Successful email engagement is predicated on trust. Recipients need to trust that your emails are actually from you. That’s why SparkPost requires you undertake additional setup steps versus services that are less concerned with reputation.
A secure email service starts by preventing phishing—emails that fraudulently claim to be from someone else in an illicit attempt to gain benefit. It’s the email that claims to be from the reader’s bank, but downloads malware or steals a password when they follow the message links.
In order to reassure both human beings and protective computer systems that are looking for fraudulent email activity, SparkPost requires you to set up either SPF or DKIM at a minimum and potentially DMARC reporting as a means of reassuring these recipients and systems that messages are truly from you. SPF is like a guest list at a party—a list of servers that are authorized to send for your domain. DKIM uses encryption in the email headers that refers to the sender’s domain to legitimize the message for the recipient. It assures your recipients that even though your emails are coming via SparkPost, people and systems can really trust that your messages are from you. In part, DMARC is a reporting mechanism for DKIM failures, alerting domain owners when others try to use their domain without authorization.
Email security is also about protecting your recipients. Attackers are getting more sophisticated and they know that there are often ways to get information from people. They’ll leverage email to get bits of information that a person might not think are important, but in fact are stepping stones to getting more valuable information. That well-known data breach at Target started when someone found a bit of information in a company that did air conditioning services for stores; the attackers leveraged that third party’s access to hack into additional systems inside Target.
SparkPost requires you to use DKIM and SPF because they are proven best practices. When you’re sending just a few emails, things could go wrong, but the small quantity means it only qualifies as a hassle. When you’re sending email in very high volumes, there’s a lot of potential for damage. On the flipside, email security increases engagement and deliverability: messages set up with authentication allow recipients to trust that the links they click will not be fraudulent or malicious. That increases clicks (a measure of engagement), which in turn increases deliverability.
That’s why it’s important to secure your email, because any little piece of the puzzle can be a gateway to significant problems for you and your recipients. Our goal is to make you successful with email, and protecting your email is essential to securing your reputation as a sender.
Some years back I wrote a blog post entitled “What I Learned From Nigerian Spammers.” The inspiration for the post came from a piece of spam I received while working for Unica, and attending the Marketing Innovation Summit (the last as we were just acquired by IBM). (more…)