The Nigerian prince, the (fake) future, and the King

The DMA Consumer Email Tracker 2023 report states that email remains the preferred and trusted channel and the top choice for one-on-one communication. According to consumers, email surpasses all other marketing channels in terms of its effectiveness in various customer journey stages. This includes pre-purchase activities like receiving discounts, offers, product information, and reviews. In addition, consumers prefer email for post-purchase interactions, such as receiving receipts, order confirmations, and delivery details.

Consumers also appreciate email for customer service messages and the delivery of additional benefits, like participating in competitions and events.

Indeed, that’s great for email’s future.

But lately, AI has been jeopardizing the trustworthiness of every medium and channel. Including email.

AI is promising to bring a positive transformation to the email marketing industry. It will simplify the process of data segmentation and analysis, leading to more accurate target segments. It will enhance the personalization of email marketing campaigns and so much more.

However, there is “a dark side” of AI.

Email, SMS, and other direct channels can be used as vehicles for spam, malicious, and phishing attacks that deceive users and pose risks for subscribers. Well, this is all old news.

However AI poses risks of an increase in hyper-personalized spam campaigns on a large scale. AI may lead to the creation of fraudulent eCommerce websites and further contribute to the already overwhelming volume of spam and phishing emails.

It's not a Nigerian prince, it’s the president

AI will pose risks by combining phishing and spam messages with the capabilities of Generative AI to manipulate, clone, and fabricate images, text, voice, and video, which could be catastrophic and mislead people.

To demonstrate one risk, recently, the New Hampshire attorney general is investigating a robocall impersonating President Joe Biden, advising recipients not to vote in the presidential primary. The office believes the message is artificially generated and an attempt at voter suppression. [Editor’s update: The FCC banned AI-generated Robocalls on February 8, 2024]

Impersonating an SMS message sender name or number, or a phone number for an outgoing call, is pretty easy, and it's pretty easy to do so on other direct channels.

As distinguishing between fake content, whether or not AI-generated, becomes increasingly challenging, I see the potential for email to become the most trusted direct channel. Here's why:

The King of Trust

An omnichannel approach is the direction businesses are heading. This aligns with customer expectations, and as businesses, we must be present where our customers prefer, delivering the right message through the suitable channel at the correct time.

When distinguishing truth from falsehood is difficult, email's multiple layers of security and trust make it the king of trust and the most reliable channel.

There is a trust mechanism embedded within the email. Customers trust email in part because of the excellent work that their mailbox providers do to protect their inboxes. This is unique to the email channel. Unlike public phone systems (landlines) and SMS systems (mobile), they lack “mediators” to filter spam and malicious messages for their customers. Smartphone users can filter messages at the phone level. However, Version, T-Mobile, or any other service provider worldwide does not filter robocalls and spam SMS messages.

This is where email shines.

Emails have a trust mechanism built in. Like a bouncer in a club decides who will enter and who’s going to stay out, mailbox providers actively filter messages and take extreme measures to keep their users' inboxes clean and safe. They use algorithms and data, RBLs, text filtering, and many other data points to filter IPs, check the domain’s authentications, and check the sender's reputation. This allows them to filter emails based on the domain's reputation, the technical setup, and various other decisions.

Gmail uses AI email filters to stop spam, phishing, and malware from reaching users' mailboxes. These filters have an accuracy of 99.9% and prevent nearly 15 billion unwanted emails every day. Recently, Gmail introduced a new text model called RETVec, which improved spam detection by 38% and reduced false positives. However, even after almost two decades since its launch, Gmail still faces complex and urgent challenges.

February 2024 - Email authentication is becoming mandatory

Starting February 1st, 2024, Yahoo and Gmail started enforcing stricter guidelines for “bulk senders”.

Sending more than 5,000 emails a day to @gmail.com is considered bulk sending with Gmail. This applies even if that threshold accrued only once.

Bulk senders will have to authenticate their sending domain using SPF and DKIM, allow easy unsubscribe, have very low spam complaint thresholds, and deploy a DMARC policy.

Gmail and Yahoo's new initiative (with the funny nickname “Yahoogle”) shows the importance of trust, both in the eyes of mailbox providers and customers alike.

Climbing the trust journey

Email has evolved over the years, adding more layers of security and trust.

Email marketing platforms (ESP) and sending servers can be authenticated using SPF and DKIM protocols. At the top of the trust and authentication scale, consumers can see a BIMI logo, which is the brand's authenticated logo (like a modern wax seal). Some mailbox providers display a checkmark ☑️ to verify the logo and the domain ownership. On Gmail, a VMC certification is required as an additional layer of trust. More on that later.

DMARC - protecting domains and brands

Domain spoofing poses yet another threat to sending domains. When implemented correctly and after going through all the steps until enforcement (the DMARC journey), the DMARC protocol helps to protect a brand’s sending domain from impersonation. It is advisable to implement DMARC using a monitoring tool. I prefer EasyDMARC, but there are several other DMARC reporting tools to choose from.

BIMI logo - the modern wax seal

Email protocols (SPF, DKIM, DMARC) are not visible to the human eye. Mail servers “see” these protocols. Brands that have completed the evolution of DMARC to enforcement mode (p=reject) can take an additional step and display a BIMI logo. The BIMI logo (“Brand Indicators for Message Identification”) has a visual authentication that recipients can see in their inboxes, like a wax seal used in ancient letters to prove the sender’s authenticity.

When a recipient receives an email, they will see the brand’s logo in their inbox and can verify its legitimacy by identifying the brand’s logo. BIMI relies on the correct implementation of SPF, DKIM, and DMARC.

Gmail and other mailbox providers need to verify that the sender domain has another layer of trust - a VMC certificate to show a logo. To get this certificate, the brand must prove ownership of the brand’s logo (a registered trademark) and pay a yearly fee of $1,300-$1,500. The logo must be correctly implemented, and a DNS record should be created.

Gmail Blue checkmark ✅

Brands can display their logo in Gmail by uploading it to the Google Account associated with the sending account. This Google Account is created under the brand’s domain. This is different from the BIMI logo (fake it until you make it).

Gmail added a new feature to differentiate between unverified logos (created with a Google account) and verified BIMI logos. When domains enforce DMARC and have a BIMI logo with a VMC certificate, Gmail will display a blue checkmark. This checkmark confirms the ownership of the domain and its logo.

The blue checkmark in Gmail (and other mailbox providers, such as Yahoo) serves as a symbol of credibility that brands can strive to obtain. By earning this desired feature, brands can greatly enhance their trustworthiness and establish themselves as authentic in a world where differentiating between genuine and fake sources is increasingly challenging.

Photo by Sander Sammy on Unsplash