Epsilon's Symposium addressed email fraud head on, since its data breach accessed email data. Quinn Jalli, Epsilon's VP of Deliverability and ISP Relations, recommends that managing email fraud is not something to leave just to your email service provider. The wakeup call from this data breach: Brands must partner with email vendors and ISPs to protect their email send addresses, email brand assets, and in educating recipients about data usage and email fraud.  Specifically:

  • Show ISPs your legitimate emails.  Historically, marketers and ISPs haven't had much of a relationship because they were working toward different goals. Marketers want to get their emails into user inboxes, while ISPs want to manage email data volumes by blocking as many messages as possible. Well, phished emails — copies of your real thing — can be so good that neither consumers nor ISPs can tell real from fraud.  Preempt this by showing ISPs the identifying characteristics of the emails that you create. And of course any examples you have of phished messages if you have suffered this. Your email service provider can facilitate this ISP connection.
  • Authenticate your sender ID. No question about it, authentication is a must do. This works through two primary measures today: 1) an IP lookup that matches a delivered message back to an IP address registered to a given sender (SPF), and 2) a cryptographic solution that is basically encoding a unique "signature" in each message that can only come from a designated sender (DKIM). Hopefully you are authenticating already. If you are not — this is an immediate priority. If you are, take some time to make sure that you have inventoried all of the machines and systems emailing on your behalf. Email delivery specialist Return Path publishes a step-by-step guide for setting up authentication for all the messages you send.
  • Update and elevate your privacy policies. For many online marketers, there is nothing less sexy than the corporate privacy policy. But it doesn't have to be this way! Privacy policies should be quick, easy reads that are positioned in multiple places on your site and encourage users to read them. Most consumer alarm around data is due to confusion or lack of visibility into how their data is used. We advise over-communication here that tells consumers not just how you are managing their data but also how they can protect themselves and avoid scams. See Epsilon's Consumer Information on Phishing for some tips to include and sample language.
  • Dedicate an internal resource to marketing data security. Maybe this is a side-task of your job or one of your Customer Intelligence colleagues. But you just can't treat data security as an afterthought. Electronic criminals don't just attack financial services firms anymore; FS accounts for 33% of cyber crimes today, with hospitality and retail industries immediately following. This role would oversee some mechanics, like working with IT to manage ongoing audits into data security. But strategically, this is the role who determines how "real-time" your marketing should get while still allowing for data safeguards.