Like Star Wars, “Spam Wars” is a story unfolded in a series of disjointed episodes, and with varying degrees of success. Here we are, halfway through 2005, and it appears we’re witnessing the first solid victories against spam in years. Research released in March revealed a majority of consumers say they receive less spam today than they did a year ago. That’s consistent with recent reports from America Online and Microsoft.
In the cosmic battle between Good and Evil, the good guys always find a way to win. Yet we can’t forget how Darth Vader and his minions, no matter how defeated or gone-for-good they may seem, fester in the background and resurface in the next episode to terrify the galaxy once again.
Spam may be receding, but now we hear the steady drumbeat from the Dark Side getting louder with even more insidious email threats, such as phishing (define). It’s as if we’re beginning a new chapter in the Spam Wars: “Episode III: Revenge of the Phish.”
In March of this year, there were 13,353 phishing email messages reported to the Anti-Phishing Working Group (APWG), over five times the number reported in July, 2004 (2,625). This is alarming news, but as I remind marketers time and again: there is fraud and abuse in every medium, online and off—, and there probably always will be.
The key thing to keep in mind is, as in Star Wars, there will always be a conflict between good and evil. In the Spam Wars, it’s between those who work to make email better and those who undermine the medium by using it abusively and for criminal purposes. We will continue to win victories if we keep working hard, attack the problem from every angle, and coordinate efforts across industries for the common good.
One thing I always stress is the importance of education, both of consumers and of marketers. Marketers play a critical role in protecting their customers from phishing, and there are a number of measures they can take to do so. One of the most important things marketers can do in this respect is to stay abreast of, learn about, and implement the latest email authentication standards.
Last month, the industry put another stake in the ground in the war against spam and phishing when a coalition of over two dozen ISPs, marketing firms, trade associations, non-profits and others, announced the Email Authentication Implementation Summit 2005.” Building off the momentum of the FTC’s authentication summit last November, the industry has come together on its own to move email authentication standards from a theoretical discussion of concepts to widespread implementation.
Authentication solutions help fight phishing by verifying email was sent from a source authorized to do so. Early results are promising. In just the first few months of deployment of the Sender ID Framework, an IP-based authentication solution in place at MSN Hotmail, Microsoft said it, “is already dramatically improving our ability to help protect our customers from unwanted spam and malicious email scams.”
Whether you attend this educational event or not, make a point of studying up on email authentication. Drive its adoption in your organization. A few “authentication tips” to help you get started:
- Audit Your System Capabilities Even the most basic, IP-based authentication standards demand infrastructure that can support them. Several legacy DNS systems observed in the marketplace (even at major, brand name companies) are unable to support publishing basic SPF records. Learn about and monitor your internal and external IT and email deployment infrastructure, ensure it has the technological capability to support and adapt to evolving authentication standards.
- Publish Accurate Records Depending on the size and complexity of your organization, you may be sending email from multiple IP addresses and using various domain and sub-domain names in those messages. Be aware of all email deployment platforms, make sure the people in charge of publishing your SPF records account for these, and update your records as necessary when infrastructure and domain names are discontinued or added. Also, be sure to monitor your published record as system and/or other internal or Web changes may impact a record’s validity. Here’s a helpful tool for that.
- Control Your Domain Name It’s important to review all registrations and internal/external uses of your brand’s domain and sub-domain names. Authentication verifies authorization to send email, but it won’t stop phishers from registering domain names that may look like yours, then publishing accurate SPF records for them. Increasingly, ISPs will make every effort to reject email that comes from fraudulent, derivative “cousin” domains. But at the end of the day, it’s your responsibility to monitor and control uses and misuses of your brand identity.
- Stay Informed. Stay Involved In the rapidly changing email world, staying ahead of the curve (and spammers) is half the battle. Even if you’ve already implemented email authentication solutions, it’s good to huddle with the Jedi every now and then to get the scoop on the latest developments on the email authentication front, including implementation best practices, case studies and how authentication will work with accreditation and reputation solutions in the future.
So stay informed and make a difference. I encourage all readers to get involved in industry associations or local federations to help protect the email galaxy!
Last but not least, implement email authentication. May the Force be with you!
Till Next Time,
The ClickZ Marketing Excellence Awards recognize ClickZ readers’ choices for achievement and innovation in online marketing technology, solutions, and execution. Nominate the products, services, and campaigns you believe deserve the distinction of being named the best in their category. Nominations are open until Friday, June 3 (EOB, EST).
Want more email marketing information? ClickZ E-Mail Reference is an archive of all our email columns, organized by topic.