Monthly Archives: May 2019

Email Deliverability

Email deliverability should be a concern for any business. If you cannot effectively reach your customer base, you cannot do business.  Your business needs to ensure your email systems (both 3rd party & internal) are:

  • Operational
  • Properly configured
  • Free of negative reputation issues
  • Listed in your SPF record
  • Support DKIM
  • DMARC compliant

Additionally your business needs to be safeguarded against online phishing and spoofing campaigns that mimic your business and diminish trust in emails sent from your business. To help you achieve optimal delivery rates, detect email system & configuration issues, and prevent fraudsters from tarnishing your brand, MxToolbox offers several beneficial tools.

Today, we’ll focus on the Email Deliverability tool.  Email Deliverability provides your company a full report assessing your overall delivery status, combining many diagnostic email delivery and reputation tests into one tool.

MxToolbox’s Email Deliverability Tool

This specific tool allows you to receive a comprehensive message deliverability report in two quick steps.

  • Step 1: Send a test email to ping@tools.mxtoolbox.com from the email system you want to test
  • Step 2: Once you’ve sent an email, you’ll receive an email from us giving you a quick snapshot of your report, simply click the “View your full deliverability report” link to access the detailed feedback. You can additionally just enter the email address that sent the message in the input field on the Email Deliverability tool page.

The Report

MxToolbox systems analyze your headers, the blacklist reputation of your outbound IP address, and tests your email to verify SPF, DKIM, & DMARC authentication pass. Thanks to a recent update, the free Email Deliverability tool now delivers SPF & DKIM verification to ensure the email is being properly authenticated. You would be surprised knowing how many senders have SPF & DKIM issues affecting their email delivery and the reputation their email environment. By providing vital data about your email status, this tool shows where your company’s email platform needs help.

Adding to the list of the Email Deliverability Tool benefits, you can test your business messages for blacklists, as well as DMARC, SPF, and DKIM errors.

Protecting your brand with DMARC

Let’s envision a potential nightmare for your brand:  Your database gets hacked and all of your customers’ private information is now on the dark web, potentially available to exploit.  Now, you need to notify all of your customers to the potential threat.  Instead of sending it out through your typical email channels, you decide to setup a special domain specifically for this purpose.  Sounds logical, right?  What could go wrong?

How about the rejection of this highly important email and a serious erosion of trust for your brand?

If this sounds far-fetched, it shouldn’t.  It really happened to a Fortune 500 brand in 2018 – Marriott.

The Full Story

Following a harmful data breach involving personal information of up to 500 million guests in late November of 2018, the hotel giant decided to send notifications to its customers using a new domain email-marriott.com, instead of marriott.com or starwood.com, the affected brands.  Traditionally, Marriott properties had used the domain of the brand for customer communications around reservations, for example courtyard.com for Courtyard by Marriott properties.

From a technology standpoint, this was a completely logical decision. Marriott had been transitioning email communications to the email-marriott.com domain for sometime.  However,  customers reacted with confusion for several reasons:

  1. The message sender name appeared to be email-marriott, not Marriott, or an identifiable brand.
  2. email-marriott.com looks strange to customers of other Marriott brands that may not use the Marriott name: Starwood, Westin and Ritz-Carlton for example.
  3. It is a common technique for spoofers to use a domain that uses similar names to the intended target.
  4. The topic of the message is about security, which automatically heightens customer attention to small details relating to security.

Missteps by Marriott

Not only did it backfire in terms of reaching the inboxes of their client base, it also created a major backlash and critically damaged their email reputation.  Particularly troubling is item #3, the email-marriott.com domain mimics a fraudster’s spoofing/phishing efforts, some receivers were undoubtedly leery of opening the message. Appending common words to a known brand name is a scammer’s go-to move. The following phishing domains have been used in recent cybercrime attempts:

  • support-appleinc.com
  • service-capitalone-com.tk
  • support-verificationaccount.com

Marriott’s failed to recognize the potential pitfalls of their notification strategy and ended up compounding a customer relations problem.

What’s in a Domain?

Your company’s email reputation, as well as your customers’ security and trust in your brand, rely on which domain you utilize. Selecting an identifiable sender domain name is a best practice for businesses that rely on email to regularly communicate with clients. Domain name reputation plays a vital role in email deliverability. Unfortunately, Marriott discovered the hard way that using a nonspecific domain to suddenly send hundreds of millions of emails isn’t a good idea.

Building your company’s domain reputation can be achieved in several ways, including the length of time the domain has been registered and using it to send messages to engaged recipients. Having legitimate contact information listed on your website also helps increase overall reputation and deliverability.

Protect Your Brand

Because online security is a legitimate concern for your customers, making sure all outgoing emails are safeguarded and delivered as intended should be a top priority for your business. At MxToolbox, we specialize in helping you achieve high message delivery rates. By improving your company’s domain reputation, situations such as the aforementioned Marriott fiasco will be of no concern. To discuss your brand’s options and learn about MxToolbox’s DMARC products to solidify domain reputation, please contact our team of experts. We look forward to helping you achieve future email success.

DMARC and Phishing

Businesses, like yours, rely heavily on email for internal and external business communication, so safeguarding your email is necessary to ensure your company’s interests are protected against harmful phishing attacks. Email phishing is when a third-party (usually a hacker or malicious website) uses the brand identity of a company to deceive a recipient into divulging sensitive information. The negative effects of a customer falling victim to a phishing scam are varied but damaging to your brand’s reputation. Thankfully, protocols such as DMARC and SPF are available to help combat email phishing attacks.

Why Using DMARC and SPF on Mail Servers Is Necessary

The original standards for email were written without much attention to security; the Internet of the time was a small community of scientists, not a commercial platform. This oversight meant email was sent in clear text with no encryption and anyone could pretend to send email from any domain with a simple change to the text wrapper of the email.  My coworkers used to enjoy sending emails to random coworkers from santaclaus@northpole.com around Christmas every year.

However, email authentication technology has made great strides in securing mail servers in the fight against hackers and online criminals. Blacklists started off as a means to detect and limit IP addresses and domains that were frequent bad actors.  And now, technologies such as SPF, DKIM and DMARC can recognize and halt the most convincing fraudulent emails in their tracks. SPF plays a key role in email delivery by letting you control who sends messages on your company’s behalf, while DKIM allows you to cryptographically sign an email, and DMARC ties them all together by allowing recipients to provide senders with information about email sent on their behalf.

By the Numbers

Industries as a whole are implementing these authentication tools to offset the increasing number of phishing scams, with 80% of all federal domains currently publishing a DMARC record. This rise in adoption reflects a positive shift in the way entities should treat email threats.  As a federally mandated security measure, it is clear that using DMARC for email security is becoming a necessity for doing business.

On the other hand, in the United States, only Fortune 500 companies and large technology businesses have a DMARC adoption rate of 50% or higher. This gap shows that IT departments lack the necessary skills to handle such a task. But, not all the news is bad – 28% of Fortune 500 companies were utilizing DMARC at the end of 2017,so the jump to nearly double that number is great progress. However, almost 50% of companies have yet to implement DMARC into their email security, an area for improvement.

Next Steps with MxToolbox

If your business domain is not DMARC compliant, MxToolbox recommends you begin to to evaluate and adopt this beneficial email technology to improve delivery rates and stop the onset of malicious phishing attacks. Start with ensuring your SPF setup is correct, a vital piece that DMARC depends upon.  Once you have SPF configured, move to adopting DMARC.  Phishing and other scams are preventable, so why not take the fight to them? After all, your brand reputation relies on keeping your customer communications secure and legitimate. Contact our expert team to discuss your DMARC and SPF options to safeguard your messages.