Phishing: The Hidden E-Mail Deliverability Threat

Whenever I talk about issues that affect deliverability, I usually cover spam complaints, broken code in messages, blacklisting, and poor relationships with ISPs. Phishing doesn’t come up often as it affects a relatively select group of senders. Nevertheless, it can do more damage than several thousand erroneous “this is spam” reports.

Phishing is the effort to steal sensitive identity or financial data through fraudulent e-mail seemingly sent from banks, investment houses, government agencies, e-commerce divisions of major retail brands, or online auction and payment-transfer services. The e-mail redirects users to authentic-looking but bogus sites that collect the data and use it for identity theft and other crimes.

ISPs now block or tag about four phishing e-mail messages for every message that’s delivered, according to a 2006 report by the Messaging Anti-Abuse Working Group, a coalition of technology, e-mail, and ISP groups.

As a sender, you needn’t have your company name or brand identity hijacked to be a phishing victim. Now that ISPs are cracking down on fraudulent e-mail just as they have on spammers, your e-mail practices could get you wrongly blocked as a potential phisher.

Also, many e-mail clients are being updated to sniff out phishing attempts. To determine whether an e-mail could be a phishing scam, the client looks for a link in your HTML message where the display text is a URL. If the displayed link is different from the actual URL, the client alerts the user.

That’s the bad news. The good news is you can take steps to either avoid being wrongly blocked as a phisher, or restore your reputation as a safe, trusted sender.

How to Avoid the Phish Tag

Keep a close eye on your delivery reports, ISP feedback loops, and blacklist tracking for a sudden spike in blocking or complaints. If you haven’t made substantial changes to how you acquire subscribers or create and send e-mail messages, you still could have run afoul of an ISP’s phishing patrol.

These strategies can help you head off any misperceptions by your subscribers or receiving ISPs:

Related reading

Flat business devices communication with cloud services isolated on the light blue background.