A Story of Modern Electronic Communications
The film, "You've Got Mail" was evocative of a time when e-mail was creating a revolution in the way we communicate. E-mail, or electronic mail, is now a well-established, ubiquitous method that we use to communicate in our personal and business lives. It has resulted in the near total demise of fax and letter-sending, which are falling off to the extent that the U.S. Postal Office has seen a decrease in mail volume of around 27% since its peak.
As a social animal, humans need to "talk" to each other to live our lives, do our business and make inter-personal connections. Human history has shown us that human beings will innovate around methods of communication to allow discourse across distance. In ancient times methods like smoke signals and lighted beacons were used. Later we used pigeons to send letters and later still, the development of electronic means of communication gave us the telegraph and the telephone. All of the methods we have used in the past, essentially did the same thing that e-mail does today, communicate information to another human being across distance.
The advent of the Internet gave us the next level in communication innovation. The Internet became a new conduit for us to communicate across, resulting in the development of electronic mail or e-mail. The Radicati Group, who produce a regular report on global e-mail usage, stated that in 2015 e-mail continued to grow at a steady pace, with 2.6 billion e-mail users worldwide sending and receiving over 205 billion e-mails per day. Their report predicts that by 2019, one third of the world's population will be using e-mail regularly.
The success of e-mail is down to its relative ease of use. E-mail has become almost an instinctive tool. That simple, click to create and click to send action has resulted in massive uptake of e-mail communications and the instant reaction that it can elicit has made it an irresistible way of communicating.
The original "e-mail" was really nothing like the e-mail we use today. The very first message that could be called an electronic mail was a simple file, copied from one computer to another and identified with, for example, a person's name. This nascent e-mail system was originally used at the Massachusetts Institute of Technology (MIT) in the early to mid 60s. The system was developed on the Compatible Time Sharing System (CTSS) at MIT, which was used to allow multiple user access to computers in the university and across associated colleges. One of the outcomes of this multi-sharing environment was that "messages" in the form of files, could be placed in common directories so that other users could read them. It was a simple way to send a message to someone you were working with; they'd log in and see a file with their name on and read it.
Around 1965 as a natural extension of this system was the development of the programming command "CTSS mail". This would make the process of sending mail to CTSS users programmatic. Tom Van Vleck and Tim Morris took the idea outlined in a programming staff note, that suggested a new command that would allow a private message to be sent from one user to another – the original note can be found here. The original development was less about sending an electronic letter and more about informing a user that a request for a file retrieval was made.
ARPAnet or the Advanced Research Projects Agency Network was the first ever network to implement the protocol TCP/IP. The initial pans for this connected network of computers was published in 1967 by MIT researcher, Lawrence Roberts. It became the underpinning protocol of the Internet, and continues to be so to this day. The protocols set out the rules for communicating across end-to-end connections. How the data is packetized, addressed, how the data is transmitted between end points and how it is received. ARPAnet, using the protocols TCP/IP, became the first wide area network that allowed packet switching. It gave rise to the Internet we know today. The researchers using ARPAnet used a simple program known as SNDMSG to leave messages for each other. However this program could only leave a message on the same computer.
In late 1969, the Stanford Research Institute was connected up to the ARPAnet and the first message was sent between two computers. However, this still wasn't like the "e-mail" we know today.
The first electronic message that we can call "true e-mail", was sent in 1971 by computer engineer Ray Tomlinson. Ray wrote a file transfer program called CYPNET, which was an extension of the earlier SNDMSG program. The difference was that CYPNET used the TCP/IP protocols of the ARPAnet network to send messages between any computer on the network.
As part of this development, Ray defined the use of the @ symbol which designated the computer the user was at. The protocol being:
It is worth pointing out, that the electronic messages sent using ARPAnet and the earlier CTSS system were simply to convey information between other technical authorities. The productization and mass use of e-mail like we know today was still some way off.
As we entered the 1970s, e-mail became more commonly used, but still in the context of specialist users. With greater usage came problems with message management. This problem was solved by the man who led the team that developed ARPAnet, Dr. Lawrence Roberts. In 1971, Larry Roberts created the first e-mail program that allowed users to control e-mails. The program known as "RD" allowed users to read, save, forward, delete and importantly, organize messages received.
By 1973 e-mail took up around 75% of ARPAnet network activity. This was very interesting to anyone interested in the next "killer app" and was not lost on the commercial world. Two of the earliest commercial services specifically offering e-mail were CompuServe and MCI Communications Corp's, "MCI Mail". MCI Mail's first version in 1983 only allowed you to message other MCI Mail users, but this was extended to include sending e-mails to other systems as e-mail usage expanded. CompuServe's Information Service or CIS e-mail offering was introduced in 1989 and became the largest consumer information service in the world.
Off the back of the commercial e-mail services like MCI Mail and CompuServe, a number of client based e-mail programs were developed; including Lotus Express, Norton's MCI Mail utility and the short lived Microsoft Bob.
Today, e-mail is ubiquitous. We may think that instant messaging using social platforms and applications like Skype are popular, but nothing offers the same level of management and archiving as e-mail.
As mentioned earlier, the Radicati Group has shown that e-mail usage is increasing. The current 2015 numbers stand at 205 billion e-mails sent or received each day across the world. They expect a 5%, year on year increase on these figures so that by 2019 there will be around 246 billion e-mails sent and received every day across the globe. Of the current 2015 figures, almost 55% of those are business e-mails, the rest are personal.
And mobile is changing the way we use e-mail. According to Litmus State of E-mail Report, 33% of e-mail opens occur on an iPhone with 15% opens occurring on an Android. The world of mobile e-mail is here.
The way that people use e-mail is changing too. We often have multiple accounts, 39% having at least two accounts – each account used for different tasks. Users tend to have a primary e-mail address and research has shown that 40% of us check this e-mail account up to 3 times a day.
Many of us have e-mail accounts that are over ten years old. This fact alone shows how attached we get to our e-mail accounts and how personal they are to us, even being part of our digital identity.
Every time a new technology comes along a protocol for tat technology needs to be created. Protocols allow programs to talk to each other by setting out rules of exchange; they also build interoperability into a system. E-mail is based on a client / server type architecture. To achieve e-mail communications across different operating systems and e-mail clients a number of protocols governing the system have been developed.
The sending and receiving of e-mail can be split into two types of protocols:
SMTP was first developed as a standard for mail transmission in 1982 by the Internet Engineering Task Force (IETF). In 2001 the IETF obsoleted the original SMTP specification document with an updated specification. The updated version allows for extensions to the original and brings it up to date with changes in Internet use.
SMTP is generally used as an unsecured layer through port 25. However, you can use security with SMTP. If you use Transport Layer Security (TLS) you need to send the messages via port 587 and if using Secure Sockets Layer (SSL) port 465.
POP is a protocol, again developed by IETF, which allows a given computer node (e.g. workstation) to dynamically connect to a mail server and receive e-mail. The current version in use is POP 3 (10). POP allows a user to not have to be permanently connected to the Internet. POP lets a user download e-mail to a client on a device and delete the original message from the server. This can cause issues with downloading on multiple devices and e-mail synchronization. POP is also compatible with the protocol, Multipurpose Internet Mail Extensions (MIME), which handles e-mail attachments. POP uses TCP/IP protocol for network connection and then SMTP protocol for sending and receiving e-mails.
In brief: POP pulls messages down from a server and SMTP pushes them up to a server.
POP 3 is usually used through port 110 and is unsecured. However if you want to use TLS or SSL you need to use port 995.
IMAP can be thought of as the Internet version of POP and is suited to the more modern "always on" relationship with the Internet. It was proposed in 1986 as an alternative to POP. IETF developed the IMAP protocol, the latest version being 4rev1. IMAP can be used to view messages online without having to download them to a device first. In this way it is much more of a "Cloud" based version of e-mail access, making multiple device access easier. One of the downsides to IMAP e-mail access is storage size – if the mail server has storage limits, you may loose e-mails, and so they should be backed up.
IMAP is usually used through port 143 and is unsecured. TLS also uses port 143 but with SSL you need to use port 993.
We can break the basic process of generating / sending / receiving an e-mail into the following steps:
E-mail can be sent using a device client or webmail interface. SMTP is the protocol used to transmit e-mail messages. You need to have an Internet connection to actually send the e-mail, but you can compose one without Internet access if you use an e-mail client on a device.
To send e-mails follow these steps:
To receive an e-mail you need to have an e-mail client or webmail. You need to be logged into this application. E-mail messages that have been sent to you are held on the POP 3 or IMAP server and these are the protocols used to receive e-mail messages.
With device based e-mail clients, you can configure your client to automatically receive e-mails if you have Internet connection. Alternatively you can set pick up schedules or choose to only receive e-mails on clicking Send / Receive.
If there are messages waiting for you on the server they will be downloaded to your device client or displayed in your webmail in the browser.
DNS or Domain Name System is a way of assigning names to any device connected to the Internet. It has been around since the 1980s and is used to assign domain names and map these to Internet resources, e.g. it translates the domain name, www.webhostinggeeks.com, to an IP address 184.108.40.206. You can see our DNS guide here. The DNS address can be dynamic and very quickly changed without actually impacting the end users who use the domain address. This means that e-mails can be sent without actually knowing how the computer locates the services.
MX Records or Mail eXchanger are a type of DNS record. When you send an e-mail the SMTP server will look up the name servers for the domain extension of the e-mail address. It will then do a query against the domain name servers for that MX record. Finally it will look up the names of the MX records in the DNS server and locate the associated IP address.
Domains can have multiple associated MX records, each with a set priority. This can help with load balancing, or make a backup MX if the primary one is unavailable.
Mail servers are usually run by the ISP who issued your domain when it was purchased. However, you can potentially setup, run and maintain your own mail server, for example if you're an e-mail marketing company.
There are a number of mail server software packages available that will perform all of the functions needed to manage e-mail traffic and serve up e-mails. The vendors provide SMTP server software that can be configured to your own requirements and give you more control over the sending of e-mails. Some of this software is open source, such as hMailServer, which works on Windows servers or iRedMail, which works on many Unix based servers.
If you decide to run our own e-mail server you would also need to use a spam filter and anti-virus software, if this doesn't already come packaged with your SMTP server software.
In the server-client architecture of an e-mail system, the mail servers communicate with e-mail clients, that are either installed as an application on a device, i.e. a desktop, or that are web applications accessible in a browser.
Users need to authenticate themselves, i.e. provide login details to use both a desktop based and webmail client. Usually this is a username and password. When a user wants to check if messages are available on the mail server for download, they chose a function such as "Send / Receive" to make that query and initiate the download. The process of request and download is performed using either the protocol POP3 or IMAP as described earlier. Desktop e-mail clients can use either POP3 or IMAP. If you configure your desktop client to use IMAP it will leave a copy on the server so you can download the same messages on another device. You can do this with POP 3 but it is not an inherent property of the protocol and you have to configure the settings to leave a copy of the message on the server.
E-mail client and webmail applications have seen dramatic changes in popularity since the increase use of mobile devices. The following graph, created using data from analytics of e-mail opens in November 2015, tracked by vendor Litmus shows that mobile-based e-mail systems are the most popular.
Microsoft Outlook is part of the Microsoft Office suite of products. Outlook for Windows 97 was released in 1997 and we are currently on Outlook 365, which is a Cloud based version. Outlook can be used on Windows machines or installed on the Mac OS as a Mac version. It is a popular e-mail client and offers more than just e-mail management, including a calendar, task manager, notes and contact management.
Unlike Microsoft Outlook, this is a free, open source, cross platform, e-mail client. Released in 2004 it was originally under the umbrella of the Mozilla Foundation of Firefox fame. However, in 2015 it was announced that there would be a split off from Mozilla forming a separate Thunderbird organization.
Thunderbird has some neat features such as creating on-the-fly addresses and handling virtual identities. Unlike Microsoft Outlook it doesn't come packaged with a calendar, but one is available separately.
Sending and receiving e-mails using a mobile device is increasing as mobile device usage increases. According to analysts Pew Research at least 88% of smart phone users access e-mail from their phone, with younger users (18-29 year olds) being most likely to access e-mail in this way.
Apple Mail comes as a pre-packaged app on the iPhone. It supports the use of multiple accounts on the one device, which can be POP 3 or IMAP based. It also offers support for Cloud based e-mail such as iCloud, Exchange, Outlook.com and Yahoo!
It is very easy to add new accounts and once added you can send and receive e-mails as long as you have Internet connectivity.
Until version 5.0 of Gmail for Android you couldn't add non-Gmail accounts. However, this version allows support for other e-mail systems such as Yahoo and Outlook.com. As with the Apple Mail app, it supports multiple accounts on the same device and both POP 3 and IMAP.
Online services, or Cloud-based e-mail is becoming very popular because it can be accessed from any device, from anywhere, as long as you have Internet connection. It is worth noting however, that all of the main online e-mail services also offer an app version, in keeping with the increase in e-mail access from smartphones.
Using a Google Trends analysis for the last 10 years, you can see the popularity of the four main online e-mail services (I've included Hotmail and Outlook, which are now the same service). Notice that Hotmail and Gmail are starting to have equal status in the market, whilst Yahoo Mail and AOL loose traction.
Let's take a look at the four most popular online e-mail services:
AOL is a free webmail services offered by AOL. It is accessed, online via a browser using a username and password. There is no limit on the storage you are given on sign up, but the attachment size limit is 25MB. AOL Mail support POP3 and IMAP.
In 2014 AOL had a serious security breach of its network servers, which resulted in millions of AOL users needing to change their login password.
Verizon bought out AOL in June 2015. AOL states in their quarterly report just prior to the acquisition, that they had around 200 million paid for subscribers.
Yahoo Mail has been around since 1997 and was one of the first web based e-mail services. There are around 282 million unique accounts according to Comscore and Yahoo themselves boast of 1 billion unique customers using Yahoo.
Yahoo is working to improve username and password authentication by offering other, more secure, forms of authentication such as SMS text code and Yahoo "account keys" a mobile based authentication app. They are also offering federation with other webmail accounts like Gmail and Outlook to create and sign in to your Yahoo account.
Hotmail entered the world stage in 1996 as another first contender for our online e-mail services. It was bought out as a product by Microsoft in 1997 and went through a few rebranding exercises, including Windows Live Hotmail.
Outlook.com replaced Hotmail in 2013, but the @hotmail.com e-mail suffix is still used by earlier users of Hotmail. Hotmail or Outlook.com, is one of the biggest online e-mail services in the world as exemplified in the Google Trends graph above. It is, however, under serious threat for this position by Google Mail or Gmail.
Gmail or Google Mail announced they had around 425 million users in 2012. However, having a Google Account gives you a lot more than just e-mail, for example access to the online document editor, Google Docs. Since the acquisition of You Tube by Google in 2013, this allows those with a Google account to have access to more features in You Tube. This "one account to rule them all" strategy from Google means that a Gmail account is a very useful thing, not just for e-mail.
A cute feature of Google Mail is that if you add a +01, +02…+n to your Google e-mail address, e.g. email@example.com you can have an infinite number of e-mail addresses from a single account.
A number of packages are available in the open source community that allow you to have your own online e-mail access using a business / personal domain account, i.e. like your own Google-mail but using your @mydomain. Because of this, many of these online e-mail applications come with hosted website packages offered by the likes of Inmotion, Bluehost, GoDaddy and similar.
Some of the most common examples are:
Horde is a free enterprise ready webmail suite. It offers e-mail management, calendars, contact management, tasks and notes. It supports the standard e-mail protocols like POP3, IMAP and SMTP. It also supports encryption and signing of e-mail messages.
SquirrelMail is a PHP based online e-mail application. It supports the common e-mail standards such as IMAP and SMTP and MIME. Because it is part of an open source project, there have been a number of extension plug-ins created to add functionality to the basic program, including, calendars, address books and security plug-ins.
Roundcube is another browser based webmail application that is free to use. It is a multilingual program with a number of features such as pre-defined response templates and support for international domain names. It is also exposed as an API for use with other web applications. It supports standard e-mail protocols like SMTP, IMAP and MIME.
E-mail is pretty straight forward to use, whether you use a desktop client or an online e-mail service. However, as with any software applications, there are shortcuts, tips and hints that can help make life a little easier when using it.
Below are just a few suggestions to help you optimize your e-mail usage.
Your business e-mail address is usually chosen for you, based on a specific business policy. However, personal e-mail addresses mean you can choose the username yourself (assuming it isn't already taken of course).
Choosing a personal e-mail address is a lot like personal branding. Your e-mail address says a lot about you. If you choose an e-mail address now, using your actual name such as firstname.lastname@example.org with one of the big online mail services like Google, chances are you won't be able to get it as it'll already be taken. You can try to play with your name, perhaps having surname.firstname@ and you can always put a number as an append to you name, e.g. firstname.surname11@ but this isn't ideal.
If you're a woman in a culture where you change your surname on marriage, you may also want to consider this when creating an e-mail address. It may well be useful to keep an e-mail address with your unmarried name, but it can get complicated if using it to communicate with official services, such as banks, if you change your surname officially.
It may be that you want to portray a particular image, so the username part of your e-mail address will convey that. For example, you may be a fashionista that makes a lot of blog comments on fashion blogs and you want to be noticed. In this case a user name like email@example.com would be fitting.
It is often the case that we need more than one account to use for different purposes. So when creating an e-mail account, consider what you'll be using it for and choose an appropriate username based on that.
An important part of individual as well as business branding is to have your own domain address. This means that you have a highly personalized e-mail address. If you follow these steps you can have your own e-mail address with your personalized domain:
Composing an e-mail can be an art form. It is your voice and as such represents you. If this is a business e-mail, this is doubly true and you may well be held to account at some future date. So it is wise to know the rules and etiquette of e-mail speak.
These rules are mainly for business e-mails, but you can adapt them and use them in your personal e-mail exchanges too just by applying common sense.
Don't get personal. There are a lot of stories out there on the Internet about someone sending an e-mail to a work colleague that ends up 'going viral' because it contained salacious details that they couldn't keep to themselves. Keep business e-mail for business and be professional at all times.
Don't use all caps. One that seems to be commonly recognized as a faux pas in e-mail speak, but one that still seems to slip through the net too. Using all caps in an e-mail reads as if you are shouting at the reader. Avoid at all cost, even if you do want to shout at them.
Take care with personally identifying information (PII).Try to avoid using e-mails to send PII. E-mails are not a secure form of communication. Even encrypted, once they are in the hands of the recipient you don't know what will happen to that information.
Keep sensitive data out of prying eyes. As with PII disclosure, e-mails are not the best place to send highly sensitive information, for example about a merger, or the sacking of an employee and so on.
Be polite and respond. One of the bug bears of e-mails is that they are supposed to be instant communication but many people forget to reply to e-mails and they end up falling into an e-mail black hole. This is especially true if you have a lot of e-mails to deal with everyday. The best thing to do is to try and deal with them as they come in and get them out of the way.
Make your e-mails readable. It is well known that reading content on screen is less than ideal. If you are writing a long e-mail, with many action items or points to be made, split the paragraphs up logically and use bullets where possible. Make the e-mail readable and you're more likely to have the recipient respond to requests and actions.
Make your subject line pertinent. Use the subject line to indicate the essence of the e-mail.
Be careful whom you send it to. Use cc carefully. It may well be that the reply will be a reply all and you may not want certain others to see the return e-mail. Use bcc sparingly too, only when you absolutely must.
Privacy of other e-mail addresses. If you are sending out an e-mail to a lot of people and you want to maintain the list privacy, use your own name in the 'To' field and place all other e-mail addresses in the 'Bcc' field so their addresses are hidden from the other recipients.
Watch out when you reply all. Similarly if you reply to an e-mail be very careful about clicking 'reply all'. You may not want a cc'ed recipient to see your reply (see 'Accidental E-mails and Insider Threats below).
Spam is defined as "unsolicited e-mail", which can be something innocuous like an advert for a local retailer outfit, or it can be malicious spam, which contains malware. Either way, the user hasn't requested the e-mail and most of the time doesn't want it either. The problem is that e-mail is a cheap way to market. There are no printing or postage costs and buying in e-mail contact lists can be cheap or fairly easily researched. So it is an attractive method of putting a sales message out to a very wide audience. However, spam e-mail is impacting the effectiveness of more targeted commercial e-mail marketing in a negative way for the simple reason that it is creating "e-mail fatigue", making it less likely a person will open an e-mail from an external organization.
The first use of the word "spam" in the context of e-mails was in 1993 in a post in the USENET forum by Richard Depew. The term, spam, was taken from the Monty Python sketch where they sing the "Spam Song". The song is just a repeat of the word spam, Richard Depew making the comparison of continually repeating e-mails to the word spam in the song.
Spam is the bane of every e-mail user's life. Radicati in "E-mail Statistics Report: 2015-2019" shows that in 2015 the average user received 12 spam messages into their inbox, per day. They also predict that by 2019 the number will increase to 19 spam messages, per user, per day.
The amount of spam is still high, even with a movement towards the use of social media for advertising. Analysts, Gartner have said that as much as 69% of all e-mail is illegitimate, spam.
Political e-mails, even those representing terrorists, are a fairly new entrant to the world of spam, which we can expect to see more of.
The types of people sending spam e-mails are highly varied, from small business owners who perhaps haven't thought too much about an e-mail marketing campaign and the idea of "opt-in". To organized groups, sending out spam mails on behalf of companies - the latter is called a "spam affiliate program". Programs like this allow third parties to run the back end office type work of an organization. The spammer will earn a % of any sale that is made from a spam e-mail they have sent out. These types of schemes are often associated with health products, e.g. the "Viagra" emails we've all received.
And then there are the malicious spammers. E-mails containing malware, including the sinister ransomware, are very wide spread. These types of e-mails can contain malicious attachments, or have links to spoof websites.
The Australian Communications and Media Authority (ACMA) a government agency in charge of media and communications in Australia, governs the Spam Act 2003. This act controls the sending of commercial e-mail messages when they contain an Australian based link in the e-mail.
Canada's Anti Spam Legislation, is a law that applies to all electronic messages, including e-mails and texts. Any message sent to a Canadian citizen, from a Canadian organization has to have "opt-in" applied. However, "implied consent" can be used to get around the law, implied meaning that they (the recipient) have, in a highly conspicuous manner, disclosed their personal details online or otherwise.
This is a "Privacy in Electronic Communications" directive from the European Union that covers many areas of online life, including spam. Article 13 of the directive pertains to unsolicited e-mails. The directive states that e-mails can only be sent out to recipients who have "opted-in" to receive those e-mails. Any company collecting marketing data, including e-mails address, has to give the user the option to choose to reject the use of their data for marketing purposes.
CAN-SPAM or, "Controlling the Assault of Non-Solicited Pornography and Marketing Act of 2003" defines how a commercial e-mail should be formed and presented to a recipient. This includes having the option to "opt-out" from future e-mails. It also specifies that deceptive use of subject matter headlines be prohibited. It also has provision for companies who use third parties to send out mass mails, stating that if the third party company doesn't comply with the law, then both the company sending the e-mail and the originator can be prosecuted.
E-mail is being used as a highly effective vector for cyber attacks. Since the advent of the Internet and mass e-mail, cybercriminals have used this method to propagate malware, such as viruses and Trojans. More recently e-mail has been used as a means of extorting information from a user via social engineering techniques.
A virus in the context of an e-mail is a piece of malware that is carried via that e-mail; either as an attachment or through a link to an infected website, in the e-mail content itself. The virus usually infects a computer by locating a vulnerability in some software running on the PC. This can be either the operating system itself, or a software application like a browser. A vulnerability is a software flaw that malware can use to embed itself and run the malicious code.
E-mail continues to be a popular method of infecting computers and it is being used in more and more sophisticated ways. In the Symantec Internet Security Threat Report 2015, they state that, "E-mail remains a significant attack vector for cybercriminals".
In an e-mail, the malware can be contained as:
Once infected, the malware can migrate across a network, where it can exfiltrate data, steal login credentials, and extort money. The latter is known as "ransomware" and is becoming a very popular form of malware.
Ransomware, is often delivered in an e-mail. It infects a computer and proliferates across the network where it encrypts all data files. Once encrypted, it then delivers an onscreen message asking for payment, usually in bitcoins, for decryption of the data. Payment amounts vary, from around $500-$1000 worth of bitcoins, although recently an L.A. hospital paid $17,000 worth of bitcoins to the hacker for decryption of their data.
Phishing e-mails are e-mails that pretend to be from a legitimate online commercial site. Usually they are an attempt to steal online login credentials. So, for example, PayPal is a popular brand that hackers use to create their phishing emails. The hacker will create a spoof PayPal e-mail, which looks a lot like a real e-mail from PayPal. The e-mail will use a method to get the recipient to click on a link and log in to their PayPal account. The link actually takes them to a spoof PayPal site and when they login, their PayPal credentials are stolen and used to login to the real PayPal account.
There are two types of phishing e-mail:
Both use social engineering to make this a successful method of attack. Social engineering allows the hacker to create a more realistic e-mail. Spear phishing takes this to the next level, by allowing the hacker to focus in on an individual and create highly personalized phishing e-mails. Spear phishing is a very successful form of attack and some of the worlds largest breaches have originated with a spear phishing e-mail. For example the Target Corp. cyber attack of 2013, where over 70 million customer accounts were breached, started with a spear phishing e-mail.
Identity theft is a result of phished personal details, especially login details for bank accounts and similar. Spear phishing e-mails can be highly complex attempts to gain a person identity profile. Spear phishing e-mails can often be used in combination with other malicious activity, such as creating false Facebook profiles in the user's name. The e-mails use human behavior to encourage the recipient of the e-mail to engage with the hacker, often handing over personally identifying information that is then used to commit fraud and identity theft. The FBI estimates that around $1.2 billion was stolen through phishing e-mails associated with small business wire transfer fraud (so called Business e-mail Scams) between 2013 and 2015.
E-mail born security breaches are not always malicious. Accidental data leakage from an e-mail is also a problem. A report by IBM states that 95% of all data loss is due to human error.
A very high profile example of human error in the context of accidental e-mail data disclosure, was during the G20 meeting in Brisbane, Australia in 2014. Here the Australian Immigration Department accidentally sent in an e-mail, personal details, including passport numbers of the G20 leaders to the Asian Cup football representatives.
As mentioned previously, data leakage via e-mails can be a problem in its own right. In fact, the Verizon, 2014 Data Breach Investigations Report found that 44% of data disclosure was down to misdelivery of e-mails. Software that prevents this will allow a user to double check who is on a "Cc" list and that the e-mail is going to the right person, before they actually send it.
Although cyber attacks are becoming more prevalent, more organized and showing grater levels of sophistication, there are still a number of ways of mitigating those risks.
Spam filters can be used to process spam before it hits your inbox. There are a number of commercial filters for business users and a few free filters too. Spam filters work by pre-configured rules, which are "tweaked" to optimize them. They usually work across a number of different layers from filtering out content and headers based on a rule-set. You can also get filters that are based on black lists but these require a lot of maintenance to keep up with the changing spam landscape.
More complex filters are based on permission filtering, or challenge and response systems. The former requiring a relationship between the sender and recipient to be set-up before free e-mail exchanges can take place. The latter, requires that a special code be entered to gain permission to send an e-mail to a specific recipient.
Overly zealous spam filtering can be as much of a nuisance as spam mail, because it stops legitimate e-mails getting through and can make the process of e-mail sending / receiving less seamless.
Encryption can be used for both e-mail messages and the attachments. Many of the most well known e-mail clients, like Microsoft Outlook and Apple Mail offer encryption of e-mails using certificates. E-mails sent using certificate encryption are also digitally signed. The most common standards used for e-mail encryption of this type are, PGP, S/MIME and GnuPG. The e-mail is encrypted using public-private key cryptography.
End to end e-mail encryption is not widely used because it requires setting up certificates, which can be a lengthy process. However, companies like Google do encrypt e-mails while in transit.
Some general security practices should be built into your everyday security strategy. These include:
1. Employee training and awareness. Make sure staff understand what a phishing / spear phishing e-mail looks like and how to spot signs of malicious e-mails.
2. Keeping software up to date. Make sure that all critical software, including browsers and OS software is patched. If you use anti-virus software, keep it up to date.
3. Use second factor authentication wherever possible. This helps prevent successful phishing of login credentials – they may get your username and password, but a hacker can't easily hack an out-of-band second factor like an SMS code.
4. Avoid sending sensitive information via e-mail. Just don't.
5. Double check who is on a "CC" list. Check e-mails before sending to make sure you haven't replied all when you didn't intend to.
E-mail marketing is almost as old as e-mail itself. This makes sense, as any form of communication is a potential method of communicating a sales message. The first marketing e-mail also came out of ARPAnet, in 1978 from DEC Machines (a computer manufacturer who merged with Hewlett Packard in 2002). At the time, the ARPAnet mail program could only accept a maximum of 320 addresses. DEC marketer, Gary Thuerk was the originator of the message; he thought it would be pretty cool to use the ARPAnet system, which was supported by DEC machines to send out a sales e-mail. It wasn't. It was viewed as an annoyance and is known now as the first ever spam e-mail.
E-mail marketing didn't really take off until the Internet arrived in 1991 although there were "rumblings" of marketing e-mails and "spam" in the late 80s. When it did, it opened up a massive opportunity for marketers to get their message out, quickly and cheaply to a mass audience. This opportunity wasn't lost on organizations across the globe. Soon everyone's inboxes became cluttered with dozens of e-mails from companies touting their wares and the idea of "spam" was born.
Early e-mail marketers were experimenting, they came up with some good and some not so good ideas about how to use e-mails as a marketing tool. An example of the not so good is the use of "chain e-mails". These e-mails were reminiscent of the chain letters that would be sent out, using emotional black mail to get the reader to do something, like sending money to the sender and passing the letter onto others. The chain e-mails would have something similar, such as 50% off this week if you send this e-mail onto 5 friends.
This type of poorly thought out marketing e-mail caused annoyance with the general public and became ineffective as more and more e-mail clutter, built up in people's inboxes.
Since then e-mail marketing has become much more brand orientated and less intrusive. Data protection laws and anti-spam laws were brought into many countries to control marketing e-mails including the option to "opt-out" and the idea of "consent". This was a revolution in e-mail marketing and general Internet based marketing. The famous marketer, Seth Godwin, coined the term "permission based marketing" and started a new era in how marketers reached out to their audience.
There are a number of e-mail marketing services that can be used to create, manage and control an e-mail marketing campaign. These services usually allow you to:
Constant Contact. A veteran of the e-mail marketing services industry. Offers a lot of e-mail design features, including the use of CSS.
Mail Chimp. Offers integration with many ecommerce store options, such as Magento and Shopify.
Benchmark. Has excellent analytics and reporting features.
iContact. One of the most simple methods of creating a campaign, up and running in minutes and has some great e-mail automation tools.
Active Campaign. Offers intelligent and flexible automation of campaigns.
Get Response. Excellent analytics and optimization of campaigns.
AWeber. Very customer focuses with excellent support, templates and automation options.
Mad Mimi. Offers integration between e-mail campaigns and social media networking.
E-mail marketing has shown to be highly effective. The Direct Marketing Association (DMA) has found that effective e-mail marketing can offer a ROI of 4300%. Getting marketing via e-mail correct is very important. If you damage your brand, by annoying, or giving out the wrong message, people have long memories and simply won't open your e-mails.
So, following a few fundamental tips when creating an e-mail marketing campaign is a good place to start. The following guidelines should help you to generate good leads and build a brand following: