Part 1 - The Problem!
Email communication is one of the most widely used business communication tools, but it's also one of the most misused. It is estimated that business related emails have doubled since COVID hit and there is no sign that it’s rolling back any time soon.
Early in 2023, we persevered through a lengthy email lesson. Unfortunately, we had someone inadvertently click on an email containing malware which, unbeknownst to anyone, red-flagged our company emails with Microsoft.
There was no malicious intent, someone made a mistake, plain and simple. There were no notices, no warnings, nothing really. We saw a disruption in email communication, we weren’t getting answers from people we had dealt with for decades. A few phone calls in and out of our office and we soon found out their emails were going to our Junk folders and ours to theirs.
The next six weeks showed how little we really knew about all the landmines built into the global email systems and it demonstrated to us exactly how much you rely on that system working properly.
The average small business probably would not have the need, or resources, for an in-house email expert. There are freelance/contract email experts out there that can help. The downside is you already desperately need them before you ever start looking. If you fall into this group, find one now – before you need them. If you can’t find one, or even if you can, do yourself a favor and spend the time to become your own best resource.
Unless you license email directly from Microsoft Office 365, or a Microsoft Gold partner, you’ll need one at some point. Google Workspace offers very similar services but as we work with Microsoft Office 365, actually a facsimile thereof, Google Workspace challenges are not part of this blog.
Let’s start with a “few” email service-related terms, you may or may not be familiar with:
Spoofing - email messages sent with a forged sender address, often familiar to the recipient.
Phishing - attack aims to trick the recipient into falling for the attacker’s desired action, such as revealing financial information, system login credentials, or other sensitive information.
Phishing is the most common form of cybercrime, with an estimated 3.4 billion spam emails sent every day.
The use of stolen credentials is the most common cause of data breaches.
Google blocks around 100 million phishing emails daily.
Over 48% of emails sent in 2022 were spam.
Malware - malware is malicious software that may contain viruses, adware, spyware, browser hijacking software, and fake security software.
MBP - receiving mailbox providers.
MAGY - Microsoft, AOL, Gmail, and Yahoo (MAGY dominates the composition of most email lists around the world - These four entities make up 87% of all email addresses - seven out of every eight emails).
MPP - Mail Privacy Protection
Anti-spam software - tries to detect and block potentially dangerous email from user inboxes.
Firewalls - filter incoming and outgoing email-server traffic based on a set of predetermined rules.
Email Reseller - reseller is an intermediary between companies that make, distribute, or provide IT products or services and end customers.
Delivered rate - measures the amount of email that was accepted by the MBP
Inbox placement rate- how many emails were delivered to the inbox versus the spam folder.
Spam placement rate - the number of emails delivered to the spam folder out of total emails sent.
Missing rate - the percentage of mail that did not arrive in the inbox or spam folder and was instead deferred or blocked by the MBP.
Sender Policy Framework (SPF) – an email authentication method designed to detect forging sender addresses during the delivery of the email.
DomainKeys Identified Mail (DKIM) – an email authentication method designed to detect forged sender addresses in email.
Domain-based Message Authentication, Reporting and Conformance (DMARC) – an email authentication protocol. It is designed to give email domain owners the ability to protect their domain from unauthorized use, commonly known as email spoofing. The purpose and primary outcome of implementing DMARC is to protect a domain from being used in business email compromise attacks, phishing emails, email scams and other cyber threat activities.
Now that you have the lingo, stay tuned for my next installment. In part two we’ll move on to cover email problems and solutions.