Beware of IRS Email Scams

It’s tax time again which can be one of the busiest times for on-line scammers.  They’ve already demonstrated that they’ll follow the money and take advantage of consumers in any way they can.  With increased interest in tax filings from now through April, they will use this as an opportunity to take advantage of the unsuspecting consumer in something I will call the tax refund scam.  The scam involves sending the public to phishing sites to gather personal and financial information.  According to the Washington Post (http://www.washingtonpost.com/wp-dyn/content/article/2008/01/30/AR2008013002413.html?hpid=moreheadlines) the IRS tracked four such sites in 2005 and by 2007 that number had increases to 900.  This year the IRS estimates a staggering 3700+ such schemes in which consumers are being targeted. 

Why it works:  You’ve probably heard tales of people falling for the Nigerian money laundering scam.  This scam involves people having to jump through hoops and actively sending money in an illegal scam to gain some unprecedented amount of money in return.  Compare that to the tax refund scam.  It purports to be from the Internal Revenue Service instead of some foreign exile, the means by which the consumer is to receive the funds is purported to be legal and generally accepted versus covert and illicit.  The tax refund scam promises amounts as little as thirty up to several hundred dollars; these amounts are considered by many to be reasonable and appropriate versus an amount that mesmerizes the recipient.  To recap: one scam involves working hard to hide money in an effort to claim illegal millions while the other promises the rightful return of money you overpaid via an easy on-line claim process.

Already, I’ve received my first notice of refund via email and I’ve not filed my taxes nor have I even received all of my tax forms but I’ve been assured that just over $300 is overpayment that belongs to me.  All that is required is for me to give-up my personal and financial information. 

Now that you’ve been apprised of the situation I am hopeful that you’ll not fall for the attack and instead you will carefully evaluate the messages you receive, read the headers of the email, determine whether the IP addresses relaying the messages are actually tied to the domains they are purporting and what the legitimacy of the organizations behind those domains is.  Be certain that the message has not been redirected to you erroneously and that by opening the message you have not subjected your personal computer to the threats of virus, malware or spyware.  Alternatively, you can look for the CertifiedEmail icon on your email envelope to be assured the message is safe and from a trustworthy source.

*If you have received an email containing a tax refund scam, it can be forwarded to phishing@irs.gov

Be good to the consumer,

Charles

What is the value of trust? What even is trust?

More and more we are hearing about the importance of trust in email.  I have been to maybe three conferences in the past few months, and sat in on at least as many industry association and alliance meetings, where the topic of consumer trust in email comes up.

Financial segment senders tend to understand the value of ensuring customers trust email messages.  Phishing attacks have a definite cost associated with them.  It is relatively easy to do an economic model on the expense incurred in terms of calls to the support center, issuing corrective measures, etc.  We don’t have to work too hard to convince the 250 most phished brands to take measures like rolling out authentication protocols to make sure email messages can indeed be represented to consumers as genuinely from the sender the email purports to be from.  The Financial Services Technology Consortium has been a real leader in this respect.

Real “trust,” though, includes a number of components.  At a minimum, it includes authentication, but it also includes means of conveying to a consumer not only “who really sent this email” but also “what do we know about this sender.”  In email “reputation” is a term of art that typically refers to things like consumer complaint rates, but in a larger context, reputation – like brand – goes to the values a consumer imputes about your company, and its email.  Trust is like brand, in that sense:  something that touches all aspects of your company’s image, and something you can never pay too little attention to.

Marketers typically look at things like open rates, click-throughs, conversions, and other economic measures of program performance.  They don’t typically quantify the economic value of ensuring consumer trust.  Is it possible to create a measure like “return on trust”?  What is the real economic benefit to a sender of maintaining trust at the highest levels with consumers?

David Atlas, SVP Sales and Marketing

White-lists Providing False Hope?

You’ve worked hard to build your distribution lists, you’ve adhered to the best practices in the industry and you’ve done what was asked by mailbox providers but your mail still isn’t reaching the inbox.  This is not an uncommon problem; the typical solution is to be put on a white-list.

Blacklists or block-lists are routinely shared among mailbox providers in an effort to combat spam.  White-lists on the other hand are a guarded secret, holding the identification of those mailers that have received “special permission”.  The special permissions may permit your mail to be delivered, may reduce or eliminate spam filtration on your mail or might simply be providing you with false hope.

Why would mailbox providers provide access to something which was apparently so sacred and so carefully guarded?  Frankly, white-lists are intended to address the shortcomings of spam filtration technology.  Acting in the best interests of their customers, mailbox providers will block spam to enhance the user experience.  Unfortunately, the rules for catching spam also catch some legitimate thus a need for an exemption based system.

Just because you’re on the white-list doesn’t mean your mail is getting delivered.  What type of white-lists are you on?

-          Location lists – Used to identify your mail server as a localized to a specific location. Some early spam rules treated mail from outside the continental US as highly suspect and blocked in instances delivered in volume.  White-lists were used to exempt certain foreign IP addresses.

-          General identification – Used to assert an identity and attribute a reputation to it, typically uses IP addresses but could use other authentication technologies such as Sender ID Framework, Domain Keys or cryptographic tokens.

-          URL lists – Used to identify specific URL’s in your message as legitimate and not spoof url’s or otherwise malicious.

-          Domain lists – Used to identify a mailer as a recognized legitimate mailer, widespread use early on but has declined significantly due to bogus DNS records

-          Reputation/Accreditation lists – This list uses some form of authentication (generally the IP address) to identify the mailer and either asserts a reputation for the mailer or an indicator that the mailer has passed some form of accreditation.  Mailbox providers may have an agreement in place with the list provider to provide some privilege.

Clearly, the trend is towards reputation or accreditation lists and the best solutions incorporate both.  Incorporating an authentication mechanism that is not spoofable with such systems is the best case scenario and forces marketers to be accountable for their online actions not just their brand reputation.  What this means for marketers is that the white-lists they once relied upon for getting their email delivered are going to become less effective as mailbox providers transition to reputation based systems.

More on what you can do to make sure your online reputation is consistent with your brand reputation in another post…

Charles Stiles, VP Worldwide Business Development

E-mail reputation systems: Can we learn from social networking?

In case you haven’t noticed, there’s a revolution happening in social networking with vast implications for e-commerce that extends down to e-mail marketing. I use the term revolution deliberately, not in the hyperbolic usage of many Silicon Valley vendors.

I say revolution, because there’s a radical shifting in the balance of power from a centralized authority — a brand, system or site owner — to the people. The Internet, through Web 2.0, has democratized the marketplace by empowering the individual. This has far-reaching implications on how ISPs calculate your complaint rate or if you are a “spammy” sender.

Delivering your e-mail requires maintaining best practices to ensure that your e-mail is considered relevant by your opt-in recipients. It’s simple reasoning: Consumers have a big hammer — the “Report as Spam” button — that can whack senders who, in the consumer’s perception, violate the consumer’s perceived right not to be inundated with unwanted messages.

The problem is consumers’ treatment of the “Report as Spam” button. There is no differentiation between an herbal Viagra e-mail sent from Bulgaria and the coupon offer that arrived one too many times. Any click of that button dings your reputation. As complaint rates rise, your e-mail deliverability decreases. To make matters worse, there is often no ability to differentiate how many times a user clicks the button. Someone who has had a bad day can punch the “Report as Spam” four times, possibly generating four dings to your company. Currently, the system aggregates the crowd’s implicit wisdom —not consumer reliability.

However, using social networking’s play book may change the industry. It is possible to allow users to specifically complain and differentiate between unauthorized senders and opted-in senders who send too frequently. As we work to build registration pages allowing consumers to specify types of e-mail they want and frequency, it is possible for complaint systems providing similar levels of granularity.

In calculating your complaint rate scores, it is possible to envision a system that allows us to score the scorer, and determine if a complaint is accurate and about true spam versus just someone complaining for the sake of complaining. Applying the wisdom of crowds to sender reputation systems can help to accurately determine a sender’s real complaint rate.

So next time you think this Web 2.0 stuff has no lessons for you, the e-mail marketer, think again. It is quite possible that the wisdom of crowds will become a very important ally for you in getting to the inbox.

Are We Making Things Easier for Consumers, or Harder?

A recent New York Times article about online retail sales caught my immediate attention.  Titled Online Sales Lose Steam, the piece detailed new research from Jupiter showing that in the last year, growth has slowed sharply in major sectors like books, tickets, and office supplies.Analysts say it is a turning point and growth will continue to slow through the decade.

To be sure, some of the slowdown is just simple math:Internet sales are forecast to hit $116 billion this year, approximately 5% of all retail sales, and as the overall size of the market grows, it’s hard to maintain the same growth rates as when it was small.Still, some of the slowdown was attributed to consumer attitudes:Consumers seem to be experiencing Internet fatigue and are changing their buying habits.

The value proposition of email marketing for consumers must have to do with ease and convenience.You can surf the web at your convenience, obtain the products or services you like when and wherever, and we arrange to have it sent to you.We can then even track what you’ve bought and let you know about offers on related things.

Email marketers tend to talk about relevance a lot, but it isn’t just because being irrelevant leads down a nasty path towards deliverability issues.Relevance we’ll get you what you really want is about making it easier for consumers to get things done online.

Yet, does email as a marketing channel overall make things easier for consumers, or more difficult?Online, it’s much more of a task, the Times piece quotes Macy’s executive Liz Hauer saying.The article cites Harvard Business School professor Nancy Koehn who suggests that online shopping, because it involves a computer, can feel like work.

What are we as email marketers doing to minimize this feeling?Have we made it easy for consumers to tell what messages are real and desired?Or have we defined relevance as whatever we can send that doesn’t get us blocked?As a marketing medium, email is a pretty motley mix now urgent email from bosses, overt scams, multiple copies of the latest viral video hit forwarded from multiple college friends, bills and statements, and regular old fashioned spam.

What are we doing to make things easy for consumers?

Four New CertifiedEmail ISPs, and The Winner? The Consumer

Well, the news is out:  four new major mailbox providers have announced CertifiedEmail support!

Seeing the nation’s top ISPs, including Comcast, Cox Communications, Time Warner Cable’s Road Runner, and Verizon, all adopting the same solution at the same time is not the most common of sights.  What could be so fundamental and important that four competitors would come to the same conclusions?

The answer?  Email has broken down as a reliable medium we can trust.  Consumers today look at their inbox as a relatively undifferentiated pile of messages, some real, some fraudulent -- legitimate email, herbal viagra come-ons, messages from your niece, shipping confirmations, and seventeen copies of the same new viral video hit forwarded by friends from college.  Personal mail aside, consumers cannot readily tell whether a given email is (1) a desired message from a company they already have a relationship with, and (2) an authentic message that is safe to open and act upon. 

CertifiedEmail solves this problem for consumers by specially marking real messages from legitimate senders from whom you have already opted in to receive email.  The new ISPs – along with charter partners AOL and Yahoo! – understand that their ultimate customer – the consumer user of their email system – is increasingly frustrated by the lack of a reliable means of telling legitimate, desired email from fraudulent and or unsolicited messages. 

This is an exciting time for Goodmail.  With these new partners, CertifiedEmail can claim support from 7 of the top 10 North American mailbox providers (and all 5 of the top 5 ISPs).  The time for a trusted class of email is now.  Consumers need it, senders benefit from it, and ISPs and mailbox providers support it.  Comcast, Cox, Time Warner, and Verizon, as well as AOL and Yahoo!, can claim real status as leaders in online consumer safety, and they are to be applauded for coming together on this.

The FedEx of Email?

The always noteworthy David Baker, VP of email solutions at Avenue A/Razorfish, makes a number of interesting predictions about the future of email in a recent Email Insider column (http://blogs.mediapost.com/email_insider/?p=420 ).  Email is evolving, he says, both as a touch point in the overall arc of customer relationships, and also in terms of its ubiquity, with mobile, SMS text, and RSS all adding to delivery options.  One of his more interesting predictions:  “Email priority delivery will be a paid-for service.  I don’t think reputation alone will make it in the future.  I liken it to FedEx on some levels.”  It was hard for us at Goodmail not to take notice of that; CertifiedEmail has been compared to a kind of FedEx for email by more than a few observers.

What constitutes email today has come along way from the original store-and-forward protocol that SMTP defined:  images, links to web sites, and now even bits of programs and video ride atop that delivery platform.  This is not your father’s email.  Senders place great expectation on ISPs and mailbox receivers to deliver ever larger, more complex, and, most critically, more potentially dangerous types of email content.  Email’s greatest strengths – its wide availability, and the capability for embedding advanced rich content – simultaneously enable email’s greatest weakness:  it is ripe for abuse.  In addition to being perhaps the single most cost-effective medium for customer communications, email has also, alas, become the undisputed champion for distributing malware – viruses, phishing attempts, and other types of scams.  There is a real need for a consumer-trusted class of email, and a premium class of email delivery can provide not only a vehicle for achieving upgraded sender expectations, but also for resolving growing consumer mistrust in volume email. 

Indeed, a premium class of email delivery must be linked to a commensurate consumer value proposition regarding an upgraded expectation of legitimacy and trust – otherwise the premium class of delivery just devolves into pretty packaging, the moral equivalent of dimensional direct mail done online.  A number of Baker’s other observations  -- such as the use of dynamic, personalized content with highly engaged customers and the expedited deletion from a list of non-responsive ones – all build on the central premise of increasing relevancy:  that is, the trade-off for leveraging the uniquely “personal” nature of email – it is the ultimate one to one platform – is that we must make sure the customer feels the communication really is “for” him.  While the key value proposition of CertifiedEmail to the sender is you get all your emails delivered, with links and imaged rendered intact, and presented in a differentiated manner with a unique blue ribbon envelope icon, the key consumer value proposition is:  you actually asked for this email, and this email is real. 

On the surface FedEx is about expedited delivery, tracking, and end-to-end accountability, and indeed, for the sender, FedEx delivers.  But simultaneously, the FedEx box conveys to the receiver an idea about the desired nature of the contents, about its importance, and, even, about its legitimacy.  I go through my regular mail maybe once a week; there is just too much irrelevant and spurious content.  But when I get a FedEx box … I open that immediately.

With every increasing volumes of spam and phishing on the one hand, and “Email 2.0” capabilities extending the medium on the other, email desperately needs a premium class of delivery -- whether you are a sender who absolutely, positively must get your message through, or a consumer trying to figure out what’s worth opening.

Welcome to the new Goodmail Systems blog!

On the heels of launching our new and improved Web site on April 10, we are relanching our blog. Catherine Smith, our Director of Marketing, and Liquid Agency our agency of record put an enormous amount of work into it and we’re very pleased by how cleanly it communicates the CertifiedEmail proposition:  marking authentic emails from legitimate senders is a solution that benefits senders and consumers alike.

The last several weeks have been very exciting for Goodmail -

- Our first webinar of the year, cosponsored with Email Experience Council and Cheetah Mail  saw 530 registrations and 330 attendees – a phenomenal result for any of you with B2B marketing experience who’ve done webinars.  Demand for CertifiedEmail is very clear in these results!  You can download slides and an audio recording of the webinar at: http//www.goodmailsystems.com/about/news_events_press/events.php

- We launched our 300% ROI program

      Goodmail is guaranteeing a minimum 300% ROI on CertifiedEmail, which is a fairly unprecedented offer!  We think performance based pricing makes sense – not just for search engine marketing, but email marketing, too.

- Goodmail was named one of the Red Herring 100 Finalists!  The award recognizes the 100 “most promising” driving the future of technology.  The winners will be announced May 2 at the Red Herring Spring event  – where Goodmail CEO Richard Gingras will be presenting on a panel

Many of us are headed of to the Authentication and Online Trust (AOTA) Summit in Boston now -- stay tuned for updates!

Certifiably yours,

David