| 2.3.13. Risk Email: | | 1. Every company still using traditional emails with attachments have put themselves at risk of being copied by criminals. Criminals can send out millions of traditional email copies each day and that can have a devastating effect on a company as customers begin not to trust such emails. The first risk is that the company may never figure out that their emails are being copied by criminals and sent out to millions of people. The second risk is that when the company does figure out that their emails are being copied - what do they do next. | | 2. It is just a matter of time before criminals copy your emails and attach malware that can steal business data. It is just a matter of time before your business could be devastated when your customers treat your emails as potential malware. | | 3. Where a company choose not to comply with PECR and retain evidence of when a person opted-in or opted-out to receive marketing information, then disputes will always be found in favour of the person. When it becomes public knowledge that compensation can be gained from a company who sends out marketing information without adequate opt-in evidence, then claims will escalate. |
| New York Experience: | | 1. A major corporation in New York was using traditional emails with attachments to communicate with their customers. This simple method of working enabled business data to be communicated to customers on a regular basis. | | 2. A criminal gang copied the style of the traditional email and loaded the attachment with malware. They sent out millions of these emails every day - the avalanche went on for months. When a recipient clicked to view that attachment, WORD popped up a message saying the document was corrupt, but everything looked OK. Silently, the malware copied all business data from the users computer back to the criminals. | | 3. The criminals harvested vast amounts of business data over and over again - they then sold that data back to competitive companies as "sales leads" and "marketing intelligence". Eventually users figured out that their business data was being stolen and stopped doing business with the New York corporation who had done nothing wrong and were unaware that their emails were being copied. | | 4. It is suspected that criminals have silently stolen valuable business data from most corporations who use traditional emails. Google and Microsoft have designed and implemented a DMARC system to detect emails being sent from criminals. This is a complex system that is expected to be refined in the next year to make it more effective. |
| DMARC: | | 1. Domain-based Message Authentication, Reporting and Conformance (DMARK) is an email anti-spoofing system that should reduce the hundreds of millions of SPAM message sent out every day. | | 2. The key factor is that email servers are able to check the the FROM email address is correct - emails that say they are FROM a specific domain, must be from that domain and no other domain. | | 3. DMARC enables a company to see what emails are sent with a FROM email address as their domain, but was not sent from their email servers. |
| Envelope Design: | | 1. The envelope must be trusted so people do not treat it as SPAM. | | 2. To be trusted on sight, the envelope must be distinctive and instantly recognisable because nothing else is like it. | | 3. To be safe, the envelope must be hard to replicate in WORD - its HTML5 fingerprint must be acceptable to all email servers. | | 4. The envelope must have a unique subject line that does not leak any private, confidential or privileged information. | | 5. The URL must be encrypted in a way that criminals working 24*7 for 5 years will not be able to crack how it works. | | 6. The envelope must expire its payload in a selected number of days - the payload must be protected. | | 7. When the envelope arrives at a dead inbox, this must be monitored and reported so alternative action can be taken. | | 8. When the email address has not been typed correctly and the email does not get to its intended recipient, this must be monitored and reported for corrective action. | | 9. DMARC and other anti-spam protection methods must be taken to make sure that the envelope is not treated as SPAM and is hard to copy. | | 10. The envelope must comply with Privacy and Electronic Communication Regulations (PECR). |
| PECR: | | 1. Privacy and Electronic Communication Regulations (PECR) means that it is mandatory that all companies fully comply when sending marketing emails such as quotations. | | 2. Before a quotation is sent to a person, that person MUST subscribe to receive such a message and evidence must be retained that they did subscribe. | | 3. Before a quotation is viewed by a person, that person MUST have the ability to unsubscribe and not receive such a message - evidence must be retained. | | 4. Opt-in and opt-out evidence must be held for each person involved in electronic communication with the company. Where a company cannot provide evidence and a person disputes an opt-in subscription, then the company is assumed to be guilty and the person deserves compensation. |
| Envelope Management: | | Every envelope is sent to one and only one person. Where more than one recipient is on a distribution list, then a unique envelope is sent to each person. Every unique envelope is monitored to detect when it is viewed and to record any other actions. The envelope author retains read access rights to monitor the envelope life cycle. |
| Envelope Layout: | | Any design may be used, but over that last ten years, the following parts have evolved as of value:- | | 1. Subject: unique headline but without any private information. | | 2. To and From: side-by-side boxes as unique style with adequate evidence. | | 3. Purpose: as paragraph to explain WHY the message have been sent. | | 4. Button: to opt-in and subscribe to view such information. | | 5. Advice: regarding legal liabilities and obligations. | | 6. Opt-Out: button to unsubscribe. | | 7. Footer: copyright and registered office. |
|
|