If it looks like a phish…

Recently I moderated a panel comprising the postmasters of some of the world’s largest email receivers, including Google, Microsoft, Oath (AOL, Verizon, Yahoo!) and Comcast.

I moderate this panel several times a year and it is always a very informative and interactive session. I have never walked away from one where I did not learn something new or useful. October’s panel was no different; in fact, what I learned was very interesting and I thought I would share it here.

The panel

Among the collection of “usual suspect” questions I presented to the panelists, there were several new ones. A question came up about using a shared domain among several different senders and how to deal with that to avoid classification pitfalls. Although there was a lot of interesting information discussed around this topic, the conversation branched off into talking about phishing, “look-alike” domains and machine learning. Yes, you read that right – phishing, “look-alike” domains and machine learning!

Let me explain. While answering the question, one of the receivers brought up the use of what they referred to “look-alike” domains. When orchestrating phishing attacks, bad actors sometimes register domain names like those of the targeted organizations, in the hopes of exploiting victims’ typos or inattention. These domains are known as “look-alike” domains, as they appear to be the intended target domain (or some official variation thereof), but are in fact not usually affiliated with the target itself.

The receivers went on to say they are in the process of tuning their machine learning algorithms used for email classification to detect and treat these domains as phishing suspects. The panelists all generally agreed that if a brand is sending bulk email, it should be utilizing a subdomain of its pre-existing domain, and not a domain which looks similar and/or contains an iteration of the already-established brand domain. For example, if you are brandname.com and you send your marketing emails using the domain email-brandname.com, you should instead be sending using the domain email.brandname.com. They agreed that established brands should not risk registering a new domain, which looks similar to its already-existing domain, as the machine learning would eventually detect this and begin to classify the email as suspect.

Some of the receivers went on to add they like to see transactional.domainname.com and marketing.domainname.com in the domains used for mail. This means using the actual words transactional and marketing (or some form of marketing) in the subdomain name. The key with this is “transactional”, as many of the receivers stated when they detect this in a subdomain name, they treat it accordingly unless they see behaviour or characteristics which indicate it should be classified as suspect. Remember, simply putting the word transactional as your subdomain name is not a guarantee of inbox placement! You still have to play by the rules.

Having been in the information technology and marketing space for quite some time now, I know that the practice of using a custom domain for sending of bulk marketing email is quite common. I know of many brands that employ this practice and use such domains for their email marketing programs. For those of you who are using a custom domain and not a subdomain, you may never experience any issues. If you are just starting out, or switching to a new email marketing platform, keep the above information in mind and think about the use of a subdomain or multiple subdomains instead of a new custom domain, which may cause you eventual problems.

Either way, the dotmailer Deliverability Team is here to answer any questions you may have.

dotdigital is now ISO 27701 certified

We’re extremely proud to announce that dotdigital has been awarded ISO 27701 certification; demonstrating our ongoing commitment to privacy and trust. So, what is ISO 27701? The International Organization for Standardization (ISO) is an independent organization that…

What is responsible marketing?

Responsible marketing is increasingly vital for modern brands looking to retain customers, increase lifetime value, and create unforgettable brand recognition. Your brand, products, and services have an impact on your users. It’s your job to ensure that it’s a positive…

Understanding the customer journey

Customer expectations are changing all the time. On average customers connect with brands on 10 channels making customer journeys increasingly complex. This makes it difficult for marketers to ensure a great customer experience.   We can no longer…