and again, the Certified Senders Alliance (CSA), in the course of the legal assessment part of the CSA certification process, has found that the legal notice in newsletters does not meet legal requirements. Read here how you can easily avoid mistakes and high costs.

REGISTER NOW

“Secondary Lotteries”: a Type of Unlicensed Lottery

Due to a recent increase in questions about this issue, we would like to shed some light on advertising so-called “secondary lotteries”, a type of unlicensed lottery. This type of lotteries offer bets on the outcome of regular (“primary”) lotteries, sometimes implying that they are selling real participation in said lotteries. As these types of “secondary” lotteries (as well as any unlicensed gambling service like online casinos) are illegal in many European Countries, advertising them is also considered illegal (for Germany, see Sections 4 and 5 of the Interstate Treaty on Gambling, GlüStV). Moreover, depending on the jurisdiction, this might also have criminal consequences, as participating in illegal gambling can be considered a criminal offence and, thus, advertising it might be considered instigating a crime. Lastly, this type of content might also break youth protection laws in some countries. Hence, advertising illegal gambling services also violates the CSA Criteria as it constitutes unlawful email content (Section 4.1). CSA certified senders are therefore strongly advised to raise awareness with their customers about this issue. Please note that, of course, not all advertising for lotteries is illegal – e.g. in Germany, legal and licensed lotteries can quite easily be identified via public information such as this list by the State Gambling Supervisory Authorities (https://innen.hessen.de/sites/default/files/media/hmdis/white_list.pdf).

REGISTER NOW

Phishing and Spam in Times of Corona

What companies now have to consider when communicating by email with their customers

Shops have closed, restaurants too, hotels are empty – the Corona pandemic has brought many regions to a virtual standstill in recent weeks, and many small and medium-sized businesses into a dangerously precarious situation. But as we all know, necessity is the mother of invention, and so many entrepreneurs have moved their business to the Internet, where there are no – at least for the human body – dangerous viruses. And customers are shifting their purchases to the World Wide Web while the shop doors are closed.
This has consequences: The mail providers WEB.DE and GMX, part of the 1&1 Group, have seen an increase by a whopping 40 percent in email use since the beginning of the Corona crisis, with shopping emails increasing by more than 30 percent. This development is in principle not a problem, but resourceful cyber criminals are taking advantage of the current situation by abusing the trust of the recipients. A Google search for the terms “email” and “Corona” results almost exclusively in hits that deal with phishing. Governments around the world, for example, have been warning against phishing emails coming purportedly from trusted companies like the government itself or the recipient’s bank. Customers are enticed to provide personal data via a link in the email, and this data immediately lands in the hands of the fraudsters.
A second problem is spam.Phishers are taking advantage of the fact that, in response to the COVID-19 lockdown, companies are increasingly maintaining customer relationships via email; and that the recipients, in turn, recognizing the need for this, perhaps do not exercise the level of caution necessary when opening an email. This is not only an annoyance for the recipients of such emails: in the worst case, it really can cost them money. But there is also a flow-on effect: The high volume of such emails can also have consequences for quite reputable senders of emails – if, for example, such phishing mails are sent in your name, or the name of your business, as in the case mentioned above. Emails with dubious offers of breathing masks or disinfectants exploit the recipients’ fears as a form of enticement. Spam mails have even appeared in the name of the World Health Organization (WHO). Mailbox providers are aware of this and are implementing their spam rules even more rigorously. Particularly importantly for legitimate email senders: Once your emails have landed in the spam folder of a recipient, they will not make it into that recipient’s inbox in the future either. In this context, it is therefore especially important for senders to adhere strictly to certain rules to ensure that their mails are delivered. Especially small and medium-sized companies, having moved their business activities to the Internet in the face of the crisis and now increasingly sending emails, often have little idea either of how to protect themselves from being abused through phishing attacks, or of the impact of losing their good reputation by being labelled as supposed spammers. The Certified Senders Alliance (CSA), a white-listing project of eco – Association of the Internet Industry in cooperation with the German Dialog Marketing Association (DDV), has made it its declared goal to increase the quality of commercial emails and through this to improve deliverability and protect the reputation of the senders. The CSA’s email experts recommend that companies adhere to the following five basics to protect their identity on the Internet and ensure that their emails end up in the recipient's inbox now and in the future.

Use only high-quality addresses

Include in your mailing list only addresses you have legally obtained, of people who you know you want to receive your information, and whose consent you can always prove. This not only gives you legal security, but also protects your reputation and establishes trust with your customers. A small mailing list with high-quality addresses is better than a large mailing list with addresses from more dubious sources. In any event, you should use the Double Opt-In procedure. If push comes to shove, you must be able to clearly prove, at any time, that you have the consent of every person to whom you have sent an email. And with Double-Opt-In (DOI), you are on the safe side.

Make sure you create a professional impression

Pay attention to quality in the choice of images and words in your emails. Pixilated images or buttons, or a meaningless subject line leave a negative overall impression. Make absolutely sure that all links in your email function, and follow the “rules of the game”: Each link should reflect the information being advertised. Make sure that your overall image is trustworthy, rather than merely covering the legal requirements.

Express yourself clearly

Be honest, even when it comes to attracting new subscribers to your newsletter. Say what you want in clear and understandable words, and do not attempt to camouflage your request for consent for advertising. The addressee will notice it at the latest when he or she receives a newsletter that he or she has not consciously requested, and will then angrily cancel it again or – even worse – mark it as spam in their inbox. Create a context for the recipient so that they know why and on what basis you are communicating with them. Set a clear expectation in the recipient's mind by choosing a subject that also reflects the content of the email. And if possible, address the recipient personally.

Do not be a phisher

Through authentication, protect yourself and your brand from being abused for phishing. Use the Sender Policy Framework (SPF), Domain Keys Identified Mail (DKIM) and Domain-based Message Authentication, Reporting and Conformance (DMARC) standards when sending your emails. With the help of DMARC (SPF and DKIM) you have the possibility to make your emails clearly recognizable for a mailbox provider and at the same time determine how emails that are purportedly from you should be handled. This allows phishing emails to be reliably detected and filtered before they reach the recipient and cause possible damage to your customer.

Look for a partner

You have never heard terms like SPF, DKIM, and DMARC? You have only sent individual emails so far, but would like to expand your email communication in the current situation? Sending on a large scale requires compliance with extensive standards for transactional emails (e.g. invoices, order confirmations, etc.) and newsletters. The CSA has brought together the required technical and legal standards in the CSA criteria. Are you thinking about having your email sent via an email service provider? CSA-certified senders have committed to adhering to the CSA criteria and thus to ensuring a very high standard in emailing. You can find certified senders here. If your Email Service Provider (ESP) offers the option, use a feedback loop. Your provider will then provide you with feedback about recipients who classify your mail as spam or junk. This also helps you with list hygiene, as long as you remove the relevant addresses from your list immediately. The CSA library also contains other informative articles on current challenges.

REGISTER NOW

What is a feedback loop and when can it be used by mailbox providers?

A feedback loop is a technical service provided by mailbox providers that reports back spam clicks from email recipients to the sender. This function is used when a recipient clicks on the “spam button” in the interface of his or her email account to complain about receiving an email from the mailbox provider.

REGISTER NOW

DKIM beyond authentication – Protecting Brand identity and reputation

This article evaluates the benefits of DKIM beyond the pure technical usage. It includes the evolution of further related standards that have been developed to improve email security as well as supporting email marketing success.

REGISTER NOW

Email Transport Encryption STARTTLS vs. DANE vs. MTA-STS

This document deals with the encrypted transport of messages between two email servers. Encryption during transport is crucial for a basic level of security for the exchange of messages.The exchange of messages between an email client and a server or the end-to-end encryption of messages are not covered in this article. If the aim is to create a secure overall system, these aspects should be considered in addition to the recommendations in this article.

REGISTER NOW

10 Resolutions for Successful Email Marketing in 2020

A good reputation, relevant content, and consistent list hygiene are the basis

Resolutions belong to the New Year like fireworks and cava, but most of the time they remain what they are – just resolutions – and are never consistently put into practice. The Certified Senders Alliance (CSA) has come up with 10 resolutions for the year 2020, which you should definitely stick to, at least if you want to run successful email marketing campaigns in the coming year and rely on a trusting relationship with existing and future customers.

A valuable asset: high-quality address lists

Make sure that you only include addresses which you have legally generated in your mailing list, from people who you know want to receive your information and whose consent you can prove at all times. This not only gives you legal security, but also protects your reputation and builds trust with your customers. A small mailing list with high-quality addresses is better than a large mailing list with addresses from perhaps questionable sources. In any case, use the double opt-in (DOI) procedure. In case of doubt, you must be able to clearly prove at any time that you have the consent of every person to whom you have sent an email. And by using DOI, you are always on the safe side.

Speak plainly

Be open and honest, even when it comes to attracting new subscribers to your newsletter. Say what you want in clear and understandable words; do not “hide” your request for advertising consent. The addressee will notice at the latest when they receive a newsletter that they did not consciously request and will then just unsubscribe angrily – or even worse – mark your email as spam.

Careful – Trap!

Don't fall into the trap. If you send an email to a spam trap, your reputation as a serious sender suffers and you quickly end up on a blacklist. Stay clean and maintain your address lists regularly and carefully. Remove inactive addresses from your lists immediately and don't send to old addresses that you haven't used for years.

Stay clean

If your email service provider (ESP) offers the option to use a feedback loop, then do so! You will then receive feedback from your provider about addressees who have classified your email as spam or junk. This also helps you with maintaining list hygiene but, of course, only if you remove the relevant addresses from your list immediately.

Caution with lotteries

If you co-sponsor a lottery or competition in order to generate addresses: Make sure that the number of sponsors is small (max. 8) and that you have access to the addressees’ declarations of consent at all times.

Keep your word

Stick to agreements: If you have consent to send a newsletter about fashion, don't send car ads. If there is already a customer relationship with the addressee for a specific product, make sure that you only send them information about the same or similar products. In other cases, only send advertising for products or services that are mentioned in the declaration of consent. Avoid using “woolly” industry terms such as “finance and insurance” or “mail order” in the declaration text.

Law is law

Adhere to the EU General Data Protection Regulation (GDPR). Always. Not only because you are now threatened with heavy fines for non-compliance, but also because a breach of the law endangers your good reputation and the trust of your customers. If you meet the criteria of the Certified Senders Alliance (CSA) and are certified there, you are largely on the safe side, also with regard to the GDPR.

Don’t be a phish

Protect yourself and your brand from being misused for phishing. Use the SPF, DKIM, and DMARC standards when sending your emails. With the help of Domain-based Message Authentication, Reporting & Conformance (DMARC), Sender Policy Framework (SPF), and Domain Keys Identified Mail (DKIM) you can make your emails clearly recognizable for a mailbox provider and at the same time determine how they should handle emails that allegedly originate from you. As a result, phishing emails can be reliably detected and filtered before they reach the recipient and cause possible damage to your customer.

It’s the content that counts

If you know your customer's expectations and provide them with exactly the content they want to read, you have already taken a big step towards conversion. At what point in the customer journey is the addressee of my newsletter at the moment? How do I address them? What information is relevant and interesting? Relevance creates interest, binds existing customers, and generates new ones. If you stick to the above-mentioned good intentions, (almost) nothing stands in the way of successful email marketing. But – wait – there is still a tenth resolution:

Last, but not least: The CSA Email Summit

Visit the CSA Email Summit 2020 from April 22 - 24 in Cologne, Germany. Over three days, marketing experts, computer educators, and executives from more than 15 countries will discuss new developments in the email industry. Here you will learn first-hand what makes a good email, how to protect yourself and your brand from misuse, and how to maintain the trust of your recipients. For more information about the Summit, click here.   Author: Julia Janßen-Holldiek, Director

REGISTER NOW

DMARC and Domain Alignment in Email Marketing

It’s not always the case that everything runs smoothly on the Internet. Spam, phishing,Man-in-the-Middle attacks, spoofing; the list of sophisticated methods villains of theInternet utilize, is long. In almost all cases a medium is involved which we all use on dailybasis: Email. For obvious reasons, cyber-criminals do not use their own identities. Rather, they like to make use of well-known companies and brands; often paymentservices, banks, online shops, or delivery companies. Basically, every brand can beaffected.

REGISTER NOW

What is BIMI?

BIMI is an acronym of Brand Indicators for Message Identification. It is an open standardcreated jointly by several big players in the email market, such as Google, VerizonMedia/Yahoo, and Linkedin. In the past, several mailbox providers (MBP) developed individual techniques to get abrand’s logo into the recipient’s inbox. This approach has several disadvantages:

  • The MBP needs to maintain a repository of logos.
  • The brand owner needs to get in contact with every MBP in order to make sure the correct logo will be used.
  • As each individual MBP implements its own way of supporting logos, each individual brand owner has to implement each MBP’s specification separately.
BIMI has been developed to resolve the mentioned disadvantages above.

REGISTER NOW

    Get in touch with us

    captcha