The rising tide of cybercriminals attacking email’s foundation of trust threatens to overwhelm internet users and organisations.
So-called ‘business email compromises (BEC) scammed 4,255 Aussies of $142 million last year, reports the Australian Cybersecurity Centre (ACSC).
“BEC is a common attack (that) targets businesses and their employees for financial gain, by using socially engineered messages or compromised email accounts,” says the ACSC about scams that “fraudulently … redirect funds into bank accounts controlled by the cybercriminal”.
“The ACSC and our law enforcement partners have seen a significant increase in BEC over the last 12 months and expect these incidents will continue to increase in prevalence.”
Criminals are now adept at sidestepping user-awareness training and cybersecurity point solutions, using targeted approaches (‘spearphishing’) that leverage personal and professional relationships – such as between a client and their service provider or a boss and their employee – to steal. The emails they send are focused, targeted and believable.
But emerging security protocols offer a reprieve for email users, while enhancing brand visibility and even enhancing marketing outcomes, says Brian Westnedge, Senior Channels Director at cybersecurity vendor Red Sift.
“We all get a lot of email and we're all very busy; it's very hard to look at an email and make an immediate determination about its authenticity”, says Westnedge.
“Email is the workhorse of today's business [communications] and biggest channel for digital marketing. So protecting its integrity should be front and centre for every organisation.”
DMARC and BIMI emerge as email saviours
Email providers that rely solely on two legacy protocols – Sender Policy Framework (SPF) and DomainKeys Identified Mail (DKIM) – are losing the battle against malicious actors.
So the first of two new frontline protocols – Domain-based Message Authentication, Reporting and Conformance (DMARC) – has emerged to bolster email defences. Indeed, ACSC says: “DMARC is critical” for email cybersecurity: “Implement it now irrespective of your existing controls”.
“DMARC gives you visibility into how your domain is used for email, and who is sending emails using your domain. You may know your own corporate email streams but might not be familiar with other cloud services that send email for you. So unless you're using DMARC, you can't be assured that all of your email streams are authenticating properly.”
Westnedge says DMARC closes a loophole through which criminals impersonate or “spoof” brands, which lifts the likelihood that legitimate emails reach their intended recipients.
“Authentication is just a basic building block of a modern deliverability strategy.”
Dovetailing with DMARC is the second emerging email protocol, Brand Indicators for Message Identification (BIMI), which places a logo or avatar alongside the subject line in the email header so users instantly know it is trusted.
Google offered a fillip to BIMI advocates in July 2021 when it started moving its nearly 2 billion Gmail users to the protocol.
“BIMI, an industry standard that aims to drive adoption of strong sender authentication for the entire email ecosystem … provides email recipients and increased confidence in the source of emails, and enables senders to provide their audience with a more immersive experience,” blogged Google senior email cybersecurity executives Neil Kumaran and Wei Chuang.
Chief marketing officers first to gain from BIMI ‘reward’
Westnedge likens BIMI to a “reward” for good email hygiene with DMARC.
“Google is saying that, if you get your domain to 'DMARC enforcement' – a policy of ‘quarantine’ or ‘reject’ – we're giving you a benefit for that hard work and being a good citizen. And that benefit is, we're going to display your logo alongside your email in a mail client.”
Although the entire organisation, its users and external partners and stakeholders benefit from the twin protocols, marketers will see obvious and immediate gains. It’s an especially critical time for marketers and IT to collaborate because unrelated changes to tracking emails and users across the web will impact success of the overall business.
“If I'm a marketer, I'm in a cutthroat industry so I need to maximise open rates, conversions, brand recall and purchases. I need every advantage over the competition. With BIMI your email recipients no longer see a default avatar in their client, they see your organisation’s actual trademark,” says Westnedge.
Survey backs shift to trusted (and branded) email
These intuitions were backed by a July 2021 survey Red Sift conducted with certificate and identity authority, Entrust.
The partners found that open rates rose 21 per cent, irrespective of brand strength or market share as recipients were more responsive to messages that displayed a logo alongside emails. Other findings included:
- 34 percent increased average purchase likelihood – Prospects were more likely to buy when brand logos were displayed in the inbox.
- 18 percent increased brand recall – After seeing the logo in the inbox for five seconds, recipients were more likely to recall the brand (and stronger the brand, greater the recall).
- 90 percent lift in consumer confidence – BIMI increased consumer confidence in the email they received.
Of interest to those marketing to tech-savvy consumers, researchers found 28 percent of Gen Z respondents reacted negatively to the absence of trusted brand logos in their emails.
Red Sift local office drives email awareness with Aussie firms
Red Sift sees a big future for trusted email in the Asia-Pacific and recently opened a Sydney office to serve the region.
“We're really bullish on BIMI at Red Sift,” says Westnedge, who says Red Sift and Entrust now have a local “one-stop shop” for DMARC and BIMI transformation.
“We ‘operationalised’ the process to automate DMARC enforcement and help customers implement BIMI to obtain a special certificate from Entrust.
“Just because you're a small organisation or not-for-profit doesn't mean you won't be a target, and it doesn't mean you can’t implement trusted email protocols. It’s easier than you may think.
“And if you want to be a good corporate citizen, you set the example to your partners, customers and your supply chain and then you can expect the same in return.”
Want your emails to hit recipients’ inboxes and stand out from the crowd? Ask Red Sift about its 14-day free trial so you can deploy DMARC and BIMI to protect your brand, customers and partners from cybercriminals while improving your marketing results.