Email address acquisition is the life blood of any growing email marketing program. So anytime someone proposes a change to acquisition practices, smart marketers get worried. Over the years, so many things have changed in email marketing, except the web-based email signup form has skated along mostly unchanged from the early days.
It has long been the industry standard practice to have online email signup forms without any real security on the form itself. However, the days of the unsecured email signup form may be numbered.
During the second half of 2016, we started seeing a new wave of scripted, fraudulent email signups to legitimate, popular email lists. Spamhaus took notice, and began blacklisting well known, popular brands.
The email marketing teams at these brands hadn’t done anything wrong. They hadn’t changed anything, and they themselves were innocent victims of this fraudulent behavior. So then why did Spamhaus penalized them so harshly? They did this because it’s Spamhaus’ job to detect and help prevent the delivery of unwanted email. The top inbox providers like Gmail rely on Spamhaus to help them protect the inboxes of their customers, the email inbox users.
While email marketing teams hadn’t done anything wrong according to industry standard practice, they did fail at one thing. They contributed to the problem of unwanted email, by not securing the signup forms they use online.
Although fraudulent use of signup forms is not new, recent activity suggests its gone mainstream. Spamhaus has speculated this first wave may have been a test run of a new “mail bombing as a service”, and cautions there may be more of this type of activity in the future. Fraudulent use of email signup forms is certainly on the rise, and we as an industry need to be ready for the next wave of fraudsters and copycats.
So what’s a marketer to do? Don’t despair, there are measures you can take that provide a level of protection, while keeping your email program open for business.
Spamhaus has recommended implementing both CAPTCHA and COI (Confirmed Opt-In) to defend against fraudulent attacks. However, Spamhaus has acknowledged that COI alone is not sufficient – many of the lists that were victimized had already been using COI.
What steps you take to mitigate your risk is ultimately up to you and/or your service provider. There are technical and business conditions that may make certain measures difficult to implement, at least in the short-term. You need to find the balance of risk and reward that is right for your business.
One thing is clear: Doing nothing to protect your business from this new threat is not a good idea. We must all face this new reality, whether we like it or not. We sincerely hope marketers will seriously consider this warning from Spamhaus, and implement protections against fraudulent signups. Consider implementing COI if it works for your business. Also consider the several other ideas listed below.
There is no one perfect measure to defend against fraudulent signups and the risk of a Spamhaus listing. There are several methods that can be effective and better when used in combination. Seriously consider implementing the following solutions:
Implementing one or a combination of these measures in addition to any protections already in place will increase your defenses against these types of attacks. If you have not been listed in the most recent string of incidents, you’re among the lucky senders who bots have not exploited.
However, as these bots become more sophisticated, and malicious actors continue to perpetrate these attacks, your risk of a Spamhaus listings grows.
Consider a paid consulting engagement with your ESP. Most ESPs have deliverability experts on staff. These experts will work with you to provide guidance and strategic direction on how to reduce your risk of a Spamhaus listing, as well as how to optimize inbox placement rates on an ongoing basis. They will help you determine the best protective measures for your business, and how these are effective in helping you mitigate risk while still growing your business.
Modern Marketers must orchestrate and deliver marketing messages that are relevant to individual preferences and behavior. Getting email delivered to the inbox is critical to this process. Download Email Deliverability: Guide For Modern Marketers to find out how to achieve email deliverability that really delivers.
since security is first thing that every marketing company is concerned about.