Technology Advisor Blog

Sending an email to more than just a few recipients? DON'T hit the send key before reading this....

Posted by Ann Westerheim on 4/16/18 3:54 PM

eMail-BulkMailYou need to send an important update or invitation to all your clients and you're ready to hit the "send" key.  Don't!  

If your eMail hosting provider or Internet Service Provider sees a lot of mail coming from you that looks the same, this will be categorized as "bulk" commercial mail and you may unwittingly violate the acceptable use policy of your provider.  Even though these would be emails people want, the systems and algorithms in place can't tell the difference between your well-crafted invitation to a high-quality event, or highly thoughtful customer update, and the massive amount of spam on the Internet.   

To send bulk mail, first you must comply with the current anti-spam laws, and then you need to find a way to successfully deliver your mail.

You must have permission to send the mail via an opt-in process (such as a newsletter sign up), or implicit permission such as an established client relationship.  The CAN-SPAM Act of 2003 puts into law the differentiation between legal and illegal commercial email.  Commercial emails are considered legal if they adhere to the following standards:

  1. The header of the commercial email (indicating the sending source, destination and routing information) doesn't contain materially false or materially misleading information;
  2. The subject line doesn't contain deceptive information;
  3. The email provides "clear and conspicuous" identification that it is an advertisement or solicitation;
  4. The email includes some type of return email address, which can be used to indicate that the recipient no longer wishes to receive spam email from the sender (i.e. to "opt-out");
  5. The email contains "clear and conspicuous" notice of the opportunity to opt-out of receiving future emails from the sender;
  6. The email has not been sent after the sender received notice that the recipient no longer wishes to receive email from the sender (i.e. has "opted-out"); and
  7. The email contains a valid, physical postal address for the sender.

Source:  Cornell Law School: Legal Information Institute.

Even if you follow all these rules, now you need to find a way to deliver your mail to your recipients.  Your email hosting provider or Internet Service Provider will not be reviewing the contents of the email so they may just block you.  If you plan to use any bulk email, we recommend Constant Contact or Hubspot to send your mail.  There are also many other excellent providers, but these are the ones we use and recommend.

We've seen clients try to work around the bulk mail limitations by sending mail in batches or by trying to hide the number of recipients in distribution lists.  It won't work! Computer systems are very good at recognizing patterns and you won't outsmart the system.  Blocking an individual sender, which is highly inconvenient for that sender, actually protects you from the worse situation of having your entire domain blocked.   If your domain is blacklisted, it will take time to get off the black list, and in the meanwhile, no one in your company will be able to send email.

Why do eMail hosts and Internet Service Providers block mail?  They're trying to cut down on the spam that ties up about 90% of email traffic.  Many viruses attack PCs by turning them into "zombies" that send mail on behalf of spammers.  This ties up valuable resources, so the hosts and Internet Service providers want to stop it... and unfortunately they wind up stopping the "good guys".

After you comply with all the rules, and use the right platform, keep in mind that if customers "unsubscribe" then you can't add them back on to the list.  We recently sent out an important customer update, and found that a few customers didn't receive it because they had unsubscribed from our newsletter.   Focus on high value information, and use your bulk mail sparingly to keep the retention level high.  You may also need to do some customer education around what you're trying to achieve with the notifications so they won't just de-clutter one day and cut off all communications (and then ask why they didn't get the important update).

Bottom line, don't fool around with bulk mail.  eMail is a great way to get the attention of your clients directly in their inbox, but be informed and responsible before hitting that "send" button!

Tags: eMail, email security

Beware of Phishing attempt to "Authenticate your Account"

Posted by Ann Westerheim on 7/25/17 9:12 AM

Phishing.jpgStay alert when reading through your email.  Our Cybersecurity advice focuses on "layers" of security, and even with all the technology in place to protect you, the "bad actors" will always resort to new tricks.  End user education and vigilance are key.

We've been alerted about a new phishing wave making the rounds.

These emails state that the email address has been flagged for suspicious activity and the user is required to click a link to authenticate the account. 

Please note that these emails are NOT legitimate emails sent by the hosting platform. If you notice emails that contain suspicious links or attachments, please avoid clicking on any links, and please remind all users in your organization to stay alert.

A few additional reminders include:

  • Never share personal information via email
  • Visit websites directly from browsers and bookmarks - not email
  • Double-check attachments before you click or download them
  • Watch for misspellings and strange greetings (Hello Madam!)
  • Be suspicious of emails that evoke a sense of urgency and ask for your immediate action
  • When it comes to wire transfers, be extra vigilant.  Confirm with a face to face or phone conversation.
  • When in doubt - DO NOTHING!

Think before you click!

 

Tags: email security, phishing, cybersecurity

Why did that Spam message get through my filter?

Posted by Ann Westerheim on 3/7/13 8:43 AM

SpamOne of the services we provide to our clients is spam filtering.  The goal is to stop the spam BEFORE it gets to the mail server so it doesn't wind up on the users' desktop, laptop, iPad, smart phone, etc....  Each month when we do the reporting and roll up the numbers, it's amazing how much volume there is. Overall, around 80% of all email traffic is flagged as spam.  For some of our clients, this means blocking out tens of thousands of messages a month.  I looked at our own domain yesterday, and in February, over 10,000 messages were blocked or quarantined, including 348 emails containing viruses.  

One of the frustrating things is that with all the sophisticated algorithms involved with the spam security filters we put in place, some spam still gets through.  Just yesterday we heard from two clients who reported receiving a spam message that to any human reviewing the email, the disposition should be obvious, but to a computer scanning thousands of messages with respect to certain algorithms, a few get through.  In both cases, we saw "Breaking News" emails where for one user, the server logs showed that one email got through and seven were blocked in the past week, and for the other users, one got through, and 65 were blocked/quarantined.  In this case, we can see that the filters ARE working, but they are not 100%.  For a message with carefully crafted language, the initial emails typically get through, and it isn't until the volume of identical messages is detected that the rest get properly dispositioned as spam.

It's annoying for all of us that these spam messages just keep coming to us, but at least with good filtering, the vast majority are stopped.

Tags: eMail, email security, spam, spam filtering

Beware! Flight Information Phishing Emails

Posted by Ann Westerheim on 12/8/11 8:21 AM

Beware of Internet ThievesThis is the time of year when many people travel.  We have received a lot of questions recently about the latest email security threat:  a new wave of "phishing" emails that are based on flight information notifications. 

The emails vary, but as an example, one of the emails we looked at had a subject of "Your Flight Order" and some official looking numbers, with the content of the email containing the flight number, date and time of departure, airport name, price, and then a link to print the ticket.  This link looks innocuous, but it actually goes to a foreign web site set up to steal information from you, or infect your system with malware. 

What a lot of people may not know is that a link in an email can say anything, and be coded to go to an entirely different location.  The "bad guys" are basically trying to get you to click on the link.  You may have travel plans and quickly click on the link because you think it's your real ticket, or you may be curious because you think your credit card may have been breached ("who bought this ticket and why am I getting the notification?").  With "social engineering" the emails look familiar, so people unknowingly click on the links.  Other recent phishing scams involved package shipment notifications and ACH bank transfer notifications.  Because the actual text of the email is innocuous, these scams will often get through spam filters when the new wave first appears, until the spam filter definitions catch up.

Delta airlines has a link on their web site alerting folks about the phishing email alert if you want to read more.  The US Computer Emergency Readiness Team (CERT) has a posting on their website of a number of holiday phishing and malware threats.  The Federal Trade Commission's Phishing Scam Page also has a lot of excellent information about how to protect yourself form on-line threats.

ALWAYS be aware when reading your mail.  Don't click on any links in emails that are questionable. 

Tags: phishing, email security

eMail Security - Sending Encrypted eMail

Posted by Ann Westerheim on 5/27/11 11:15 AM

eMail EncryptionAlthough email typically has a layer of security protection in the form of a password, users need to be aware that emails sent "in the clear" (not encrypted), CAN be intercepted and read by other parties using available tools.

To address this threat, the new MA Data Protection Law which went into effect March, 1, 2010 requires "Encryption of all transmitted records and files containing personal information that will travel across public networks".

There are many solutions available, but the one we typically recommend to clients is Voltage SecureMail. This is an easy solution because the email recipient doesn't need to purchase or install any software on their end. 

Although it's a bit of a pain to go through the extra step of encryption, this is a necessary precaution when sending any protected or sensitive information.  You can send eMails directly from Microsoft Outlook, or log into a web interface.  We typically advise clients to develop a process where they send a preliminary email to the recipient with some simple instructions to let them know a secure email will follow.  This helps non-tech-savvy users know what to do.

To see how it works, view the Voltage SecureMail demo.

If you'd like to give it a try, sign up for a free trial.

To learn more about the new MA Data Protection Law - 201 CMR 17.00: STANDARDS FOR THE PROTECTION OF PERSONAL INFORMATION OF RESIDENTS OF THE COMMONWEALTH - read full regulation from the mass.gov web site.

Tags: email security, Encryption

Subscribe by Email

Most Popular Posts

Browse by Tag

See all tags...

Connect With Us

Older Blog Posts

For older Ekaru blog posts, go to ekaru.blogspot.com.