Steep rise in cyberattacks

The rise in spoofing, phishing, and other cyberattacks has had a significant negative impact on brand trust in a subscriber's inbox. Just look at the numbers. In 2019, an estimated 779,200 attacks were observed by the Anti-Phishing Work Group (APWG). Only 4 years later, in 2023, that number jumped to over 5 million – a 541% increase.

What’s more, an estimated 3.4 billion emails a day are sent by cyber criminals designed to look like they come from trusted senders (i.e., from you). This is over a trillion phishing emails per year. Can you really blame subscribers for being skeptical over the legitimacy of what lands in their inbox, even if it is from a trusted source?

The main problem for brands is the nature of these attacks. Criminals use spoofing techniques, where they disguise their emails to appear as if they are from a legitimate source. As subscribers become more aware of cyber threats, they are likely to be more wary of emails they receive, even from familiar brands. This can make it difficult for you to get your messages across and can lead to subscribers deleting emails, marking them as spam, or simply not opening them.

If you are unfamiliar with modern cyber security threats, here’s a list of some of the most common attacks your customers face:

While phishing attacks can target any industry, there are certain factors which make particular industries more vulnerable than others. For example, small and medium businesses (SMBs) typically have fewer resources to invest in robust cybersecurity measures, making them more attractive targets.

Another common target is financial institutions. Banks and credit unions hold sensitive data such as account and social security numbers – another juicy option for attackers looking to steal financial information.

Here’s a list of some of the most attacked industries:

Data sourced from the APWG Phishing Activity Trends Report

So, if your business operates closely in any of these sectors, it’s especially important you take steps to prioritize transparency and security, implement strong authentication protocols, and stick to email marketing best practices to build up trust with your subscribers.

What can be done to reassure subscribers?

Now you’ve seen why subscribers have a good reason to be wary of what lands in their inbox, let’s look at what you can do regain their confidence.

Implement email authentication protocols

Email authentication is a set of protocols that work together to verify the legitimacy of a sender. In simpler terms, it's like a digital ID check for emails. This verification process helps build trust in brand communications by reassuring recipients that the email was actually sent by the brand, and not a malicious imposter.

The three standard email authentication protocols are:

• SPF (Sender Policy Framework)

• DKIM (DomainKeys Identified Mail)

• DMARC (Domain-based Message Authentication, Reporting, and Conformance).

They work in conjunction to validate a sender's identity, prevent email spoofing and phishing attacks, and improve overall security and email deliverability.

Let’s look at each one in a little more detail.

SPF – Sender Policy Framework

SPF is like a list you give to the post office saying who is allowed to send mail on your behalf. Anyone on the list (authorized email servers) can send emails with your name on it (your domain name in the "From" address).

If someone not on the list (unauthorized server) tries to send an email pretending to be you, the post office (receiving email server) will become suspicious and won’t deliver it to the recipient's inbox.

DKIM – DomainKeys Identified Mail

Imagine you're sending a signed, certified letter. DKIM is like that for emails. When you send an email, DKIM adds a special digital signature to your message. This signature is essentially a secret code only you and the recipient's mailbox know.

The recipient's mailbox can then check this code with a public record to verify it's really from you.

DMARC – Domain-based Message Authentication Reporting and Conformance

Sticking with the post office analogy, DMARC would be the set of instructions on what to do with those unrecognized letters (i.e., those that fail SPF or DKIM). You can tell them to bounce them back (reject), hold them for inspection (quarantine), or even let them through (deliver) with a warning label.

Educate subscribers about cyber threats

While you might not work directly in the cybersecurity field, you can still reassure subscribers by educating them about cyber threats and provide tips on how to safely navigate their inbox.

Another good practice is to outline exactly what sensitive data you would ask for via email (if at all), from which sender address, and how. This way customers are better informed on how to spot suspicious emails from attackers trying to impersonate your brand. Let’s look at an example from Nationwide Building Society (financial institution).

Notice how Nationwide provide a link to a dedicated security web page if customers suspect any suspicious activity.

The building society clearly outlines their policy for sensitive data collection, informing customers that they’ll never include or ask for confidential information via email. Therefore, any correspondence of this nature received from the bank should be treated as fraudulent.

By being specific about the sensitive data you collect and how, brands can build trust with their customers and ultimately create a more secure environment for both themselves and subscribers.

Be transparent and accountable

Before the implementation of data regulation laws such as GDPR and the CAN-SPAM act, the email marketing plains were a like the Wild West. Baron, lawless, and fraught with danger.

While that might be a slight exaggeration, the customer–brand relationship definitely became strained. Subscriber’s felt their personal data was being misused, without their consent, to the financial benefit of companies. While that has now been brought under control – with brands now held accountable for their data collection policies – scars from that bygone era remain.

So, what can brands do about it? By taking steps to not only abide by new data regulation policies but openly transparent about what’s being collected and why, brands can help to rebuild trust with their subscribers and ensure that their email marketing efforts are successful.

Prioritize email deliverability

Every day, important emails containing password resets, special offers, and essential updates land in our subscribers’ inboxes. If they are delayed, trapped in a spam filter, or vanish altogether customer frustration mounts and their trust in your brand begins to fade.

That’s why focusing on deliverability is an excellent way to not only increase brand trust, but also boost your return on investment (ROI) from the email channel. In fact, a 2023 Forrester Consulting Total Economic Impact™ study on our sister company, Sinch Mailgun, found that organizations would see a 264% ROI increase after just three years from improved email deliverability. Not bad, right?

And don’t just take our word for it. Almost a third of consumers from Sinch Mailgun’s 2024 Email and Customer Experience report (32.8%) admitted they’d be annoyed or frustrated if a brand’s emails regularly end up in spam. Another 10% say they’d lose trust in your brand, and almost as many say they’d unsubscribe from your emails.

Be consistent

Consistent email sending schedules create a sense of routine. Subscribers know when to expect your emails and become accustomed to seeing your brand in their inbox. Meaning, if you’ve stuck to best practices and sent a double opt-in confirmation the subscribers left on your email list are there for a reason – they want to receive your content.

So, when you fail to show up on time (or at all) they’re not going to be too best pleased.

Consistency also goes beyond just the timing and quality of your emails. Maintaining a consistent brand voice, design aesthetic, and value proposition across your emails reinforces your brand identity and builds trust. Subscribers come to recognize your brand and understand the value you offer, fostering a sense of familiarity and reliability. This consistency demonstrates that you're not just out for a quick sale, but rather committed to building a long-term relationship with your audience.

How can Sinch Mailjet help?

At Sinch, email deliverability and authentication are at the core of our product offering for all our email solutions. We’re constantly striving to give senders the tools and advice needed to establish trust with their audience and maximize email campaign performance.

If you’d like to find out more about how we can help, drop us a line below. We look forward to hearing from you!