Viewing all posts categorized as 'Private Eye'

Apparently, the value of email communications is not only increasing with marketers, but with criminals as well. Whether you’re a marketer trying to avoid your brand being abused, an employee trying to secure intellectual property or a consumer trying to avoid being phished, here are some tips and techniques to consider when evaluating the state of phishing today.

For the brands:  Understanding the anti-phishing ‘takedown’ process

A phishing ‘takedown’ is when a brand owner requests that a website hosting provider or ISP remove the website domain that is being used for phishing on their network. Akin to a good mixed martial artist’s takedown technique, the best phishing takedown advice is to do it as quickly and forcefully as possible because the main impact of a phishing campaign takes place within 24 hours of the email being sent. In most cases, a brand is better off using one of the professional service providers who specialize in these requests and have pre-existing relationships with global networks rather than trying to identify and reach out to the networks themselves. The Anti-Phishing Working Group (APWG) has authored an excellent white paper on this topic which can be found online here. Contact the APWG directly for more information on a list of their members who provide these takedown services or refer to their membership directory online here.

For the corporate employee (or consumer):  don’t get ‘spear phished’

According to IBM research, while overall phishing attempts are down from past years, ‘spear phishing’,  or phishing emails that are personalized to specific users or to domain name recipients, have dramatically increased in the past year. The goal of these types of campaigns is not to collect the recipients’ personal or financial information as with most consumer phishing attempts, but rather to get a user to click on a link so a software program can be downloaded to the users’ machine. Afterwards, the criminals will use this software program to install what’s called a ‘keylogger’ program to collect user names and passwords to various types of accounts, which often times includes web-based access to corporate databases where the criminals can easily steal intellectual property or otherwise make use of the corporate network. InformationWeek describes these types of these attacks in detail online here. In some cases, these emails will appear to be sent from current or former colleagues whose names were harvested off business directory websites. Examples such as ecards are regularly abused due to their innocuous nature.  If you ever receive an unexpected e-card or odd link from a current or former colleague, whether by email or IM, then it is immediate grounds for suspicion.

For everyone: some easy tips to avoid getting phished

Identify the real ‘sender’: Most of the time, an email recipient simply looks at the friendly ‘from’ address to see the name or domain name of the sender. This is what the phishers rely upon – that users don’t check what the actual sending domain name is behind what’s visible by default in the message. Every email program, including Microsoft Outlook, enables users to easily see the real ‘transmission’ domain name the message is being sent from, which often times is completely unrelated to the domain name in the visible ‘from’ address.  To do this in Microsoft Outlook, users can simply open an email and click the  icon in the middle of the top-header of email message. This will open up a ‘Message Options’ box which will show the true message transmission information and include the transmission domain name that reveals who really is the sender. As you can see from the below example, the friendly ‘from’ address from this corporate email includes a shortened corporate domain name ‘chtah.com’ while the transmission information includes the full transparent corporate domain name of ‘cheetahmail.com’. In this case, a user may not easily recognize the visible ‘from’ domain, but would easily recognize the “Received:from” sending transmission domain name. With a phishing campaign, it’s the “Received:from” sending transmission domain name that will either be from an ISP (usually associated with a foreign top level domain name like ‘example.ru’ for Russia) or another domain name that is unrecognizable to the recipient.   In either case, it will not reflect the same brand or domain name used by the phisher because they do not have the technical rights to use this domain for email transmission purposes.

To be sure, check the ‘whois’ record: If you are ever unclear about the domain name that is listed in the ‘from’ or the ‘Received:from’ address, then the easiest way to validate its legitimacy is to check the public record ‘whois’ database listing the respective owners of the domain name. The most comprehensive whois database is hosted by Network Solutions and can be found online here. Other than a reference to the official corporation name and address, the main thing to look for is whether the domain name was registered within the prior days or week. Almost all phishing domains are registered within  a week of the phishing email being sent. Even if the corporation is not listed or it’s hidden by a ‘proxy’ registration, the date when the domain name was registered is always publicly referenced and is the most important factor to raise suspicion.

One of the most important issues for email marketers is making sure the message makes it to the “inbox” of the intended recipient. An often overlooked key aspect of mailing delivery — in addition to IP reputation — is the actual subject line of the email. Not only does the subject line play an important role in getting delivered, it is imperative to accomplish the main objective of getting your marketing message opened and read by the user and keeping your list active. As such, here are some subject line best practices to follow to ensure your legitimate email is not filtered as spam.

• A subject line should be as short and descriptive as possible. The subject line should be informative and true. If your from name and address are not branded, the subject line should also provide assurance that the email comes from a trusted source. A general rule of thumb is to keep subject lines between 30-50 characters.
• A strong offer can be put right in the subject line. Evaluate your content to understand the likelihood of your message hitting spam filters, particularly if a high percentage of your list is at corporate domains. Corporate domains rely more on phrases or words that have been “tainted” by the spamming community. The major web-based email clients focus on your reputation more than your content.
• The from name and address can be as important as the subject line. A strong offer can be put right in the subject line, but it is important to use punctuation and grammar carefully to ensure that you are not perceived to be a spammer by the receiving ISP.
• The ‘from’ name and subject line should work in tandem. The ‘from’ line should communicate who you are as the sender. Do your best to not change this entry frequently and make it recognizable so that recipients understand that the email was sent by a reliable source.
• If you are cross promoting a sister brand, use the subject line to introduce the sister brand and do not change the ‘from’ address of the originally subscribed-to brand. Any other ‘from’ address is likely to increase complaints. For more information on cross promoting sister brands, please see our recent post on promoting sister brands.

That said, spammers use various tactics to fool people into opening their emails. Spammers often use words that announce a big incentive or urgency. We suggest testing certain keywords or alternative words to optimize your subject lines.

• Some key words and phrases such as “act now,” “trial,” “quote,” and “guarantee” can be tested against “complimentary,” “estimate,” “be our guest,” and “giveaway.”
• While “Free” performs well in subject lines (see Experian CheetahMail’s Free Shipping Report) you might try using “our treat” or “on the house” to see what works best for your brand.
• Avoid excessive punctuation — exclamation points, multiple periods (…), dollar signs ($$), etc.
• In the past putting full words in ALL CAPS was considered equivalent to shouting. Using all caps is a practice used by spammers. Test the use of all caps and monitor any drops in open rates potentially due to filtering.
• Using ‘Re:’ at the beginning of a subject line falsely leads the recipient to think the email is a reply to a previous email. This is a misleading tactic. This tactic is not CAN-SPAM compliant and creates a poor customer experience. If the recipient feels duped into opening an email, you might see an increase in abuse rates or unsubscribe requests.

Just a few little words/phrases in your subject line can make or break the success of your email marketing campaign, not just by impacting open rates but affecting deliverability too. To learn what works best, test. Following these subject line best practices can save your client from losing both excellent reputation and good subscribers.

Since the holiday season is the most important time of year for retail emailers, here are some best practices for maintaining a good sending reputation and staying in the Inbox during the upcoming holiday season – a time when the Inbox is inundated with emails and offers.

• Now is the time to emphasize the “please add us to your address book” requests and instructions during the email registration process and in welcome emails. Not only will you get added to user whitelists which overrides ‘junk’ or ‘spam’ folder delivery, but also recipient response rates should be better, as well as brand perception, because images are displayed by default. A new trend for marketers is to consider sending a dedicated message solely to drive address book adoption in advance of the holidays. For example, “We are going to have some fantastic deals during the holidays. Add us to your address book to make sure you don’t miss them.” In light of the recent Facebook ‘Messages’ announcement, it is also now important to use such a dedicated email to request users become a ‘fan’ or ‘like’ your content.  [See example below]
• If you have a group of recipients who haven’t been mailed in a long time, before mailing them all at once, consider testing small segments to gauge complaint and bounce rates and make creative and segmentation adjustments with subsequent campaigns to ensure these metrics don’t become a risk to your overall messaging reputation.
• It is critical to maintain the same ‘from’ addresses and formulate subject lines that highlight the email’s ‘call-to-action’ and is not too ‘cheeky’ that it could be confusing or misleading to recipients where it may lead to user complaints.

In 2009, holiday email volume rose, increasing over  26% from the 2008 holiday season. We can predict this trend to continue for the 2010 holiday season meaning the ISPs will be working in overdrive to ensure all relevant and legitimate email is delivered into the Inbox while keeping out the large amount of true spam. Following these holiday best practices, and others such as maintaining ‘engaged’ users will help keep your clients’ IP reputation strong, your Inbox delivery rates high, your targeted customers happy and ultimately your revenue numbers up.

Perhaps I’ve now seen all of the Toy Story movies too many times with my kids, because the line from the theme song really sticks out with Facebook Messages; “Some other folks might be a little bit smarter than I am, bigger and stronger too, maybe. But none of them will ever love you the way I do, it’s me and you.”

Even without seeing the new Messages user interface and only seeing ‘Zuck’ and ‘Boz’ demonstrate a portion of it yesterday, it seems apparent that the Facebook email application is not a ‘Gmail killer’ or intended to be competitive with any full-fledged email client webmail or software program. But what it does have that no one else has captured is the notion of a truly personalized messaging platform.

However, my wake-up moment on the webcast yesterday was when they disclosed that any user can change their privacy settings to restrict emails just to their friends, friends of friends, or everyone. More importantly, should the user tighten their settings to exclude everyone, Facebook will bounce all emails from that sender to that user. In other words, if a marketer does not have a ‘fan’ or ‘friend of friend’ relationship with that user, then they should assume the address will bounce.

It is important to note that there apparently will not be a ‘junk’ or ‘spam’ folder for these unrelated messages to be filtered into, just an ‘other’ folder that isn’t designed to be a ‘reputation’ or anti-spam filter since all emails from unrelated senders will just bounce away. There is no ISP ‘Batphone’ when trying to resolve deliverability to ‘friends’, so even the most experienced and skillful deliverability team in the world won’t be of much assistance with most Facebook deliverability problems.

The clear conclusion from this is that marketers should not attempt to collect an @facebook.com email address without making a strong effort to first ensure that the user is a ‘fan’ or logs in through Facebook Connect.   This should require Facebook-specific language on the email registration or transaction page, or most certainly on the post-registration or transaction page. Because if you don’t do something to befriend these users, then your ‘Messages’ may not get there at all.

Every email service provider treats hard bounces differently. In most cases, a hard bounce will never be valid ever again. In select cases, it may just mean that the address is currently unavailable but will be available at some point later.

Here’s a personal story about why it doesn’t make a lot of sense to bounce remove after the first attempt.

I purchased my personal domain name in 1998 and have used it for select personal email relationships ever since. I had a problem with my domain registrar a couple years ago that involved them accidentally expiring my domain without notifying me. It then took weeks to get it fixed. In the meantime, all personal email to me hard bounced. Some of my most important contacts reached out to me through other channels, a few even sending snail mail informing me of the bounced email.

While this situation is rare, it is just one of many reasons why emails hard bounce and yet will be valid once again in short order.

In the past, ISPs used to focus on hard bounces as a critical anti-spam metric. With today’s sophisticated filters focused primarily on complaints and other data, very few ISPs see a reasonable (<5%) hard bounce rate as an indicator of spam as long as the other performance metrics are also in line with legitimate email.

Some additional tips when considering bounce removal rules:

1. Every ISP is different, therefore a liberal bounce rule at less sophisticated ISPs (like those without real-time complaint data) could result in deliverability problems.
2. Re-mailing bounces again is not the same as ‘re-trying’ a message. If the address is invalid now, it likely won’t be valid again the same day or even a few days from now. Wait a week or more before re-mailing that user.
3. Never re-mail bounces more than a few months old. Some ISPs turn bad data into spamtraps, which are used as an anti-spam filter. In some cases, ISPs will share defunct addresses with 3^rd party blocklists like Spamhaus. In other cases, an ISP may recycle that address to another user.
4. If the relationship is really important (or if you have the resources), consider a personalized snail mail effort following a bounce. I was pleasantly surprised about the letters from my commercial relationships and valued those relationships even more as a result.

Google recently announced plans to enhance Gmail by introducing a ‘Priority Inbox’ which will soon be rolling out to its estimated 200mm global users. Experian CheetahMail’s deliverability team has received many inquiries about the new interface, what it may mean for our clients, and how it could affect deliverability.

From a deliverability perspective, this feature once again proves that building a good sender reputation that includes regular customer engagement is of the utmost importance. If users are consistently marking your mail with increased priority, then the sender’s reputation will likely improve. If users are consistently marking mail with decreased priority, the sender’s reputation will likely degrade. While the importance of these new priority settings are mainly user-specific, if too many people push the ‘less important’ button, then Gmail’s algorithm will take this into account and may push those senders email into the “Everything else” section or possibly into the Spam folder.

How Priority Inbox works:

Priority Inbox analyzes incoming mail, giving it a ranking and sorting it into four customizable sections: “Important and unread” (or just “Important”), “Starred” and “Everything else.” “Important” messages are intended to be the most relevant or relationship-oriented, and sit at the top of the screen. Next is the “Starred” section which are messages the user manually flags or sets up as a recurring indication of importance. “Everything else” includes those messages that may not be from an established contact or regularly engaged with before.

Read More »

Microsoft has recently announced enhancements to its Windows Live Hotmail, including features that “help busy people with full lives.” The CheetahMail deliverability team has reviewed these new features and offers these thoughts on their potential impact on senders.

Some of the new features that should have a positive impact on email deliverability include:

• Trusted Senders Icon — Hotmail will now help visually identify ‘trusted senders’ in your inbox, particularly banks and other senders most commonly impersonated in phishing scams, by putting safety logos next to those senders recognized as legitimate. While the exact details on this feature are limited right now, it will most likely be based on a combination of authentication and a consistently positive mailing reputation.
• Tabs — Organizational tools will appear at the top of the inbox that will allow the user to display messages received from specific contacts, certain social networks (such as Facebook notifications), pre-selected email groups, or all of their mail. In addition, “Quick Views” will be available that will automatically sort four types of emails into their respective folders: Flagged, Photos, Office Docs, and Shipping Updates. These tabs can benefit senders by addressing inbox overload issues.

One of the new features that should have a negative impact on senders and deliverability as a whole:

• Time Traveling Filters — Microsoft’s filters can retroactively remove messages that were placed in the inbox if the reputation of the sender later turns out to be poor and the recipient has not yet opened the message in their inbox. That means there’s no longer a guarantee that a message delivered to the inbox will actually stay there until the recipient acts on it.

Read More »