How Can You Gain Security and Trust for Your Customers’ Email Addresses?
With the increasing number of data breaches these past few weeks, targeting email service providers and the end-user data they host, many people are asking, “Why hack into a system just to steal email addresses? Why not target a bank or other entity with a bigger financial windfall for those committing the crimes?"
The answer might surprise you: personally identifiable information (PII) is still the preferred currency of hackers and spammers.
Hackers have the ability to somewhat easily sell this stolen data and make money. In fact, many of them sell email addresses and general PPI data over and over again compared to breaking into a bank account just once or using a stolen credit card a few times before it's cut off. Having a stockpile of live email addresses also affords hackers continued free access to consumers’ computers that they infect through malicious emails. The hacker then has a back door through these contaminated computers to hide additional online crimes.
Many of us need to recognize that email addresses should be classified as valuable data and consider the security standards used for financial data. So how does security apply to email addresses?
One of the steps that needs to occur early in an email relationship is to provide end users with a notice that your brand might use third-party services. Also, explain how you'll maintain their data on your own servers. As a brand, you should perform proper annual security reviews of how PII is stored and transferred around your network and through any third parties you work with.
As a sender, you need to use proper email authentication models, like Sender Policy Framework (SPF) or DomainKeys Identified Mail (DKIM) to protect your domain and brand from misuse. When authentication mechanisms are applied, both the originating and receiving systems can correctly and reliably validate who's accountable for the message. The Messaging Anti-Abuse Working Group's (MAAWG) whitepaper Message Sender Reputation Concepts and Common Practices can put you on the right track.
Related story: Ways to Plant Social Media Seeds