What Is Phishing?

Even though technical security measures are improving constantly, phishing remains one of the cheapest and simplest ways for cybercriminals to get access to sensitive information. As easy as clicking a link, victims of phishing are susceptible to sharing private information and put themselves at risk of identity theft.

To know how to best protect yourself, you need to understand what a phishing attack is, what types there are, and how you can recognize it if and when it appears in your inbox. Keep reading and we’ll help you avoid any security issues from phishing.

What is a phishing attack?

Phishing is an online scam where criminals impersonate legitimate entities in order to trick victims into sharing sensitive information or installing malware.

The term ”phishing” is a play on the word “fishing” since in both cases someone throws out bait and waits for users or fish to “bite”. Most often hackers do this via malicious emails that appear to be from trusted senders by including a link that will seem to take you to the company’s website. Once you fill in your data, that sensitive information can be stolen.

phishing-email-mailjet
Source: Liscio

 

That data can be any private information that could be valuable, such as login credentials (email and password), financial data (credit card details or online banking credentials) or even personal data (date of birth, address or social security number). Phishing is considered a type of social engineering attack because it relies on human failures instead of hardware or software ones.

A brief history of phishing

The first example of phishing is from the mid-1990s, when an attempt to steal AOL user names and passwords was made using tools like AOHell. Despite many warnings from AOL, the attacks were successful, since phishing was a brand new concept and not something user had ever seen before. Following the initial AOL attacks, many early phishing scams came with obvious signs that they were not legitimate – including strange spelling, weird formatting, pixelated images and messages that often didn’t make a lot of sense.

aol-scam-email

Some phishing campaigns remain really easy to recognize (we’ve all received the email from the down on his luck prince who wants to leave his fortune to you), but others have become so advanced that it’s nearly impossible to tell them apart from real emails. This is because phishers have evolved along with new technical capabilities. Scams have now spread to social media, messaging services and apps.

If you check email or social media sites from your phone, you may become an easy target. Since the email interface on mobile phones is a lot smaller than on a computer, it makes it more difficult to flag signs of phishing, such as seeing the full URL.

Ultimately, if you have an email address, it is all but guaranteed that you have received a phishing message in your inbox at least once.

How does a phishing attack work?

A basic phishing attack attempts to trick a user into entering personal details or other confidential information. Around 3.7 billion people send 269 billion emails every single day and that makes for an ideal channel for cybercriminals. Imagine if even 1% of those emails are a scam, and 1% of those work. That is 26.9M success attempts every day!

We can assure you that more than 1% of the emails sent are a scam, but we’d like to help you make sure that far less than 1%of those are successful.

A phishing attack can have a specific target, such as people using a specific product, or can be scattershot, going after the general public with fake contests and prizes. In both cases, the victims are asked to enter their names, email addresses and, in some cases, passwords and bank details.

phishing-works-mailjet

Another option is that the email contains a malicious attachment that you will be requested to download. In many cases, the malicious payload will be hidden inside a Microsoft Office document which requires the user to enable macros to run. Once you try to open the document you may be asked to update your software or provide certain permissions to allow the document to be viewed properly. But if you agree with any of this, you are likely opening yourself up to a severe security breach.

How do phishers find the email addresses they want to target?

There are a lot of ways for phishers to retrieve your email address and link it to a service you are using, and this can happen without your knowledge or the knowledge of the service provider.

Here are a few:

  • Searching over the web for the @ sign. Spammers and cybercriminals use advanced tools to scan the web and harvest email addresses. If you ever posted your email address online, a spammer will easily find it.
  • Cybercriminals use tools to generate common usernames (using the first letter of a first name and a common last name) and combine them with common domains. These tools are like the ones that are used to crack passwords.
  • Spammers can buy lists and this can be done legally and illegally. Make sure you read the privacy policy carefully when you provide your email anywhere. Even if GDPR is protecting you, you need to protect yourself as well.
  • Phishers are also able to find what each service provider would ask you to do as a client and then find a vulnerability to figure out if you are a client. For example, in the case of ESPs, scammers can check your public DNS records (SPF, CNAME, TXT) and try to find information that can link it to the ESP you use.

 

Now we know the basics of what is phishing, its history, and how it works, we can explore some of the most common types of phishing.

What are the different types of phishing attacks?

We can easily assume that pretty much everybody has already received a phishing attack via email or landed on a suspicious website. There are many types of attacks and hackers are becoming more and more creative every day, so we need to stay on top of some of the new methods being used to easily flag it as risky before getting caught.

Below, we have listed some of the most popular types of attacks that are used today. The main difference between these attacks is the method being used and the target. Let’s first dig deeper into the different targets that phishers are going after.

Phishing Targets

Spray and pray

The ‘spray and pray’ approach is the least complex type of phishing attack, where one message is mass-mailed to millions of users. These messages claim urgency one way or another. Either by stating that there is an “important” message from your bank or a popular service, or that “you’ve won the latest iPhone and need to claim it now.”

Depending on the hacker’s technical abilities, spray & pray attacks may not even involve fake web pages – victims are often just told to respond to the attacker via email with sensitive information. These attacks are mostly ineffective but can be sent to a massive amount of email addresses. It doesn’t take many victims to be deemed a success for the phisher.

spear-phishing-vs-phishing
Source: Terranova Security

Spear phishing

Spear phishing is more advanced. Unlike “spray and pray”, which sends to a mass list, ‘spear phishing’ targets specific groups with a more personalized message. Phishers will, for instance, target users of a specific brand and will design the email to replicate the brand. In fact, they can target anything from a specific organization to a department within that organization, or even an individual in order to ensure the greatest chance that the email is opened and more personal information is acquired. The highest profile cyber-attacks typically come from this type of approach.

The message will be designed to look as if someone wants you to change your password because of an issue on the service side. In this case, the message will appear to be a legit message – as close as possible to the original one and they will redirect you to a page that looks like a real one too. These attacks are way more effective because they are well planned.

Phishing Methods

Depending on the target, the methods may vary. Spray and pray targets require less effort than spear phishing for example. You do not need to invest so much in finding a targeted list of emails, creating custom landing pages, and so on. As phishing has evolved over time, more and more we’re seeing methods that are not limited to email, but also include websites or social media.

Clone phishing

Clone phishing emails will look nearly identical to an email that you have previously received. However, in this case, the new email will be sent from a spoofed address that resembles the original one.
For example help@appplehelp.com instead of help@apple.com (notice the three “P”s).

clone-phishing-concept

Within the content, the only difference between the cloned email and the original email is that the links and/or attachments have been changed, likely directing you to malicious sites or software. As the email looks really close to the original one the recipients are more likely to fall for this sort of attack.

Whaling/CEO fraud

This is an attack targeting a smaller group of people – high-profile individuals, such as board members or members of the finance or IT team of a company. The email can appear to be coming from a trusted source, such as the CEO of your company.

seo-phishing
Source: Quora

 

This attack is harder to create because hackers will firstly need to find the exact right targets, and then find the right way to impersonate their CEO. However, the rewards are potentially greater: CEOs and other C-level executives have more information and greater levels of access than junior employees. Inboxes like GSuite can help prevent this by assigning profile pictures to internal colleagues’ email addresses, but also through features like whitelisting.

Business Email Compromise (BEC)/Email spoofing

BEC attacks are mostly “urgent” requests from a brand or a brand’s senior staff member. These emails are social engineering tactics to fool other staff members or users into giving their bank account details or making a donation.

A lot of popular service providers in the software space become victims to such attacks. Here’s an example of a phishing email sent from someone trying to impersonate WordPress:

wordpress-phishing
Source: 360 Total Security

 

Once you have clicked on a link or any of the buttons you will be redirected to a fake page created to collect your information.

Websites

Fake websites pages are designed to look and sound authentic. In most cases you will land on a simple login page or payment page, as they are very easy to recreate for many use cases and can be effective at capturing personal information.

paypal-phish-site
Source: KrebsonSecurity

Pharming/DNS cache poisoning

This method of phishing would require the hacker to create a website that impersonates a real one and, by exploiting vulnerabilities in the domain name system, match the URL with the IP behind it. In fact, the phishers would be able to redirect the traffic from a real site to a fake one. This is maybe the most dangerous type of phishing, because DNS records are not controlled by the end-user and it is harder to defend yourself against this attack.

DNS-spoofing
Source: Imperva

Typosquatting/URL hijacking

This type of phishing is easier to create than the pharming one, because you don’t have to completely impersonate exactly the domain you want to spoof. The URL will look genuine but with a slight difference from the real one. The goal is to take advantage of typos when users enter URLs. For instance, they might:

  • Misspell the legitimate URL by using letters that are next to each other on the keyboard;
  • Swap two letters around;
  • Add an extra letter;
  • Swap letters that sound the same in some cases – “n” and “m”, for example.

Clickjacking/iframe overlay

This type of attack means that hackers are placing clickable content over legitimate buttons. For example, an online shopper might think they are clicking a button to make a purchase, but will instead download malware.

clickjacking-attacks
Source: Netsparker

Social Media

Nowadays, everything happens on social media, including phishing attacks. Imagine receiving a Facebook message with a link asking “Vote for me” or “Do you remember your time in Paris?” that redirects you to the Facebook login page when you click on it. Strange, right? But some people are not paying close attention or think that it is just a glitch, and will enter their username and password. But this new page is not really Facebook, and scammers now have your account details…

Some attacks are easier to spot, such as Facebook or Twitter bot sending you a private message containing a shortened URL. This URL likely leads to an empty page or one with suspicious content.

fb-phishing
Source: Kaspersky

 

New attacks using social media continues to emerge, and some of them are playing a longer game. For example, they may be pretending to be someone else on the internet, which is not that hard to do with so many public images. Over time, these fake profiles may send you legitimate messages along with phishing messages to capture more information about you.

SMS and mobile phishing

Now that nearly everyone has a smartphone in their pocket, most of the world is even more vulnerable to phishing attacks via SMS or any other messaging apps. An SMS phishing attack works mostly in the same way as an email attack, presenting the victim with content as an incentive to click through to a malicious URL. The SMS are short and likely somewhat relevant to your life in order to grab the attention of the recipient quite easily and make them act quickly without thinking. Because of the plain text nature of SMS, and the ease of phone number spoofing, it is more difficult to spot this. After the link in the SMS is clicked, the attack works in the same way as the one with email attacks do.

mobile-phishing
Source: Knowbe4

 

Another type of phishing on mobile devices is done through suspicious apps that are downloaded from unauthorized sites. The app may contain scripts that, once opened on your device, can access all of your data. All your passwords can be accessed and if you have saved your bank or credit card details, they will be exposed as well.

How to recognize a phishing attack

There are a few things you need to pay attention to whenever an email or a website seems suspicious. While some phishing campaigns are created to appear authentic, there are always some key clues to help spot them easily. Let’s have a look over some of the things that may show you if you are being a victim of a phishing attack.

The sender address

Check if you have ever received something from the same sender. If the phisher was smart enough, they will mask the sender address well, and the difference could be only one letter, so you may not even see it if you don’t take a closer look.

Misspelled domain names

If you have received a message that looks to be from an official company account (something like “support@mailjet-com.com”) be sure to confirm that this is the proper email domain for this company. Even if the message looks legitimate, with proper spelling and grammar, the correct formatting and the right company logo, it could still be a fraudulent account.

One clue is to check if the domain is slightly different than usual (like adding a suffix to a domain name). More importantly though, most legitimate brands will never ask you to communicate personal information by email.

Bad grammar and spelling

Many phishing attacks are not very well planned, especially “spray and pray” attacks, and the messages may contain spelling and grammar mistakes. Official messages from any major organisation are unlikely to contain bad spelling or grammar, so badly written messages should act as an immediate indication that the message might not be legitimate.

Suspicious attachments/links

It’s quite common for email phishing messages to ask the user to click on a link to a fake website designed for malicious purposes. The URL will look legitimate, but there will be small errors like missing or replaced letters.

If the message seems odd, it is always smart to take a second to examine the link more closely, by hovering the pointer over it to see if the web address is different than the real one. You can always contact the brand using their public email address or phone number to double check before clicking anything suspicious.

Sense of urgency

Many phishing attacks contain messages that warn of issues with your account, or problems with your payment. This is because the phisher are trying to make you act quickly without thinking too much. In these cases, it is even more important to double check the links in the message and the sender address.

The message is too good to be true

We’re sorry to break your bubble, but any message claiming that you have won a voucher or a prize is most likely a phishing attack. We’re sure it will require a bit more work than just putting in your personal information into a website, so you need to be super cautious and check all the key giveaways.

But hey, if you actually won a prize, congrats!

What to do if you become a victim of a phishing attack?

If you’ve been the victim of a phishing attack, the first thing to do is change all of your passwords immediately. It is a good idea to not only change the password for the service the phisher may be impersonating, but all passwords. It’s alarming what a phisher can do with just one login credential. Consider using a password manager in the future to lower the risk, and make sure you have an antivirus solution with secure web browsing features installed and up to date.

Also, it’s always good to reach out to the service provider that was mimicked in the phishing attack and follow any additional instructions from them.

Phishing-mailjet
Source: Houseofit

How to mitigate phishing attacks

There are some preventative measures that you can take to avoid phishing attacks or at least mitigate them. Here are some ideas:

  • Use your own links: If you are accessing websites daily or even weekly, it is better to use bookmarks for those sites. This is the only way to guarantee you land on the legitimate site. So even if you receive a notification, from say your bank, it is much safer to access your account via a bookmark than following a link.
  • Use Browser Extensions: Install or activate a web tool that identifies malicious sites for you so you know the website you find is legitimate. Example: Signal Spam plugin.
  • Install antivirus systems: Antivirus systems allow you to check if there is malware in a file before you open it, and potentially corrupt your computer.
  • Be Suspicious! Build a positive security culture at your company: On the internet, it is not a bad thing to be suspicious. Of course, some things are harder to check and need more technical knowledge, but you can do at least the most common steps.
  • Train your staff: If you are a security specialist, it is a smart idea to conduct regular security training for your employees to best recognize a phishing attack and what to do in such case.
  • Test the effectiveness of the training: Simulated phishing attacks will help you determine the effectiveness of the staff awareness training, and which employees might need further education. Plus, a little non-malicious phishing among friends can be fun. 😉
  • Use 2-factor authentication whenever possible: If criminals steal your credentials, they will still not be able to use them without the second authentication means (SMS, authentication app, hardware token, etc.).

Summary

It might have been around for almost twenty years, but phishing continues to be a threat for two reasons – it’s simple to carry out and it works. So if you come across a pop-up message or suspicious emails from someone you don’t know (a desperate prince, maybe?) or a brand you don’t use… don’t click on it! You don’t want to leak your information to some hacker on the other side.

You can never be too cautious when it comes to using the internet. Take some preventive measures, and ensure you’re on the safe side when you are making online purchases or entering your usernames and passwords.

Once you learn how to identify phishing attempts, it can even be entertaining to track some of the best and worst examples. Some might be impressively realistic, while others are just…

Have any questions about phishing that we haven’t covered in this post? Share them with us on Twitter.

The MJML Holiday Tutorial To Win At Responsive Email Coding

The holiday season is a key period for any marketer. It’s a great time to engage with users and customers and stand out in our recipients’ inboxes. However, holiday season or not, more than 50% of users will read our email on mobile devices. This means that, as beautiful as they are, our email campaigns still have to look perfect, whatever email clients and devices recipients use to read them.

A few months back, we told you about MJML, the framework for responsive email coding that we open-sourced. The MJML team, helped by the community, has been hard at work and has come a long way since then. In fact, MJML 4.0.0 has just been released. The MJML community keeps growing fast and we want to help you be a part of it.

And since we’re endlessly generous, we’ve put together this “How to” post, to guide you through the creation of your very first MJML email campaign.

Did anyone say beautiful and responsive? Oh, yeah. Take it as our holiday gift. ;)

 

Leveraging MJML to create your holiday campaign

To get started, we’ll put theory into practice by recreating this beautiful H&M holiday campaign:

Holiday Christmas campaign by H&M

 

By the way, if you’re looking for inspiration for your email campaigns, ReallyGoodEmails is the place to go!

 

Coding emails with MJML

Before we start, let’s get ready to use MJML. There are several ways to code in MJML, such as running it locally or using the online editor. By choosing the online editor, you’ll be able to start immediately, but running it locally enables you to use your favorite email editor (with plugins for Atom, Sublime Text, Vim) and always be up to date with the latest version.

Once you’ve decided which method suits you best, we’re ready to get started. Here is what a basic MJML layout looks like:

Getting started with some styles

In this email by H&M, we can see that there are some elements with similar styles which are used several times, such as the menu and description of the images or the “Shop Now” calls to action.

Creating CSS styles for the “Shop Now” calls to action

<mj-style> enables you to use CSS in MJML, leveraging CSS classes and styles. Those styles will be inlined to the HTML upon rendering. In the code snippet below we’ve created a CSS class that we will use to style the “Shop Now” CTAs, as well as redefined the default style for the link tag to prevent links from being blue and underlined.

Styling MJML components

Instead of manually adding styles to MJML components, <mj-attributes> enables us to inline MJML styles in various ways. First, it’s possible to apply a style to all components at once, using <mj-all />. In this stage, we’re setting the default padding for all components to 0. We’ll be able to override this default padding by manually setting a new one on the components directly. Then, we can create mj-classes using the <mj-class /> tag, which we will then apply on some MJML components, such as the “preheader” and “menu” mj-classes. Finally, we can set default styles for a component as described here.

 

Structuring the email

An MJML file is generally made of rows (<mj-section>), which are themselves made of columns (<mj-column>). The only components which are not laid out in columns are high-level components such as <mj-hero> and <mj-navbar>, or <mj-include>. Always remember to wrap content inside a column, even if you only have one column.

Creating the preheader

In this case, we have a simple layout with two columns. Therefore, we just have to create a section that will be composed of two columns, with one of them being wider than the other. To add text in each column, we’ll use <mj-text> components and apply the “preheader” mj-class on them.

preheader

Styling the header

 

H&M Logo

To add the H&M logo, we’ll juste create the section and use the <mj-image> tag to add the image, using the “width” attribute to size it as we wish. Note that, even if there is only one column, the image is nested inside a <mj-column> tag.

Menu

Desktop view
When viewed on desktop, the menu is formed of four columns, aligned side-by-side. This layout is again explicit with MJML, we just have to create a section and wrap the four columns inside. To add the menu items, we’ll use the <mj-text> component as we did before, although this time we’ll be applying the “menu” mj-class. The great thing about <mj-text> is that it can contain any HTML, so we’ll just add links to the menu items using the HTML <a> tag. Note that all the <a> tags will be styled according to the CSS styles we added in the <mj-style> definition, in the header of the MJML file. In this case, it means that the text-decoration will be set to none and the text color to black.

header

Mobile view
We’re almost done, but not just yet! If you scale down the original email, you’ll notice that the layout changes on mobile. The menu keeps the first three items on the same line, while the fourth one (“Store locator”) is broken to the following line. If you try to scale down the MJML email, you’ll see that all columns stack one under the other. Don’t worry though, it’s really easy to prevent columns from stacking, leveraging the <mj-group> component.

To replicate the original email’s behavior, we’ll wrap the first three columns inside a group component and leave the fourth one out. We’ll make sure to add a width of 75% to the group component and a width of 25% to the item that is left out, so that columns are equally split.

header-mobile

Promocode

To replicate this, we actually have two options. We could have used the <mj-divider> component above and below a text component, but we decided to use a section with a border-top and a border-bottom attribute. Aside from the border, there’s nothing really new as we’re once again using the <mj-text> component with HTML inside.

Structuring the body of the email

Main image

This one is really easy (get used to it, you’re doing MJML… we love easy!). All you have to do is use the <mj-image> tag. As the image takes the whole width of the container, you don’t even have to set the width attribute.main-image
We’ll use the same technique for the snowballs, bed, hooded blanket and Instagram images.

Holiday Classics section

As this is full text, we can just use <mj-text> and define HTML styles on <span> tags to match the original styles of the email (we could also have created CSS classes or MJML classes for those text elements). Note the use of our CSS class “shop-now”.holidayclassics We’ll use the same technique for the “Holiday Snugs” section.

Four-column images layout

Desktop view Quite similarly to the menu, we have a section that is split into four columns. Inside each column, we’ll use the image and text components. Note that because each image fills the column they’re contained in (minus the padding), we don’t have to manually set the width.4-column-desktop Mobile view In the original email, the mobile layout of this section displays two images, side-by-side. We’ll achieve this by using <mj-group>, just as we did with the menu. This time, we’ll wrap two groups of two columns in a group component so they scale two-by-two on mobile.4-column-mobile

Note that we’re using align=”center” on mobile and desktop, while the original email aligns text to the left on desktop and centers text on mobile. It is not possible yet to add media queries in MJML but this is an improvement we’re working on! Obviously, you can also add the media queries to the HTML generated by MJML.

Two-column images layout

This should be easy by now. The only thing we’ll need to do to achieve this layout is to use a section formed of two columns. Once again, there’s no need to set the width and the images will stack automatically on mobile.2-column-desktop

Divider

Guess what? There’s a component for that! <mj-divider> enables you to easily add a divider to your email. Cool, isn’t it?divider

Footer

This section is different from the rest, as the background color fills the whole width of the view port. To achieve this result, all you’ll have to do is use “full-width=’full-width’” on the section component.

footer

Social networks icons

Similarly to what we’ve done before, we’ll wrap six columns in a group component to ensure they don’t stack on mobile. In this case, we’re using the width attribute, as we want the icons to be smaller than the width of the columns.

Footer text

This part is very straightforward, we’ll just wrap the text in a text component and use HTML tags and style to achieve the original result.

H&M Logo

Similarly to the H&M logo in the header, we only have to use the image component with a custom width.

Rendering MJML to HTML and testing

That’s it! We just recreated this beautiful campaign with approximately 430 lines of MJML, while the original file contained more than 1540 lines of HTML.

Before sending our campaign though, it’s good practice to test it on the major email clients we want to target, using a tool such as Litmus or Email on Acid. All we have to do is send or upload the HTML generated by MJML to one of these platforms, which will generate previews for us. Want a sneak peak? Check here what the email looks like in the major email clients, including Yahoo, Gmail Android and Outlook!

Join the community

Of course, we’re sure you don’t just want to be able to replicate H&M’s email, regardless of how cool we think it is. To create your awesome newsletters this Holiday Season, play around, mix and match different bits and pieces and explore the documentation to discover all the available components. You’ll be able to create show-stopping designs in no time.  

Already in love with MJML? Come chat and find answers on the MJML Slack, report and contribute on Github, follow us on Twitter and subscribe to the newsletter on https://mjml.io.

 

Want to define your email strategy to win customers over this holiday season? Check out Mailjet’s Ultimate Guide To Holiday Emailing.

Holiday Emailing Guide

 

Use Mailjet in Your Azure Portal

We all know that the future of computing is in the cloud. People are using cloud services more and more frequently (even if they don’t know it), and businesses are moving in the same direction because it’s less expensive and more efficient. One of the best examples for a cloud-based platform is Microsoft Azure. Keep reading to find out more about Azure and how you can integrate it with Mailjet with.

What is Azure?

Azure is a cloud computing platform, launched in February 2010 by Microsoft. It offers services that help you leverage any other Microsoft technology such as cloud-hosted versions of common enterprise Microsoft solutions like Active Directory and SQL Server. Azure is a platform with endless possibilities that combines Infrastructure as a Service (IaaS), Platform as a Service (PaaS), and Software as a Service (SaaS) solutions. Yeah, you heard us right. All that in one.

Microsoft Azure is a collection of cloud computing services where you can add different resources that you need. With a usage-based billing formula, Azure is a compelling option for enterprises transitioning from on-premise Windows servers to the cloud because it makes it easier to manage everything you need.

But, the billing system doesn’t only make Azure a solution for big companies. The infinite scalability of Azure can make it just right for your small, personal business as well. And any organization using technologies like Windows Server and Active Directory will find Azure to be a really effective, new solution. Microsoft Azure provides a directory of hundreds of different services you can use, including full virtual machines, databases, file storage, backups, and services for mobile and web apps.

What makes Azure so interesting?

Instead of building an expensive, on-premise server installation, or renting servers from data centres, Azure’s billing structure is based on resource consumption. This makes Azure a less expensive solution in most cases. Of course, the pricing depends on what types of services and storage option you choose.

One of the best things that Azure is offering is the ability to instantly provision computing resources on demand. This means that you can manage all the recourse you want directly fromAzure, and for this, you won’t need to have a ton of different accounts. Microsoft maintains a growing directory of Azure services, with more being added all the time. One of the best examples is the combination of Azure and Office 365 which will make the life of your IT guys easier. If you’re looking for even more uses, you can integrate Azure with your email solution, which is possible with our integration with Azure.

You can use the Azure cloud platform for building, deploying and managing services and applications anywhere you want, while being sure that it provides secure, reliable access to your cloud-hosted data. We all know that Microsoft has one of the most proven architectures. By using Microsoft Azure, you can rely on a better disaster recovery too. Azure is not a centralized local solution, and this creates limitless options for disaster recovery plans.

If that wasn’t enough, Azure also comes with advanced alert capabilities so you will know in an instant if there are any issues that are impacting your business.

Azure has so many functionalities that we’re almost 100% certain that you will find everything you need, including an integration with Mailjet.

How to connect Mailjet and Azure

By integrating with Azure, Mailjet helps to save time and money by providing a transactional and marketing email service all from within the Azure platform. You can use our API or SMTP solutions to send and receive emails, easily synchronize your data back into your applications hosted on Azure, track email events in real-time and much more. You will also gain access to an advanced user interface which includes a real-time metrics dashboard and advanced email marketing features such as A/B Testing, Real-time Monitoring, Campaign Comparison, and Segmentation. Do you want to give al these features a try? Let’s start then and see how you can enable Mailjet in Azure.

Enable Mailjet in Azure

First off, you’re going to need to access your Azure account and click on the “New” button in the left part of the page.

mailjet-azure-dashboard

Then just enter “Mailjet” and choose our service.

mailjet-azure-resources

You will have to select the “Create” button once you have opened the new tab by double-clicking on Mailjet.

mailjet-azure-create

And now the set up begins – you will need to choose a ‘Name’ to identify the Mailjet Email Service in your Azure settings. The name needs to be between 2 and 64 characters long and alphanumeric. Make sure to also select the “Subscription” type you prefer and choose an existing ‘Resource Group’ for the Mailjet Email Service, or create a new one. Keep in mind that the Resource Group name should be up to 90 characters long, can only include alphanumeric characters, periods, underscores, hyphens, and parentheses.

You will have to select the “Location” and the “Pricing Tier” you would like to use. And of course, you will have to agree with all the legal terms of use. Don’t forget to tick the ‘Pin to dashboard’ checkbox to be able to find the Mailjet resource more easily after the deployment. Click on ‘Create’ to start the deployment.

mailjet-azure-setup

Once the deployment has finished, you will see a ‘Deployment Succeeded’ pop-up notification. You will be able to find the Mailjet resource on the Dashboard if the ‘Pin to Dashboard’ option has been selected during the setup. Otherwise, you will find it in the ‘All Resources’ section of the main menu.

mailjet-azure-all-resources

The Mailjet resource will have been added, and all new accounts get activated automatically right away so you can access your resource and start creating awesome еmail campaigns immediately. For now, you can use your Mailjet account only through Azure, but if you want to have the possibility to access your account from our site, please follow the steps described here.

Find Your Mailjet API Keys

To use Mailjet with SMTP or API, you will need your API key and your secret key because they function as user name and password. To grab them, you need to access to the Mailjet configuration screen from Azure, then click on ‘Manage’.

mailjet-azure-manage

You will arrive at your ‘Mailjet Account Settings’ page. Under ‘REST API’, click on ‘Master API key & Sub API key management’.

mailjet-azure-api

You will see your ‘Public’ and ‘Secret API Key’ here. You will also see any Sub-account API Keys that may have been added.

mailjet-azure-api-key

There is only one step left for you to have your Mailjet resource completely functional – add a sender and validate it.

Configure Mailjet for Use

Click on ‘Manage’ to access your Mailjet Account Settings where you can validate a sender address for your Mailjet resource. To do this, click on ‘Add a Sender Domain or Address’ from your Account page.

mailjet-azure-sender

From here, you will add a new sender address. If you want to use more than one email address linked to the same top-level domain, you can add the domain instead. For more information, please see the Mailjet FAQ.

mailjet-azure-domains

You will also have to configure your SPF and DKIM records, just to be sure that you are doing everything you can to achieve the best deliverability possible. A good option would be to set up DMARC and customize your return path, too.

Setting up your Mailjet’s SMTP relay

To set up your SMTP relay you will have to click on “Manage” the Mailjet resources and access the Settings tab. Under the Properties tab, you will have to fill out your API key and also set up Mailjet’s SMTP server in-v3.mailjet.com and the port you would like to use. If you want to check which ports Mailjet supports, you can visit our article on the subject.

mailjet-azure-smtp

And your password (API secret key) needs to be added in Key Management.

mailjet-azure-management

You are all set up to use Mailjet’s SMTP relay from your Azure now. But if you prefer to use API, keep reading. 😉

Using Mailjet’s API

As you probably guessed already, to use Mailjet’s API with Azure, you will have to use our .NET wrapper and reference the Mailjet .NET class library. The Mailjet NuGet Package is an easy way to retrieve the Mailjet API and configure your application with all dependencies. NuGet is a Visual Studio extension that facilitates installing and updating tools and libraries. It is included with Microsoft Visual Studio 2015 and above.

Open a new “Project” in Visual Studio and choose the template:

mailjet-azure-api-setup

In Visual Studio, go to ‘Tools’ → ‘NuGet Package Manager’ → ‘Package Manager Console’ to open the Console.

mailjet-azure-api-resources

Select the Project from the ‘Default Project’ menu, then enter ‘Install-Package Mailjet.Api’ in the Console to install it.

mailjet-azure-console

Once installed, you will be able to view the installed dependency under ‘Dependencies’ → ‘NuGet’ → ‘Mailjet.Api’.

mailjet-azure-api-console

Mailjet.Api is the name of Mailjet’s .NET class library. It contains the following namespaces: – Mailjet.Client – Mailjet.Client.Resources

Add the following code namespace declarations at the start of a C# file, in which you want to programmatically access the Mailjet Email Service.

using Mailjet.Client;
using Mailjet.Client.Resources;

And now you can benefit from all advantages of Mailjet’s API.

mailjet-azure-happy

Summing it up

Now you know more about what Azure is: one of the best cloud computing platforms with the most functionalities. By using Azure, you can forget about the expensive on prem infrastructure and be sure that you can have access to your infra anytime,anywhere. You can also add countless additional resources to your platform and manage everything you need in one place. The integration with Mailjet will give you the possibility to take care of your emailing from Azure with more ease and create perfect emails. Don’t miss out on such a sweet opportunity.

Follow us on Twitter and Facebook for more tips and news.

Deliverability Mistakes to Avoid During the Holiday Season

The holiday season is almost upon us, which means marketers (especially those in retail) will begin to increase their sending frequencies, and will also widen their nets to reach out to as many contacts as possible. As a result, at Mailjet we’re expecting to see very high volumes coming from our senders and the risk to deliverability increases as a result of emails being sent to older and more inactive contacts.

Both of these actions can lead to poor deliverability if not done with care.

Of course, this isn’t something that only Mailjet faces, as anyone in the email industry – from email marketers, other email service providers, and deliverability services (like our friends at 250ok) – can attest to. So, in an effort to do our small part to ensure the email industry is best prepared for the holiday season, we thought we’d share some tips on how we are approaching it this year.

Plan ahead for the holiday season

In short, just like preparing for your holiday parties and gift exchanges, the best piece of advice we can give to you is plan ahead!

We understand that most retailers make the bulk of their revenue during Q4, so the stakes are high. But at ISPs like Gmail, Outlook, and Yahoo!, the email volume level is also incredibly high, and they can tend to take longer to mitigate deliverability issues during this period of high email activity.

While we cannot magically fix all issues, preventing a deliverability issue through responsible sending and a well-planned holiday strategy is how we can help ensure success this season.

Here are some key dates with huge sending volumes to keep in mind this holiday season:

  • Nov 23rd – 28th: Week leading up to Black Friday, to advertise upcoming sales.
  • Nov 29th: Black Friday (historically the biggest email day of the year).
  • Nov 30th: Small Business Saturday.
  • Dec 2nd: Cyber Monday.
  • Dec 9th – 24th: Weeks leading up to Christmas, to advertise holiday sales & wish their customers a happy holiday season.

In fact, at Mailjet, we often see an email volume increase of nearly 60% on Black Friday, and 17% on Cyber Monday. The only day that has ever been higher was the day GDPR came into effect in May 2018.

Email Volume in 2018

Source: Mailjet (2018)

Considering the fact that sending high email volumes during the holiday season is a global trend, it’s important to remember that ISPs have to handle this additional load of emails from everyone around the world.

This can lead to delays in email delivery and sometimes even temporary deferrals for good senders, since the ISPs servers are overloaded with messages. Holiday sending activities are also known to lead to stricter and more aggressive ISP spam filtering (making it harder to hit the inbox), and longer turnaround times on responses from ISP Support teams when email service providers like Mailjet reach out to them to resolve deliverability issues.

The key to strong deliverability during the holidays is to plan ahead and have a well-thought-out approach.

The most common mistakes we tend to see during the holidays

Increasing sent volume “overnight”

An example of this would be going from a smaller and more targeted list of “active recipients” (those who have signed up, opened or clicked on an email within the past 3-6 months), to contacting “everyone in their contact list” without ramping up to the larger volume slowly, over the course of several sends.

ISPs will perceive any large increases in volume from one campaign to the next as “spikes“. These are viewed very suspiciously by the ISPs, since they mimic spammer behavior, and can lead to spam folder placement and blocks.

To play it safe, any increase in volume from one day to the next should not be more than roughly 25% larger than the maximum daily volume you’ve sent within the past two weeks. For example, if you typically send to 100K recipients, you should target no more than 125K in the next campaign, then 156K, and so on). Given this compounding growth, you should get to your necessary list size relatively quickly.

Senders with great data quality and reputation can sometimes get away with much larger increases in volume, but this is not recommended, especially during the holidays.

This recommendation is especially important for senders on dedicated IPs, but it is also important for shared pool senders because some ISPs (like Gmail) track reputation at the sender address and domain-level, so spikes in volume from one particular domain can also be viewed as suspicious.

Sending to inactive contacts who haven’t been targeted in a long time

Some examples of this include “addresses which have not been emailed to since last holiday season” and “anyone who has not been sent an email in more than 3-6 months“.

Sending to inactive contacts can lead to high hard bounce rates and spam trap hits if the addresses being contacted no longer exist. Both of these can cause deliverability issues.

We can also expect to see low user engagement (i.e. opens/clicks) as well as higher-than-normal user complaints and unsubscribes if someone hasn’t been contacted in such a long time that they “forgot” they signed up. These also lead to deliverability issues, particularly high complaints.

It’s ok to reach back to your more inactive segments, but do so carefully. It’s important to remember that you will make most of your money (and receive the highest engagement) from your active recipients. The only way to optimize your ROI on your active subscribers is by ensuring 100% of your email is going to the inbox. Sending to inactives can compromise this.

We recommend to keep the new “inactive” segment to no more than 10% of the daily volume you plan to send as a start. If the test goes well, then you can try increasing it the next time you send. But do it slowly!

If you see signs of any of the problems mentioned above, you can pause and re-assess if it’s still worth targeting inactives (knowing it will lead to poor inbox delivery for both inactives AND actives).

 

Increasing the frequency of sending to the point where users are overwhelmed by “inbox noise”

This is another very common example around the holiday season. An example would be a company that normally sends newsletters about sales once per week, and is now sending 3x per week (or daily!).

If recipients are not used to this high frequency and become overwhelmed or annoyed by it, or simply don’t find the content useful at that frequency, it can lead to higher complaint and unsubscribe rates, as well as lower open and click rates. All of these reactions are viewed negatively by ISPs, leading to junk foldering and blocks.

It’s OK to increase frequency, but you need to provide valuable content that is worth the recipient’s time, attention and inbox placement.

Also remember that it is not only you who is sending more email during the holidays… it’s basically everyone on the internet! Which means you are fighting for recipient attention. More email in a recipient’s inbox (from you, and the rest of the internet) means less chance for one particular email to be read. As a result, you might see slightly lower open rates due to seasonality.

Time for you to get ready

We prepared a small presentation for our Customer Success team below, which can be a helpful guide and summary of these ideas.

Remember, if we can leave you with one piece of advice: “plan ahead”.

9 Responsive Email Templates For Your Holiday Campaigns

The end of the year is an exciting and stressful time for marketers. Exciting because there’s so much to look forward to during the holidays, like giving and receiving presents and embracing our creative side when trying to design stunning holiday email templates.

But, at the same time, it’s crazy stressful. So many things to think about all at once: Halloween, Black Friday & Cyber Monday, Christmas, New Year… All this comes at the time of the year when you have to assess how the year went, and plan ahead for what’s just around the corner.

Okay, we’re sorry. We didn’t mean to stress you out even more… And to be fair, there’s no reason for you to be that stressed. That’s because Mailjet has a surprise for you: six responsive email templates that will help you win the battle of the inbox this holiday season.

Responsive holiday email templates for the special dates

We always try and come up with new ideas to help make your life easier for everyone during the holiday season. This year, as part of our 2019 Holiday Toolkit, we have created three new, responsive email templates that allow you to create beautiful email campaigns in a matter of minutes.

For those of you who aren’t familiar with it, Mailjet’s easy-to-use email editor, Passport, helps you design your own emails without the hassle of coding. But for those of us who aren’t very creative, coming up with a concept or layout can be time-consuming and maybe even frustrating.

Ladies and gentlemen, here’s where our Holiday Templates come into play. Coded using our own open-source markup language, MJML, these templates are ready for you to use and adapt to match your own brand.

Black Friday Email Template

We’ve created an email template for your Black Friday and Cyber Monday campaigns. We all know that the main focus on these two occasions is on promoting special offers, so you don’t want to distract the customer with useless information. It’s best to get straight to the point, which is why the offer and CTA should be what stands out overall in the image.

Black Friday Holiday Email Template

With a sleek and enticing design, this Black Friday and Cyber Monday template uses a pop of color to draw the eye to the most important part of the email: your CTAs. In this template, there are many different CTAs for you to offer different products, or different discounts.

Do you like this Black Friday email template? Download it here for free.

Black Friday Holiday Email Template

Another Black Friday and Cyber Monday template we offer keeps it nice and simple, with the combination between white and black providing an elegant touch. It uses a solid background and avoids multiple CTAs to ensure you don’t lose the reader’s attention.

Another important thing is to be consistent with your brand, so that when your subscribers open the email they recognize you straightaway.

Do you like this Black Friday email template? Download it here for free.

Christmas Email Template

During Christmas, the focus is still on buying, but it is quite different from Black Friday and Cyber Monday. Our templates have been created to address these very differences.

During Black Friday, the key is the discount or promotion itself. But your Christmas campaigns on the other hand, they need to give your subscribers a flavor of what you offer. Including an overview of some of your products, something that will make the reader think: “Oh, that would be perfect for X”, is a great place to start.

Christmas Holiday Email Template

Simple and easy to navigate, this Christmas email template lets you share the holiday spirit while helping your customers with their Christmas shopping. You have tons of room to share your products with your customers, or just send them a nice note for the holiday season.

Do you like this Christmas email template? Download it here for free.

Christmas Holiday Template

Use enticing titles that link back to the holiday season can give it a bit of Christmas touch to attract the readers’ attention, and get them into the holiday spirit. Lastly, take it a step further by using personalization and segmentation in your Christmas emails, to make your customers feel even more special.

Do you like this Christmas email template? Download it here for free.

Happy New Year Email Template

Okay, this one may come as a bit of a surprise. “Why do I need a Happy New Year template?”, you might wonder. Well, to send them your best wishes for the new year, of course.

You want to build brand loyalty by letting your customers know that you think about them, that you cherish them, and you wish them all the best for the coming year. Don’t make the mistake of thinking that the only emails that bring value to your business are promotional ones.

New Year Holiday Email Template

Wishing your customers a peaceful and productive new year is so easy now that you have this beautiful template.

While you’re wishing them a Happy New Year, you can also take the time to hint at what might be coming., Are there any big updates in the coming year, or maybe some new product launches? You can use this email to hint at them, or maybe even announce them!

Do you like this Happy New Year email template? Download it here for free.

New Year Holiday Template 2017
And why not make them even more fun by including some animated content? Always remember that customers want to feel close to the brands.

Do you like our Happy New Year email template? Download it here for free.

Mailjet Account Banner

Responsive holiday email templates for your seasonal promotions

Seasonal product email template

Christmas time is buying time, too. Everybody is looking to buy presents for their loved ones and there is hardly any other period in which people are willing to spend as much money as they do during the Christmas season.

If you’re planning to send out a campaign promoting your products, check out our template Oslo. Its sleek design is perfect to highlight your seasonal offer and products. Enhance the Christmas feeling by including a festive picture at the top, and keep the email clean and simple, ensuring your products shine.

holiday email template for product promo
It’s also important to use high quality pictures, but make sure these are not too large, as they might not display properly on all devices. Choose a clear headline that describes the content and entices the reader to open your email, like “Our special Christmas products“.

And don’t forget: even if your holiday campaign is related to Christmas, it still needs to reflect your company’s brand identity.

Do you want to see all our templates? Check out our template gallery here.

Special promo email template

Saying “thank you” to your loyal customers is one of the most powerful things you can do. One of the best ways to do so is by offering a special promo discount.

Our template Racoon is perfect for that. It drives the reader’s attention to the central element, your special offer, but it also includes some products that your customers might want to use the discount on. However, the focus should always be on the seasonal promotion you are offering.

Racoon Email Template

Be as personal as possible. This is your loyal customers we’re talking about – you want them to feel special. Include a personalized intro text, segment your lists based on the data you have from them or, even better, use dynamic content to target them better.

Do you want to see all our templates? Check out our template gallery here.

Company’s story email template

December is the perfect time to give your customers an end-of-the-year company summary. Duh, you might think. Yet many business still avoid talking about themselves.

Part of building brand loyalty is being open about what you’ve been up to and sharing your success with your customers. What did you achieve this year and what can your customers expect next year?

Our template Colorado is a great choice to do just that. It includes a timeline in which you can show your most important milestones, and also gives you the opportunity to add a quote from the CEO or another relevant employee. Top it up with a special gift or promotion, to celebrate and thank your customers for the success you’ve had this last year, and drive more traffic to your holiday offers.

holiday email template for year recap

Your email needs to engage your reader, so remember who your audience is. You are not sending this campaign to investors or stakeholders, you are sending it to your customers. Keep it entertaining and relevant. Don’t just give facts, create a story around your company that works alongside your company’s brand identity.

Do you want to see all our templates? Check out our template gallery here.

You can also find great email templates here.

Start designing your campaigns

As we’ve already said, our aim is to make life easier for all of us marketers. And our templates are extremely handy.

The best thing about using these Passport templates is that it’ll only take minutes to adapt and edit them to match your needs. Try them out or experiment with some of our other options by visiting our template gallery. The only thing you need is to have access to your Mailjet account or create a free account.

We hope that you love our templates as much as we do, and that they will help your email campaigns make a splash in the holiday inbox. Just don’t forget the importance of the subject lines you use, because they will make a huge impact on your open rates.

If you need any more inspiration on building your Holiday campaigns, you can find everything you need in our Mailjet’s Holiday Emailing Toolkit.

Have you created beautiful email campaigns with our Holiday Templates? Share your thoughts with us via Twitter.

***

This blog post is an updated version of the post “Beautiful Responsive Email Templates For Your Holiday Campaigns“, published on the Mailjet blog on November 24, 2017 by Laura Chieri.