The more we become reliant on the internet for storing data, shopping, banking, etc, the more cybercriminals will seek to exploit it. Through phishing it is possible for your sensitive data to become compromised. Organizations in particular are at great risk because a single employee who is phished could potentially compromise the entire company’s data. In this post, I’ll be discussing what phishing is, how to identify it, and some best practices to keep you secure in the event you come across it.
What Is Phishing?
Put simply, phishing is the practice of passing oneself off as a legitimate organization via email with the purpose of tricking individuals into revealing their personal information (e.g. usernames, passwords, credit card numbers, social security numbers, etc.).
How Can I Identify A Phishing Email?
Unfortunately, this is a hard one to answer, because every phishing attack is different. That said, there are a few things to look out for:
Misspellings, Poor Grammar, or Typos, ESPECIALLY in Links to Websites:
Phishers will often try to get you to visit a website that is disguised to look like a legitimate popular website. Even if a web address looks correct in an email, it could redirect you to a different website, so watch out!
Requests for Sensitive Information:
If an email ever asks you to provide your password, credit card, bank account number, etc. there is a good chance it is a phishing attempt.
The Email’s “From Address” Differs from the Organization’s Domain:
If you get an email from your bank or from a website you visit, then the email address sending that message should match that organization.
The Email is about Something You Don’t Recognize:
I f you receive an email saying that your order has shipped, you won a contest or that you won the lottery, but you never bought anything, entered a contest, nor bought a lottery ticket then it is probably a scam.
The Message Is Threatening
Be especially wary of any email that says things like: “Urgent Action Required”, “Your Account Will Be Closed”, “Final Warning”, etc. Scammers will often try to scare you into giving up information.
It’s Coming from a Government Agency:
This goes hand in hand with the last point, but scammers will try to pose as the government to intimidate you. It’s unlikely that a government agency will try to reach out to you through email.
Suspicious Emails That Match the Seasons:
It’s not uncommon for a scammer to adapt to the time of year or current events. For example, you may see more scams revolving around packages being delivered and online shopping around the holiday season, or fundraising scams looking to capitalize on a recent tragic event.
What Should I Do If I Receive A Phishing Message?
This will depend on what actions you took upon receiving the message:
I Got the Email, But I Didn’t Respond Or Click on Any Links:
Good! Delete the message and/or report it as Spam. If you got the message to your work email address, you may want to let your IT/Security team know, in case anyone else at your company receives a similar message.
I Clicked a Link in the Email, But Didn’t Enter Any Information:
You’re probably ok. Just to be safe, I’d recommend running a virus scan on your computer, and once again, informing your IT/Security team if it was to your work email address or the link was accessed from your work computer.
I Clicked a Link Or Responded And Provided Sensitive Information:
First, immediately update any username or password that you may have provided. If you use the same username or password for multiple websites (which, as a reminder is not a recommended practice) then be sure to update those as well.
Be sure to contact your IT/Security team if it was to your work email or work computer, as well as any organization related to the scam. For example, if you provided bank account information in response to the phishing message, be sure to contact your bank and tell them. You may need to have new credit cards reissued, added security to your account, etc. You will also want to run a virus scan just in case clicking on the link installed any malware.
Continue to be on the look out for fraudulent charges, suspicious account activity, or anything that may seem out of place.
Please keep in mind that these are only general practices, it would be impossible to dig down into each individual type of phishing scam. A good rule of thumb is: if it makes you uncomfortable, don’t click it. If you are unsure, many websites have in-product messaging, so if there is an issue with your account, there is a good chance you can log in directly from the website and read about it there. When in doubt, contact the organization that potential phishing email appears to be from, but always get contact information by typing website’s URL into your search bar and visiting their website directly, NOT through the possible phishing message.
... View more
Most people know by now that in the world of email marketing, permission-based addresses are considered the gold standard; however, it’s not always clear just what exactly counts as “permission”. It gets even more confusing when you realize that there are different types of permission. In this post, I’m going to look at the two different types of permission: Implied and Explicit
Note: Depending on where you live, what you read, or who you speak to, the terms may be slightly different (such as “implicit” instead of “implied” or “express” instead of “explicit”, however, the definitions remain the same).
Implied permission is when someone provides you his or her email address through regular business communication, but without a direct request for ongoing communication. Some examples might include:
Filling out a Contact Us, Request a Quote, or other similar form
Inquiring about a product or service via email
Business card exchange or badge scan at a networking event
Purchasing a product or service (without there being any opt in option)
Registering for an event (without there being any opt in option)
Signing up for a contest or giveaway
Donating to a charity or political campaign
Requiring an email address to access website content, downloads, etc.
Pros Of Implied Permission:
Requires minimal effort
Generates the most amount of contacts while still falling under the “permission based” umbrella
Eliminates the potential for error on the subscriber’s end
Cons of Implied Permission:
Not considered an email marketing “best practice”
Many contacts may feel violated and complain, which can cause spam complaints, negatively affecting your online reputation
Implied permission lists tend to have lower engagement (Opens, Clicks, etc)
Some people who are savvy to the world of email marketing may have fake or junk email addresses that they use to avoid getting mail they didn’t request.
Some countries (such as Canada) have very strict regulations around implied permission contacts and how long you may use them. (For specific information regarding the Canadian Anti-Spam Laws [CASL] click here)
With Explicit Permission, the contact takes a direct action to request to be on an organization’s mailing list. With this method, there is no question as to whether or not they would like to receive your newsletters. Some examples include:
A newsletter subscription box on the website
An uncheck box on an online form or event registration
Paper and pen sign up form at physical location
Pros Of Explicit Permission:
Considered to be a best practice
Permissible with every current email marketing provider and law
Create a more engaged list of contact who are more likely to generate Opens, Clicks, and Forwards
Can be used in conjunction with a double opt in to create an even cleaner list.
Cons Of Explicit Permission:
Requires a bit more work to get off the ground than implied permission and has a slower growth rate
There is the risk of a potentially interested party not taking the action to fill in a sign up box or check an unchecked sign up box.
It has been my experience that many email marketers have a mix of both implied and explicit contacts. Constant Contact strongly encourages you to utilize explicit permission whenever possible. If you do have contacts that have given implied permission, try to mail to them separately from your explicit contacts. That way any Compliance issues that may occur will not affect your contacts that directly opted in. You may also want to consider trying to get explicit permission from your implied contacts.
... View more
Here at Constant Contact, we are an industry leader in email delivery. This is no accident. Our Terms and Conditions are designed to ensure the best possible delivery rate for all of our customers.
That being said, it’s expected (read: absolutely normal) that most email campaigns will have some level of bounces. Knowing the cause and reasons behind these bounces can help you as a marketer to ensure you are mailing to the cleanest, most engaged list that you can. First, I covered Non-Existent and Suspended bounces, then Undeliverable and Blocked bounces; today I will be going over the remaining categories: Mailbox Full, Vacation/Auto-Reply, and Other.
What Is A Mailbox Full Bounce?
When an inbox reaches it’s maximum allowed storage, it will reject the message and bounce it back to Constant Contact as “Mailbox Full.”
If The Recipient Frees Up Space In Their Inbox, Will They Start Getting Mail Again?
Yes; however, I recommend removing these contacts. Here’s why- most ISPs (Internet Service Providers) provide more than enough inbox space for the average user. If someone’s inbox is so full that they can not accept mail, chances are they are not actively checking their mail and therefore are not an engaged contact.
What’s The Deal With The Vacation/Auto-Reply Bounces? When I Set An Auto-Reply, The Mail Waits For Me In My Inbox.
You’re right! This is the exception to the rest of the bounce rules. Messages that show in this category are delivered to the contact, no action on your part is necessary. We include these with the bounces to let you know that you may not see an open/response/click from this customer for a while.
Note: While most of these responses get sent to the actual sender (Constant Contact), some can be sent to the email address you selected as the “from” address for your campaign
What Is The “Other” Bounce Category?
As stated in a previous post, we sort our bounces based on information that the ISPs provide us. If the information they send back isn’t clear, it may get sorted into the “Other” category.
Should I Remove My “Other” Bounces?
That is a tough call. I recommend obtaining a secondary email address for the contact if possible. If the address continually bounces and you are confident that it is a valid contact, then please reach out to our Account Review team at 866-433-8499.
Where Can I Find These Bounces?
If you look at the reporting for a specific campaign, click on the number of bounces you have. Then select your choice from the “Display” drop down.
... View more
Here at Constant Contact, we are an industry leader in email delivery. This is no accident. All of our Terms and Conditions are designed to ensure the best possible delivery rate. That being said, it’s expected that most email campaigns will have some level of bounces. Knowing the cause and reasons behind these bounces can help you as a marketer to ensure you are mailing to the cleanest, most engaged list that you can. Last month, I spoke about Non-Existent and Suspended Bounces, in this post I will be detailing Undeliverable and Blocked bounce types.
What Are Undeliverable Bounces?
When Constant Contact sends an email to a recipient, but the receiving server can not be found or connected to, the email will bounce as Undeliverable.
For Example: If someone were to send an email to my address, let's say it's firstname.lastname@example.org m; however, at that time the receiving server, in this case it would be example.com , is not responding. The email will bounce as Undeliverable as a result (usually after multiple automated resend attempts).
Isn’t That The Same As A Non-Existent Bounce?
Not at all!
A Non-Existent bounce occurs when we connect to the receiving server, but they can not find the address we are trying to send to.
With Undeliverable bounces, that initial connection can’t even be made.
What Are Blocked Bounces?
In the never-ending battle against spam, ISPs do what they can to stay ahead of the curb. Most often, this involves the use of email filters or blocklists to keep there subscribers’ inboxes clean. Sometimes those filters and blocklists end up preventing Constant Contact’s mail from getting to the intended recipient, resulting in a Blocked bounce.
Does A Blocked Bounce Mean That Constant Contact Is Blocked?
Not necessarily, While it’s true that Constant Contact (like all ESPs) may occasionally experience blocking issues at a particular domain/filter/blocklist, most often Blocked bounces occur on a smaller scale. These bounces can occur due to content in the email that a spam filter deems problematic, such as an image, email address, or website. Some ISPs even have rules based around how much mail they accept at a time from any one source, or even block email from bulk senders altogether.
Where Can I Find My Undeliverable and Blocked Bounces?
If you look at the reporting for a specific campaign, click on the number of bounces you have. Then select “Undeliverable” or “Blocked” from the “Display” drop down.
What Should I Do With Undeliverable and Blocked Bounces?
In the case of Undeliverable bounces, it’s acceptable to try sending to the addresses again after a few hours, just in case it is a temporary issue. If they continually bounce, then we recommend moving them to unsubscribe.
Blocked bounces sometimes take a bit of work to diagnose. First, check the “Email Delivery” row at https://status.constantcontact.com to see if there are any known issues. If that doesn’t help, then please reach out to our Account Review team at 866-433-8499.
... View more
Here at Constant Contact, we are an industry leader in email delivery. This is no accident. All of our Terms and Conditions are designed to ensure the best possible delivery rate. That being said, it’s expected that most email campaigns will have some level of bounces. Knowing the cause and reasons behind these bounces can help you as a marketer ensure you are mailing to the most current, engaged list that you can. Over the next few months, I will be writing about Constant Contact’s various bounce categories to (hopefully) clear up any questions you may have. In this post, I will be focusing on Non-Existent and Suspended Bounces.
What Are Non-Existent Bounces?
When Constant Contact tries to send an email to an address, it can bounce as Non-Existent if the receiving server tells us that the address in question does not exist.
For Example: Say I have the address “email@example.com”, but I create a new email address and shut down this one. A few months later, if someone tries to send an email to my old address, “example.com” is going to send a message back to the sending server indicating that “firstname.lastname@example.org” is no longer in existence.
What does Constant Contact do with email addresses that consistently bounce as Non-Existent? We “suspend” them.
What Are Suspended Bounces?
Put simply, they are email addresses that have continually bounced as Non-Existent.
Put not so simply, they are not true bounces. They are email addresses that have been placed on a global suppression list of addresses Constant Contact does not send to.
Allow me to explain. When an email bounces as Non-Existent, it is placed on a 15 day hold. During this time, no mail will go to the address in question from any Constant Contact account. After that 15 day period, mail will resume going to the address. If the address continues to bounce as Non-Existent, it will be added to Constant Contact’s global suppression list and show as a Suspended bounce within a bounce report.
Why Does Constant Contact Care About Bounces? (And Why Should You?)
Constant Contact is a “shared IP environment”, meaning that we have a number of IP addresses through which all customers send their mail. To ensure email delivery, we need to take measures to help the reputation of these IP addresses, otherwise ISPs and domains may decide to not accept our mail. Continually mailing to email addresses that bounce as non-existent is frowned upon in the industry and could impact Constant Contact’s ability to deliver your mail to the inbox.
You can help by managing your Non-Existent bounces after each campaign.
How Can I See My Non-Existent and Suspended Bounces?
If you look at the reporting for a specific campaign, click on the number of bounces you have. Then select “Non-Existent” or “Suspended” from the “Display” drop down.
What Should I Do If I Think A Non-Existent (or Suspended Bounce) Is Valid?
Here are a couple of reasons why a valid email address could be bouncing as Non-Existent:
There Is A Typo - Lets face it, nobody is perfect, and most people’s handwriting is certainly less than perfect. Typos happen, and often they can lead to bounced email addresses.
Bounce Coding - We classify bounces based on the information given to us by the receiving server. If the message received is too vague, or points to a Non-Existent bounce when it truly is not, then it could be erroneously categorized.
If you come across a Suspended bounce that you think is valid, please contact the Account Review Team at: 866-433-8499
... View more