EP #24 Email Authentication – Setting the facts straight.

EP #24 Email Authentication – Setting the facts straight.

About this Podcast

Brian Westnedge joins us on today’s #ForTheLoveOfEmails podcast. Brian leads America’s Channels for Red Sift, which provides a fully automated DMARC and BIMI implementation and enforcement solution called OnDMARC, bringing easy, accessible, and trusted messaging to organizations of all sizes. He has over 15 years of experience in deliverability, security, and authentication and has worked in the DMARC space since its inception. In this episode, we will dive deep into various factors of email authentication, as well as shed some light on  DMARC and BIMI.

Quick snapshot
In this podcast, they discussed
Where does marketing authentication come into play?
The trends or changes in behavior when it comes to spoofing or fraud when you look across your client base
Understanding visibility from DMARC reports.
Understand how DMARC is a cross-functional initiative.
Discusses if you were going to go talk to a brand that had never really looked at DMARC, or even to a degree, what would you tell them?
Is BIMI a Trustmark or a reward for doing authentication?
Hot tips on how you can test BIMI.
Tips to help marketers sort with their brand and email programs.
Episode Transcripts

Intro/Outro:  You’re listening to the ForTheLoveOfEmails podcast, powered by Netcore, a weekly show dedicated to helping email marketers, marketing enthusiasts, and professionals of all walks, engage, grow, and retain customers.Through reliable, smart, and effective email communication and engagement. Discover actionable ways to increase ROI and deliver value through email innovations, personalization, optimization, email deliverability, and email campaigns.No fluff tune in to hear best practices and tactical solutions from the best thought leaders and practitioners master your email communication now.

Matthew Vernhout (00:42): Welcome to another episode of, for the love of email as always. I’ll be your host, Matthew Vernhout, vice-president of deliverability with Netcore cloud. You heard that right. Netcore cloud we’ve rebranded from the name Netcore solutions globally. So now the entire company worldwide is known as Netcore cloud. Very, very exciting times. It’s more than just the name change though. We are realigning to better serve our customers with the Netcore customer engagement platform for email web and app push notifications, journey builder, and more. Our email API service is also getting a major upgrade with a completely new look and feel more reporting and features to help highlight the success of your email efforts. Head on over to Netcorecloud.com to see what else is new today. We have a great guest with us, Brian Westnedge, senior director America’s channel with Redshift sift red sift, Brian and I have a long history of working together over the years as business partners, helping educate clients on email, best practices, deliverability challenges and like our topic today, email authentication, Brian, welcome to the show,

Brian Westnedge (01:50): Matt. Thank you. It’s good to be here.

Matthew Vernhout (01:52): Apologies for flubbing. All of that as I went through the first time sometimes you don’t quite make it, so Brian, why don’t you start by introducing yourself to the listeners today?

Brian Westnedge (02:04): Absolutely. Well, thank you, Matt. I look after our partnerships here at Red Sift and yeah, Been like you have been in the email space since the two thousand. You may even pre-date me on that. Oh gosh, Working started my email career with return path as many in the deliverability and authentication space have, and worked at a few different DMARC providers and excited to be a red sift working on their DMARC platform and broader cybersecurity solutions. So it’s great to be with you today to chat a little bit about email authentication, a topic that I’m sure is near and dear to, listeners your hearts.

Matthew Vernhout (02:49): Absolutely. I think everyone needs to be paying attention nowadays to email authentication with all the exciting things that happened in the world, especially as online and spoofing and phishing become more prominent. You know, every day it seems like you hear a new article about some major data breach involved, you know, some type of phishing messages being sent or some type of fraud being committed. And it’s just incredible how prevalent has become, especially over the last year as more and more people have shifted to remote work and are working from home.

Brian Westnedge (03:23): Yeah, I think I sense that companies, you know, there’s always room for improvement, but most companies are doing something to address like their infrastructure and their network security and, you know, everything shoring up their, their, their network and their endpoints and their devices and their users. So they’re doing a pretty good job at that. So if I’m a malicious attacker these days, the easiest way to get my way inside of an organization is to, you know, go after people rather than infrastructure, if you will. So, and we know the easiest way to get access to people is through emails. So I think people are still probably the weakest link and in kind of the cybersecurity chain and we’re all human. We all get a lot of emails. It’s very hard these days sometimes to spot the difference between a fake email and a real one.

Brian Westnedge (04:18): Even for those of us that have been in this space a long time, if someone sends you an email that doesn’t have a link in it or an attachment, you know, doesn’t have anything to kind of raise your red flags. If it looks pretty legit and in, you know, the content itself has kind of the innocuous, maybe it’s like, Hey Brian, this is Matt I’m on the road today. And I need you to send me that wire transfer and here are the instructions, or, you know, Hey, Susie, this is the head of HR. Can you send me last year’s tax payment forms you know, there are so many different ways. I think these days that the malicious actors try to you know, take advantage of people’s inherent helpfulness too. So if you get a message that purports to be from your manager, for instance, you’re probably gonna look at it and, and, you know, depending on how trustworthy the message is, you know, you might be a little more inclined to take action on it, if it’s from an executive or your manager or somebody that you work with really closely.

Brian Westnedge (05:26): So I think, you know, we’re all trying to shore up, security plug the hole so we can plug in and try to, you know, give people tools to, look and spot from malicious email, but then also use technology to help solve part of the problem too, which is where do marketing authentication come into play?

Matthew Vernhout (05:48): Right. So over the last year, since we’ve all been working from home, living remote, you know, I, live remote and work remotely full-time. So it’s not been a change for me, but as more people have gone sort of remote, you know, have you noticed any trends or changes in behavior when it comes to spoofing or fraud when you look sort of across your client base, some more prevalent, more frequent, you know, what’s the experience, or sort of the trends that you’re seeing right now when it comes to that over say, you know, the last 12 to 18 months since everybody’s been locked down.

Brian Westnedge (06:25): Yeah. That’s a great, a great point. Most of the IT organizations that we work with, were, as you mentioned, just for several months, they were just focused on the transition to remote work and people set up at home if they weren’t already. Yeah. You and I worked from home already. So it wasn’t a big shift for us, but people that worked in an office now working from home, setting up VPNs and two-factor authentication, and getting everybody you know, supported with a remote working environment. I think that took up a really big portion of most of its team’s times. And they didn’t have, have you know, bandwidth to focus on other areas of security in particular email authentication. One trend we saw was malicious actors trying to leverage COVID in their messaging. So, you know, if you think about malicious actors and spoofers, you know, they’re marketers in a sense as well, and they want people to take action on their message, just like a legitimate marketer, you know, the difference is you know, it’s going to be a negative action to you as the recipient.

Brian Westnedge (07:37): You know, if you click on their link or if you go to their webpage and, and give up your credentials, or if you send that wire transfer or do whatever. So I think of the malicious actors as you know, as marketers, they test different subject lines. You know, they test different offers in the content of their message. So we did see a lot of like COVID-19 type messaging where people would prey on the fears of people, you know, working at home and the fears of people just as human beings, navigating the pandemic, like, Hey, here’s some COVID-19 resources you can go check out and people would go, you know, to invoice a site that purported to be informational. So, you know, we worked with one of the big global health organizations that were being fished.

Brian Westnedge (08:31): So their domain was, was being used in communications with you know, personal citizens or consumers, if you will, you know, their domain, which is a well-known domain global health organization, they were being spoofed pretty significantly. So they implemented DMARC in about, I think, 40 weeks or so, and immediately stopped, you know, the malicious spoofing of their domain. And they saw kind of the delivery of their legitimate mail, get a little bump as well because people, you know, we’re now seeing only legitimate mail from that domain. They weren’t seeing the spoofing more. So it’s kind of a dual benefit. They authenticated the good stuff. And when they did that, they could block the bad stuff.

Matthew Vernhout (09:18): Yeah, that’s a that’s something I’ve seen as well with the brands in the past, you know, in the retail space, even where, you know, they’re being targeted by phishing targeted by spoofing whether it’s you know, malicious actor or even a competitor trying to impact their, their domain reputation was going through the process of DMARC, gets them that, you know, protection helps them identify where they maybe have some of their weaknesses, but then at the same time, when they get through that challenge of, you know, getting to a reject policy, remit even a quarantine policy, but more so a reject policy seeing that lift is consumer behavior because they are getting rid of that malicious, they are getting rid of that suspect, questionable stuff. And consumer trust does happen to go out. That’s, that’s pretty impactful, I think. And it ran a pretty good story. So when I get in front of a marketing team that, well, why should I do this? Right. Do you know?

Brian Westnedge (10:21): Yeah. Do you want somebody else using your brand? i.e. Your domain without your permission. And obviously, DMARC doesn’t solve every type of email spoofing issue. It stops the abuse of your domain doesn’t address, you know, cussing them look like domains, obviously are people that use completely separate domains to spoof you. And maybe they just boot the display name and not the domain. But, but what it does, I think it does, it does very well, which is, you know, stop the use of your domain without your permission, give you visibility into who’s using your domain. So once you have that visibility from DMARC reports, you can decide, okay, is this cloud service I’m using, you know, if you have people they’re using Netcore cloud for marketing, they’re probably using other cloud services for, you know, potentially marketing automation, HR, payroll service you know, there’s, if you think about all the systems that you log into daily, you know, to do your job, you know, I can think of like 20 cloud-based services.

Brian Westnedge (11:24): I use it every day. Most of those services send email as our domain, but, you know, without DMARC, you don’t have any visibility into all of those cloud services, sending mail as you, and you may not be authenticating them cause you just not aware of them. And very few organizations that we talk to have like an email governance function, right? There are people in marketing that might use Netcore cloud there are people in IT that administer the office 365 or G suite. But, you know, nobody is looking after kind of email as a whole across the organization. And for me, you know, I’m, I’m heavily biased cause I believe in DMARC and I’ve been working in the space since the beginning, but I believe it gives you that visibility to govern your email program. You decide what services you want to authorize, which means, you know, essentially authenticate in, you know, you, you authenticate the good and, and you block the bad, which could be spoofed, or it could be shadow it to be quite honest, you know, in big organizations, you know, especially global ones, they may have far-flung operations.

Brian Westnedge (12:32): And, you know, you might have an intern somewhere who decides to spin up an email program without the approval of the marketing team, or, you know, you have some organization that says, Hey, I’m onboarding a new service provider and payroll, but they never tell the IT team to remove the old provider from the SPF record or something like that. So, DMARC, yeah, it’s it, it can have a governance function. You know, there’s some exciting things I know you’re deeply involved in, you know, around BIMI that make it even more interesting to marketing other than, you know, kind of the brand protection angle of DMARC. But it really, I think of kind of email authentication, DMARC is a cross-functional initiative. People in information security should care about it. People in the infrastructure team should care about it. People marketing should care about it. Executives should care about it because it’s all about, you know, brand reputation. So

Matthew Vernhout (13:25): That’s a great way to talk about it in regards to a governance program. You know, I think there’s a lot of, you know, silos that happen, like you were saying overall email governance program, you know, that’s something I’m going to take that away and I’m going to start using that. I think I’m going to put that in my playbook of things to talk to people about is as we go, because you’re right there, there are so many different teams with so many competing agendas and everyone’s trying to, you know, move forward. You know, it’s like you know, I used this analogy once and I was talking with a client it’s like, you’re all on the same team, but you’re playing different sports. There’s, there’s no sort of cohesive movement. You know, we’re not all playing football.

Brian Westnedge (14:12): Some of us are playing rugby. Some of us are playing soccer and some of us were playing north American sell football, right. Maybe you’re in the difference between listeners here  CFL and NFL. Right. And the rules are just slightly different. But it’s all sort of that similar thing, but we’re all moving in slightly different directions with slightly different rules. So that’s a great way to put it email governance. I’m going to put a, put a flag in that one and start using that myself, but let’s take a step back just a little bit, you know, I always like to hear sort of the different ways that people describe the basics of DMARC and, and how it works and how they explain it to a business. So if you were going to go talk to a brand that had never really looked at DMARC, or even to a degree, you know, what would you tell them? Where would you start?

Matthew Vernhout (14:55): Yeah, it’s a great point. It’s, it’s always a much easier conversation when the brand has had some sort of issue, especially when that’s made the news. So if you, if you hear about fear about a retailer, for instance, that has a data breach almost always that’ll get tied back to some sort of phishing attack. You know, like the Target breach, you know, years ago was like one of the first big you know, the data breach has to hit the news. And that was, I think they used a third-party contractor for their heating ventilation and air conditioning, but somehow the most accurate fished that vendor to target and got into the target network via a vendor. So yeah, whenever, whenever you hear about data breaches in the news, whether it’s, you know, kind of solar winds or you know, a retailer almost always the root cause of that breach is going to be tied back to email in some way.

Matthew Vernhout (15:53): There was one just today that was, that was kind of on the MOG slack channel. You probably sell park mobile. So I got the email myself, cause I’m a customer who loves you to pay your parking fees from a, from an app. But they were just breached, sent out a notification, all the users. And I don’t think they said what the cause of the breach was, but I bet you anything it’ll end up being phishing. So, you know, certainly, the conversation can be a lot easier if they’ve had some sort of issue if they haven’t, which hopefully is the case, then I’ll start talking a little bit about, you know, best practices and, and you, and I know from being in deliverability way back, you know, email authentication is only one piece of, of the deliverability cocktail. You know, it may be no more or less important than all the other factors we care about when we’re thinking about sending reputation but it is a piece.

Matthew Vernhout (16:44): So I’ll talk to them a little bit about, you know, best practices, you know, Hey, do you remove you know, complaints from your list? Do you regularly you know, age out non-responders, you know, do you, do you remove spam traps or, hard bounces, you know, just kind of the basics and talk to them a little bit about, okay, if you’re doing these basics, then email authentication is a piece of that. And they’re probably aware like if they’re using Netcore cloud, like, you know, they’re authenticating their marketing traffic with SPF and Dkim through Netcore cloud, but then they just may not have thought about all the other systems that are using their domain for emails. So I’ll talk to them a little bit about that. Well, Hey, do you know, do you guys use Salesforce?

Brian Westnedge (17:26): Yes. Do you know if it authenticates probably, well, I know, to use Zendesk, do you use a fresh desk to use you know, Marketo or Eloqua or, or any marketing automation providers and you start getting people thinking well, yeah, I think I do, but I don’t know who looks after that. And yeah, well, I should probably look into that because it doesn’t mean no if I only authenticate my marketing traffic, but I haven’t authenticated all my other stuff. So I’ll talk to them and, you know, try to build a bigger picture that you can’t if you mentioned silo your marketing program and think that it’s going to be treated differently than their other mail streams necessarily. So it’s the best practice you should be authenticating all your mail streams, you know, it sounds kind of basic.

Brian Westnedge (18:13): Then I’ll talk to them a little bit about, you know, especially if they’re a B2C brand, you know, what do you want people to trust the email they get from you? Well, yes. Well, did you know, without DMARC, anybody can spoof for your domain and it’s trivial? You know you don’t have to have a lot of technical expertise these days to spoof an email. You can find web forms online that allow you to fake pretty much any, you know, from a domain, you can not have any particular expertise or you don’t have to be even operating grown mail servers. You just, you can, you can, it’s trivial, I think, to spoof somebody. And I don’t think a lot of people kind of realize that, or they’re still thinking about kind of the old, you know, Nigerian, you know, kind of four, one nine scams, which were really, potentially you know, emails that had grammar issues and pretty easily, despite just by looking at them that they were fake.

Brian Westnedge (19:14): Whereas today, as I said, there are highly targeted socially engineered emails. So we all get, you know, the bad guys see LinkedIn for their purposes, just like we use LinkedIn for, for legitimate purposes. They try to figure out connections within organizations and then craft emails that get a response to their negative outreach. So I will, I will talk a little bit about definitely best practices protecting your brand. He does all these other things, to protect your brand reputation. Maybe you monitor you know, some B2C brands probably use services that, that monitor social media for negative mentions of their brand or monitor you know, you know, various websites, you know, like if you’re are people counterfeiting your, your goods, if you’re a retailer. So there are all these different services that companies can use.

Brian Westnedge (20:11): I think email sometimes gets taken for granted just because it’s been around so long, it is kind of the workhorse of business, but people take it for granted because I think they just think, well, it’s been around so long, we’ve been using it forever. It probably is authenticated. Or probably somebody within my organization does, is doing what they need to do. And the reality is, well, no, you know, there are still companies. We see that don’t use the Dkim yet, or maybe they have multiple SPF records. So they onboard a new service provider and the IT person creates a new SPF record instead of updating the existing one or a lot of times maybe they add service providers, their SPF record, but they never removed their old service provider from the record. So it just gets big and bloated and it breaks up the 10 lookup limit and all that stuff.

Brian Westnedge (21:06): So to get, I guess, to get a marketer to care, I want them thinking about, Hey, authentication is not, it’s not a nice to have in today’s world. You know, it is a must-have, you need to take responsibility for your email. You need to authenticate it. It’s part of your setting reputation. And if you don’t, then you’re going to have somebody that impersonates your brand and your brand is going to have a negative reputation if you do nothing. And then obviously things like BIMI may make it a little easier to get marketing interesting and involved. But if we say, Hey, there’s a reward for you as a marketer for getting your domain protected. And that is being able to display your logo in a mail claim, which should be of interest. So, you know, I think you, you, and I’ve kind of see there’s kind of the carrot and the stick approach to getting a brand, to adopt T mark.

Brian Westnedge (22:02): And the stick is, you know, someone like Google or Yahoo or Microsoft, you know, flashing some sort of user warning if a message is not authenticated. Yeah. That’s kind of, the stick is like, Hey, domain owner, if you don’t think of your mail, then I’m gonna, I’m gonna display user warning. So that’s not going to be good for you and your business. If people get a warning message, when they get a legitimate mail, that’s the stick.

Matthew Vernhout (22:28): In Gmail, or they have like the big red question mark

Brian Westnedge (22:31): Yeah. Right. Yeah. Nobody wants that, if your brand, but then the carrot is, Hey, domain owner, you know, if you do this thing, you know, if you put in the workaround authentication, then the reward is a logo, which, you know, gets more people interested in, in, in the process, I think. And again, back to the kind of the cross-functional nature of it, it becomes not just it or a security project that becomes, you know, a project that marketing can get behind as well.

Matthew Vernhout (23:00): Yeah. So you, you touched on BIMI and I have my sort of effort on the working group to help drive the standard. And I hear a lot of times, you know, there’s misinformation where people say, well, it’s a, it’s a trust mark. It’s low you know, it’s going to be the new thing that people are going to trust, but, you know, just going to be spoofed and, you know, what are your thoughts on BIMI in general for, you know, the value of it being, you know, what people consider to be a Trustmark even though it’s not like you said, it’s, it’s a reward for doing authentication, right. So that’s, that’s all right. I think, you know, clearly something that needs to be repeated over and over and over again, it’s not a Trustmark, it is a gold star for doing the work to get things properly authenticated. You know, but from the point of view of people saying, you know, is it going to be a driver for engagement? Is it going to be a driver for security is going to be a driver for, you know, brands to adopt the solution? What are your thoughts, on those sorts of things in general, as it comes towards BIMI?

Matthew Vernhout (24:10): Yeah, that is kind of the million-dollar question, I think. And to my knowledge, the only official kind of data we’ve gotten from a mailbox provider who supports BIMI is Marcel from Verizon media group on the BIMI group website. There’s an interview with him a video actually, where he talks about kind of Yahoo’s initial you know, kind of data from companies that have implemented BIMI. So I’d encourage the audience and correct me if I’m wrong, but I think that’s the only official word I’ve seen from a mailbox provider is Marcel’s interview on the BIMI group website. So I’d encourage anybody interested in this topic of the BIMI group, BIMI group.org, really easy. You’ll find Marcel’s video. He talks a little bit about Yas’s initial experience with BIMI. You know, I think, I think it’s going to be a lot of confusion for a while to be quite honest, we know, you know, Google has, it’s been me the pilot and maybe they’ll release some data from that.

Brian Westnedge (25:15): You know, do we know that BIMI is going to drive open rates yet? I don’t think we do, especially if you know, the logo is not displayed in the list for you right now. Can you drive an open from something that’s already opened? I guess if, if that’s when the look is a split and I know in Yahoo, I think it is a logo is displayed in the list view on the mobile client. Right. So that could be, yeah, that could be, you know we could be able to draw some, some, some, you know, some, some interpretations from that, but I think in the absence of the data from the mailbox providers at the moment you know, we’re going to be releasing some, research that we did a red sift with consumers, you know, asking about not BIMI per se, but kind of logo placement.

Brian Westnedge (26:06): Like, Hey, if you see a logo in an email, do you remember that brand more versus somebody’s email that doesn’t have a logo in it? You know, so kind of like brand recall or, you know, things like if you see a logo in the list view, would you meet more inclined to open a message or once you open the messaging, you see a little bit there, what does that mean to you? You know, are you more inclined to take any action from the email? So I guess in the absence of the official data from say Google or Yahoo, or FastMail, who’s implementing BIMI as well we’re going to try to do our own BIMI, like research, just to see what consumers you know, think about a logo, display an email, not so much the standard behind it, but just seeing a logo.

Brian Westnedge (26:54): what kind of reaction does that have? And I’ll look forward to kind of sharing that with you and potentially, you know, your listeners here in a few weeks when we release it. But yeah, I think there’s gotta be a lot of confusion. I will say I’m optimistic at heart. So I’m cautiously optimistic that, you know, it’s going to lead to a positive correlation with brand engagement, you know, whatever that means is the open rates per se. I don’t know yet. I think it is still a little early. You know the only thing I know is to be able to leverage BIMI, you’re going to need to get your D mark, excuse me, your domain to demark enforcement. So if you’re a marketer that’s heard about BIMI, think it’s something that you might want to do then, you know, it’s probably better to start earlier rather than later.

Brian Westnedge (27:41): So get your domain ready. You know, for BIMI, once it’s generally available to everybody, anybody can use it today. Yahoo, if you follow you know, Yahoo’s guidelines, which are posted on the website as well, but, you know, what are things going look like when, when Google goes into general availability, hopefully later this the summer? Yeah, I think, I think there’s still a lot of unknowns there, but I mean, just kind of intrinsically to me, I think having a trademark logo that’s recognizable to an end-user, having that in a mail client, that’s it, it’s probably better than not having an email client

Matthew Vernhout (28:27): Talking with some brands that have implemented it and then looked specifically at their Yahoo stats. They have seen some positive movement. The challenge becomes, is it positive because they implemented DMARC. I reject, is it positive because of all the behaviors that were causing some delivery problems in the past, or is it positive because they’ve done everything they need to do to implement BIMI, right? So there’s a bit of a challenge there too, to, you know, nail down exactly what would the change of behavior with, but certainly, they did see a lift after, after implementing the whole process from the sort of start to finish. So there is something there beyond, like we said earlier, right? DMARC helps. It’s you a little bit of a performance lift, for the most part, maybe not for everyone, for the most part you know, will be me do the same.

Matthew Vernhout (29:21): I would say anecdotally, there are a few brands that have certainly seen a lift in the mobile performance at Yahoo mail client. So you know, it is possible. I would also say something interesting that I learned regarding the Yahoo mobile client. You can plug any email address into the mobile client. So you could check your Gmail through the Yahoo mobile client. And if you’re publishing BIMI, you can see the logo so that the client will display it based on there which is interesting as well as I saw some of their partners. So, I have my home ISP as a Yahoo partner. And if I log into their webmail client, I see logos as well. So certainly some interesting technology there, whether it’s officially supported unofficially supported or just the intention of using the Yahoo mail client, it functions as part of the mail client, which I thought was interesting.

Matthew Vernhout (30:17): You know, that there’s nothing out there that sort of efficient. This is just my playing around and testing because I needed to get enough email that I could see brands with logos. And then I went back and started to determine, was this just avatar configuration, or was it publishing a self-serve self-signed BIMI logo. And it’s certainly more places than I was expecting it to based on that testing. So certainly some interesting things there that if you’re looking at it and you want to test it, just plug in your email to Yahoo mail, Yahoo, mobile client, and then you should be able to see the messages there as long as you meet the Yahoo requirements implementing them, which is, which is great. I think that that’s a real sort of interesting take on it that it’s not necessarily even about your specific message, but the client, that’s the message that shows you the, makes that decision, which is, which is interesting.

Brian Westnedge (31:10): That’s, that’s a cool test. I’m glad to do that. Cause I hadn’t even thought about that. Like if, if you consolidate all of your accounts into one mailbox yeah, I hadn’t even thought about that fact

Matthew Vernhout (31:23): Yeah. Who and all, and all those domains together, I just put them all in one mail client and they all started so an interesting test and, you know, I subscribed to everything because I have so many clients that I needed the test for and I subscribed everywhere. Yeah, I got a really interesting user experience that way. So I guess, I mean, the hot tip of the day when it comes to BIMI, if you want to test it, just plug it into a Yahoo and see what’s going on.

Brian Westnedge (31:52): That is a hashtag email geek tip. If I ever heard of one, that’s pretty awesome. I will do that immediately, after our interview. I think ultimately marketers care about their brand experience and BIMI can be a part of that, right? It’s, it’s another way for them to control the brand experience rather than having it be defined for them with with the default avatar, with an initial, you know, with an exclamation point, you know, email, it’s just one additional lever that they can use to improve the brand experience. If you will.

Matthew Vernhout (32:30): I love that it puts the control back in the brand’s hands in the hair, you’ve experienced with some brands in the past, the logo showing or information like that with sort of the preexisting pre-BIMI logo systems. You know, it’s a Gravatar account that someone set up 10 years ago and nobody has the password to anymore. Can’t change the logo. It’s you know, someone did some research and associated the logo to the domain, even though by mistake, it was wrong. So we’ve seen all of those samples and putting the control back in the marketer’s hands with BIMI, I think is a pretty interesting take on innovation and mailbox providers sort of giving that control back to the brand. But I think also the extendable function of BIMI in the future, moving into, you know, web search, moving into, you know, put your logo in this, in the search results.

Matthew Vernhout (33:36): That would be an amazing thing for a lot of brands that Wikipedia could use it. Social networks could use it. The implementation beyond email is virtually endless. So I think there are cool things there that you could have one brand logo manip, you know, managed in one place across all of these platforms in the future. I think it’s, it’s, it’s such an interesting way to think about it, focus on one piece and then expand from there and let others build on it. I think that’s just, just an amazing sort of thought process.

Brian Westnedge (34:11): Yeah. I love that vision of the future

Matthew Vernhout (34:13): Because I think like even, you know, even in our platform, if a client was posting Jimmy, we could pull their logos right into the client, you know, in your platform and pull the logos right into the client and have it branded for the client. And as a, as a way to say, look, it works right there, there are all kinds of different things there that could be utilized in the future.

Brian Westnedge (34:32): That’s a great point. Cause I mean, BIMI is a text record in DNS, right? So there’s no reason that multiple systems can’t easily pull that logo. Like we’re pulling logos out of people’s BIMI records and publishing it on, a non-commercial website called BIMIradar.com where we’re just tracking kind of been the adoption and, and kind of BIMI readiness. But we’re just looking up at me, records, pulling the logo from there, displaying them on a webpage. But as you said, there’s, there are so many uses for, for that information. And, you know, if somebody has published that BIMI record with the logo, you know, that it’s more likely to be, you know, you can’t get a VMC for instance, if you don’t own that trademark logo. Right. So you can be sure if you see a BIMI record that has both a logo and an SVG file and a ballot VMC, sir, you know, that’s the real logo of that brand and domain. So there are so many different uses of that. As you said, that I hope there’s a bunch of different systems that do, you know, BIMI lookups and pull logos, into other things. I think the possibility is in the future, like you just, you, we’re kind of scratching the surface. I think there’s, there’s a lot of different ways that logos can be used outside of even email. That will be interesting to folks.

Matthew Vernhout (35:55): Absolutely. So Brian, looking back over the last 15 years, at least that we’ve known each other and call it 20 years that we both been in the industry here. You know, you’ve seen a lot of things when it comes to email deliverability, email challenges, email security, you know, if there was one tip that you would give to marketers to help sort of with their brand, with their email programs to sort of either differentiate or secure or, you know, really sort of boost some of that good engagement that, that we all look for as marketers. What would you put out there? And I know one’s hard. So if you, if you got two or three I’m down for that as well.

Brian Westnedge (36:44): Well, the first thing I’ll say is, you know, at the very highest level send an email that people want to receive. Right. And we all know in, in all of our friends, in the deliverability space, know, it’s like, you know, the basics haven’t changed over the last 15, 20 years. Maybe some of the tactics have, but generally send an email that people want, how you do that is you follow best practices and it gets kind of boring because you and I have been preaching the same thing for ages, right. But it’s like, you know remove your complainer’s or maybe better yet. Don’t send an email that people complain about, you know, keep your list, clean, authenticate your email, you know, those, those kinds of guidelines to marketers. Those haven’t changed, you know, and in the time that you and I have been in this space and you know, people have to fall, there’s a reason they’re best practices.

Brian Westnedge (37:45): You know, they’ve been proven over time yet they work. So you know, don’t take shortcuts, you know, follow the advice of your, of your deliverability professional. That’s working with you, you know, that person has honed their expertise over time and, and countless real-life experiences. Right. So we know what happens when people try to short circuit the system and they try to re-engage that list that hasn’t been touched in five years and they think, you know, I’m generating X amount of revenue today. So if I make my volume 2X, I’m going to get, you know, 2X the revenue tomorrow, you know, it just, it doesn’t work that way. So for me, it sends emails that people want to receive and follow the best practices. You know, authentication is part of that, but there are so many other things to go along with it, and also listen to your resident deliverability, professionalism, whatever service platform you use them.

Matthew Vernhout (38:49): That’s, that’s great advice. And I always liked the idea of, you know, engage your provider, engage your deliverability consultants before you make changes. You know, I’ve had that discussion before where, you know, working with probably 20,000 brands over the years, if not more as a service provider, you know, I’ve seen brands that try things and fail repeatedly, and I have typically better options or better ideas, or I know that buying that list, isn’t going to work. Long-Term, it’s going to be great for the first time you send it because you’re going to see a huge lift and those few people that open, and then you’re going to see a massive onslaught of complaints that drives your reputation into the ground for a month trying to fix the problem. Right. So it certainly engages your, your consultants, and your ESP partners in advance to making big, drastic changes like that, especially when things do get into that dark gray or black area. So I just want to wrap up today and ask you to tell people, listening to the best way to reach you. Should they have questions about any of the conversations that we had today from, you know, email security to BIMI to email best practices?

Brian Westnedge (40:05): Awesome. Yes. So definitely find me on LinkedIn. I think I’m just BWestnedge pretty much on all the socials. So Twitter I’m BWestnedge. Yeah, LinkedIn Twitter. Great place to find me. And yeah, if you guys have any questions about DMARC, about BIMI, about email authentication, security, always happy to talk to anybody about that. So, it’s a small world and love to, you know, I think you are a better example of this to me, but when you give it, you know, when you give in to this ecosystem, it gives you so much back out. And I think we’re all trying to make the mobile world a little better, you know, in our respective areas whether it’s deliverability, whether it’s medication, whether it’s marketing, you know, I think there’s, there’s a great core group of people in this space.

Brian Westnedge (41:05): And typically your deliverability consultant is going to be part of that group. That’s making the world a little better. You know, you guys, you and I have heard for years that email, you know, there’s always the article about email’s going to be dead. You know, none of us believe that email is still the workhorse of today’s, you know, workplace. It’s not going to go away anytime soon. And yeah some people can help you make the experience better for your, for your subscribers, no matter what kind of market you’re in.

Matthew Vernhout (41:35): Awesome. Thanks again very much for joining us. So if you have any other email questions, whether it’s API driven, email, or campaign-style emails with journeys and other marketing automation type platforms you’re looking for, please do head on over to Netcore cloud.com to check out and learn more about our AI-powered email delivery and campaign platforms. Don’t forget to subscribe to this podcast. We try to come out once a month. You can find us on all the major podcast networks. So Spotify, iTunes, Google play, and Stitcher as well. Visit us at Netcore cloud. For more information on any of our guests, we will publish full details of our conversation as well as the episode. And Brian, thanks again for joining us today. Everyone out there please stay safe, stay healthy and keep on sending emails to our listeners we will be back again on our next podcast. Take care and thanks for joining us.


Intro/outro (42:30): You’ve been listening to for the love of emails, podcast powered by Netcore, hit subscribe in your favorite podcast player to make sure you never miss an episode to learn more about effective email communications and engagement through AI-powered email solutions, visit Netcorecloud.com the only global email engagement leader, delivering marketing ROI and value to 20 plus global unicorns and 5,000 plus brands for over two decades.

Unlock unmatched customer experiences,
get started now
Let us show you what's possible with Netcore.