Upload
kevindonovan
View
201
Download
0
Embed Size (px)
Citation preview
Phish, Flop, or Fine?Sandy Silk
Catherine Conway
We’re here to help.
Let us count the ways...
1. Increase the security of institutional and individual information. (Phish)
2. Improve the effectiveness of your broadcast email communications. (Flop)
3. Preserve email channel as a means for important messaging. (Fine)
From there to here, from here to there, phishy things are everywhere
One Phish
@iari.res.in
Two Phish
https://urldefense.proofpoint.com/v2/url?u=http-3A__kotovdent.ru_images_sampledata_collage_...
kotovdent.ru
my.bristol.ac.uk
Hunting expedition versus“catch of the day”
I am a rich prince in need of help...Hello Harvard...
Phish or Flop?
How many domains do you see in this message?
benstrat.lh1od.com
benstrat.navigatorsuite.com
benstrat.com
Phish or Fine?
Can’t I trust this if it comes from a Harvard address?
Message success depends on credibility
There are human ways and technological ways to make a good impression…and it’s a continuum.
Phishing filters at Harvard
Technical filters
Running the gauntletSuspect
Adult
SpamBulk
Phishing
66 millionEmail messages addressed to @harvard.edu that were blocked as spam/phishing in March 2016
Running the gauntlet (O365)Email from outside
Harvard
Spam, malware, and phishing filters
Bulk, malware, and phishing filters
Sender acceptance or blocking filters
Personal junk and blocking filters
(Email from inside Harvard)
Email sent outside Harvardor outside internal Exchange
(g.harvard, mail.harvard, @college, HBS)
What’s the “Holy Grail” of messaging?
There’s no recipe for spam.
Possible flagsUnfamiliar senderLack of text versionAttachmentRed textMany imagesLinking to multiple domainsAll capsKeywordsTyposSending to bad addressesLack of mailing addressNo unsubscribe link
Call ahead and order off the menu.
Call ahead: safelist your sender
Submit request to [email protected]
Email is still subject to local spam filters
Stick with the menu: Harvard URLs
Options for linking to Harvard websites
Post content on a Harvard website.
Use a Harvard link shortener for non-Harvard URLs.
Establish Harvard-branded domain for tracking (CNAME).
Floss after every meal.
Keep lists clean
Spam algorithms factor in engagement
No reason to keep unengaged subscribers on your list
Practice appropriate list hygiene
Re-engage inactive subscribers
If no response, consider opting out inactives
How to build credibility with technical filters
TacticsEmail marketing
service ListservOutlook with uploaded
list
Manage your spam flags X X X
Target your lists X X X
Link to Harvard URLs X X X
Use Harvard link shortener, when harvard url not available
X X
Safelist sender X
List hygiene X
Human filters
Phishing awareness campaign
Click Wisely
Phishing awareness and training
Mock phishing with feedback
Greater awareness drives more scrutiny of email
Be predictableManage your envelope:
Credible, consistent senderRelevant subject lineComplementary preheader textHave a reply address
Send at a regular, anticipated frequencyUse a well-tested and branded templateInclude all information within the email or on a Harvard website rather than sending an attachment
Provide option to manage preferences
Case study:EVP newsletter
Goals
Easily read across devices
Reflects best email practices
Incorporates tracking to measure engagement
Efficiently assembled each month
Continues to engage readers while serving as a messaging vehicle for Katie Lapp.
ExecutionContent
Project brief & wireframeTemplate developmentTestingIncorporated best practices:
Added a text versionAlt-text for imagesPreheader textMailing addressRemoved red textPosted full articles on Harvard
websites
DeliveryMoved to SilverpopCreated list querySafelisted [email protected] on
staff and school email servers via HUIT
links.mkt3495.com
Future plans
Tools for being a phish-aware, effective emailer
Harvard.edu/guidelines
Link shortener (coming soon)
Accessed by HarvardKey account with 2-step verification
Links checked against database of known malware sites
“hrvd.it” will be safelisted through our email systems
Are you phish, flop, or fine?
Remember the continuum
Questions?