Dec 17, 2018

The brand threat that most marketers haven’t noticed yet

Ponemon research report

How valuable would it be to increase the deliverability of your marketing emails, while defending your email brand — ensuring that it can’t be spoofed?

Most marketers and growth hackers would answer “extremely valuable.”

With a proven return on investment, email is the go-to communications tool for virtually every form of modern marketing. But cutthroat competition and a constant battle for consumers’ attention means that a savvy growth-hacking strategy requires being nimble, opportunistic, and data-driven. It requires building and protecting a trusted brand. Eking out a few percentage points of improvement in deliverability or response rates can take months of hard work.

Despite this motivation, most marketers are overlooking a proven way to increase deliverability and protect their brands: Deploying anti-impersonation technologies.

The Ponemon Institute recently conducted a survey of 400 marketing professionals to understand how they perceive and address the threat of email impersonation attacks. The threat is real: Impersonation is used in the majority of business email compromise (BEC) attacks and leads to the erosion of brand trust as well as reduced deliverability of legitimate messages.

However, for most marketers this threat — and the deliverability-enhancing potential for technologies that prevent it — is still under the radar.

What Marketers Care About Most

Some findings from the Ponemon CMO report:

  • Seventy-eight percent of respondents believe their companies experienced a data breach or cyberattack that involved email during the past 12 months. Despite that, marketers are more concerned about the user experience than the security of their outbound emails.
  • On average, companies in this research use approximately 13 cloud-based services to send emails using their companies’ domain names.
  • However, 55 percent of respondents are not confident they know all the vendors and services that are sending emails using their companies’ domain name in the “From” field of the message.

Comparing marketing professionals’ responses to those of IT professionals is telling. An earlier Ponemon survey of CIOs and CISOs found that, in general, IT executives are far more concerned about the threat of email impersonation and phishing attacks than their colleagues in marketing.

Specifically, 82 percent of IT security respondents are very concerned about hackers spoofing the company’s email domain in order to hurt the deliverability of legitimate email, while only 52 percent of marketers shared this concern.

Maximizing Deliverability

There is an opportunity suggested by this survey, however: CISOs and CMOs have a shared interest in email deliverability. Marketers want to maximize the effectiveness of their email campaigns, and for IT, making sure that email actually gets through is part of ensuring that it’s working right.

Valimail has found with our customers that setting up a company’s domain with email authentication at enforcement (using DMARC) — and maintaining it — can have a significant positive impact on deliverability. Companies have seen up to a 10 percent improvement in deliverability after deploying email authentication with enforcement.

In extreme cases, when a company’s deliverability has been severely impacted by a flood of impersonations, email authentication can literally restore the company’s ability to send outbound email.

One company Valimail worked with, a mid-sized East Coast bank, was hit with an email denial-of-service attack after refusing to respond to a fraudster’s extortion message. The attacker started sending millions of emails per day using the bank’s domains. Faced with this flood of suspicious emails, the bank’s ISP shut down message delivery completely for all messages coming from the bank’s domain. It was only after deploying email authentication that deliverability went from effectively zero back to a normal range.

A similar effect was visible when the U.K. government deployed email authentication across its domains, starting with the tax-collection service, HMRC. Doing so stopped over half a billion fake emails — but it also increased HMRC’s deliverability rate for legitimate emails from 18% to 98%. Once the flood of phish stopped, ISPs stopped blocking messages from its domain. Simple as that.

The Bottom Line

What does that mean for marketers? Anti-impersonation technologies can help their IT colleagues ensure that emails actually get to their intended destinations, while increasing the ROI for their own marketing emails at the same time.

What does it mean for IT security? Anti-impersonation technologies can help their marketing colleagues defend their hard-earned brand trust, while putting a stop to the #1 security vector for phishing.

And both will be better able to validate their efforts by showing a definitive positive impact to the company’s revenue. Nothing makes a CEO’s heart beat faster than proving a cross-functional initiative had a positive outcome that moved the needle further into the green.

Team up, and these two departments can solve pressing problems facing both of them. And it all starts with email authentication.

Subscribe to our newsletter