How to Reduce Risk – Email Marketing Security Tips from THE Expert

Big data means even bigger breaches. Are you on high alert? You might be putting your company and your customers at risk through your marketing practices. Data breaches in 2016 were up 40% year over year, and email security in particular is putting your company, and consumers, at risk!

We posted a reality check on the Demac blog about CASL – Canada’s Anti Spam Legislation – coming into full effect on July 1st 2017. Have you taken heed to get in compliance with the anti-spam laws and regulations that impact your business?!

By not being CASL compliant you’re putting your customers and your business at risk. Don’t let a email marketing security breach undermine the reputation of your company!

Continue reading to learn how to reduce your risk, and get critical tips from industry expert James Koons, Chief Privacy Officer at dotmailer.

Email Marketing Has Ruled Since Before The Internet.

The digital economy’s growth has been exponential, and with it has come digital marketing practices. To this day, since before the dawn of the internet, email has remained the most popular marketing channel for retailers and brands.

ROI with email is getting bigger, and email sends have kept growing. In fact, 80% of retail professionals indicate that email marketing is their greatest driver of customer retention.

“Email is the cockroach of the internet” – James Koons

Even though email has been around for decades, the technology behind it hasn’t changed much. This poses a bit of a problem, because it means hackers have the vulnerabilities of email figured-out. The good news is there are ways email service providers, email receivers, and retailers can reduce security risks!

Essential Email Marketing Security Tips from a World-Leading Expert

How to reduce risk - email marketing security tips from an expert
I was lucky enough to chat recently with James Koons, Chief Privacy Officer at dotmailer – one of the largest Multi-Channel Marketing Automation Providers and trusted Demac partner – about his involvement in CASL, knowledge of data privacy, compliance, email deliverability, and best practices!

When it comes to security and privacy experts, James Koons is easily the best person in the world to go to for advice. His resume is impressive, with a background in information systems security, ecommerce, digital marketing, roles in consulting, a JD, and Board of Director positions with Online Trust Alliance (OTA), the Email Sender and Provider Coalition (ESPC) and the Messaging, Malware and Mobile Anti-Abuse Working Group (M3AAWG).

Did I mention James has testified in both the US House and Senate on matters pertaining to digital marketing, privacy and anti-abuse?

James has critical advice for retailers and brands when it comes to being CASL compliant and reducing the risk of security threats. Here’s what we discussed, and what you need to know about right now.

Related: The Secrets to An Amazing Welcome Email!

Why Email Fraud is Your Worst Nightmare

When the most popular marketing channel is also the least secure, it can quickly lead to disaster.

Email fraud and data breaches can damage your brand reputation and completely erode the trust of your customers. This is what James Koons refers to an “extinction level event”, as in your business will be extinct.

There is immediate loss that follows spoofing and phishing that goes far beyond lost revenue. Once consumers lose trust they won’t be opening your emails, and Email Providers, like Gmail and Microsoft, will stop delivering your messages. Authentication standards like SPF, DKIM, and DMARC are essential, not optional anymore.

Don’t risk ruining brand loyalty, marketing ROI, and revenue!

Marketers Should Work Closely with Security Teams


How to reduce risk - email marketing security tips from an expert
Given the very real threat email fraud presents it’s easy to see why marketers need to work closely with security professionals to reduce risk and protect your brand.

A lock on the server room door isn’t going to cut it anymore, says James Koons. You need to go beyond the physical layer of protection.

Start by integrating security with your company culture. From regular risk assessments to pricing, security should be part of everything your company touches.

A security expert will be able to look at your marketing and ensure that you’re acting within laws and regulations, advise whether you’re at risk, and make sure you’re not storing more data than necessary.

Think this might be too extreme? One cybersecurity case James worked on with Infragard and the FBI involved a retailer who stored images of their customers, including information on their appearance (this was relevant to what they sold), like eye and hair colour. Turns out this retailer ended-up getting hacked by a well-known terrorist organization, who then used this data to create fake I.D. cards.

All it takes is one breach, one bad actor, to ruin your business. Start treating security and compliance people like the “good guys”, because they’re here to prevent these business destroying events, and are here to protect you.

More Personalization = More Protection!

We all know in the age of modern commerce and marketing, to be effective you rely heavily on consumer data to drive content, promotions, frequency, and other components of an email marketing strategy. Although more data = more personalization, it’s important to remember that this also means you need more protection!

Related: How to Get Customers to Stop Unsubscribing

How to Protect Your Customer’s Data from Cybersecurity Threats:

How to reduce risk - email marketing security tips from an expert

  • Don’t collect more data than you absolutely need.
    • Ask yourself, “Am I collecting the right data, and will I use all of this?”.
  • Have a data retention policy in place.
    • In the case of CASL, remember that burden of proof rests on you.
  • Your email marketer needs to be an experienced data controller.
    • The more data you have, the more at risk your company will be. Put someone completely confident and experienced in handling data in charge of your email marketing.
  • Implement a sunsetting policy for contacts.
    • When do you end the relationship with a contact? If they aren’t engaging with you, you need a policy in place to call it quits.
  • Look at email addresses as people, not another number.
    • Treat customers/subscribers how you wish to be treated.
  • Get a data protection agreement.
    • If you’re using a third party program, like an analytics application, you 100% must have a data protection agreement in place.
  • Do Your Due Diligence!
    • Avoid a CASL or other anti-spam violations, while keeping your business and consumers safe, by taking the proper steps to achieve compliance!

How Retailers can Protect Themselves:

Aside from taking to heart the above tips on protecting your data from threats, it’s critical that retailers and email marketers follow current best practices. It is up to you to ensure the ESP (Email Service Provider) that you’re using is authenticating, and that within your own company best practices are taken seriously.

This might seem like an obvious suggestions, but you’d be surprised by how quickly best practices change, and how many companies think they’re safe. James suggests that you follow best practice guides put forth by some of following organizations:

DMA – A network of more than 1,000 UK companies is privy to research, free legal advice, political lobbying and industry guidance.

CRTC – Canadian Radio-Television and Telecommunications Commission – The CRTC is an administrative tribunal that regulates and supervises broadcasting and telecommunications in the public interest.

Join an organization to help fight against spam, to protect businesses and consumers. James is on the board of the following orgs, and suggests you join:

M3AAWG – Messaging Malware Mobile Anti-Abuse Working Group – Where the industry comes together to work against bots, malware, spam, viruses, DoS attacks and other online exploitation. Click here to view their sender best practices.

ESPC – Email Sender & Provider Coalition – Formed in 2002, the ESPC is a cooperative group of industry leaders working to create solutions to the continued proliferation of spam and the emerging problem of deliverability. Any brand marketers who wish to join the ESPC, will be able to get one year membership free by mentioning James Koons when signing up.

Related: 7 Reasons Why Anti-Spam Laws are a Good Thing!

How dotmailer is Working to Help Marketers and Protect Customers

dotmailer Email Service Provider
dotmailer introduced the dotMailer Data Watchdog, a powerful self-learning analysis tool, in 2009, to protect sender reputation and delivery rates. Since launching the Data Watchdog has completed an astronomical amount of checks to safeguard users sending to email addresses that might cause damage to brands’ reputation, through twofold protection:

  1. The Data Watchdog protects the send who uploaded the data, by assessing and blocking anything deemed to be potentially problematic
  2. It also protects brands and retailers from being affected by other users sending to potentially problematic data

The dotmailer team has also developed a Automation Reputation Manager (ARM), which uses specific metrics and a scoring system to determine and move clients into the most appropriate pool, based on their email marketing program performance. ARM works in the background of their platform to protect you, and allow you to improve deliverability and protect your reputation.

What’s Next for Brands and Retailers?

CASL, Anti-spam, canada's anti-spam legislation, spam laws, casl compliance, casl checklist, demac media

Get Express Consent

Now that CASL’s transition period ended, it’s expected that companies communicating electronically with Canadians have Express Consent from their contacts. Right to Private Action has been delayed, but your company is still subject to fines.

James recommends that brands and retailers take the foolproof approach by getting Express Consent right away. Everything will be less painful, if businesses confirm everything and follow the regulations required. Download Demac’s free checklist to achieving CASL compliance by clicking here, and learn how to get Express Consent from your customers.

Be on the lookout for a changing of regulations.

Especially in the United States, James warns that, lawmakers are revisiting the CANSPAM Act of 2003 and strengthening the regulations behind it.

Continual technology advances that influence the way that the commerce world does business has meant that legislation will constantly need revising. Considering that 90% of the world’s data has been generated in the last two years, it shouldn’t come as any surprise that these legislations need to be updated to keep protecting people.

Security in a Connected World.

As consumers and companies adopt more technology, and welcome it into our private spaces to help us automate and improve our lives, it’s important to think about what security in a connected world will look like.

By 2020 it’s projected that we’ll have 24 billion Internet of Things device in the world. James Koons notes that these device can give hackers even more entry points, so as vulnerability to hacking increases so will companies’ readiness to deal with and protect against cyber threats.


Become a good steward of data now, to protect against potential security risks!

sotmailer provides you with uniquely scalable, easy-to-use and fast email, social, mobile, design, management and reporting features to improve your productivity and drive ROI.Their trusted and powerful, cross-channel marketing automation technology serves over 50,000 people from start-ups, SMEs and global corporations sending millions of emails a day. Click here to learn more about dotmailer.

To learn more about CASL and achieving compliance, click here to read our round-up post or click the button below to get your compliance checklist:

Get Your CASL Checklist!