Brand Identity, Domain Alignment and Cats, and What They Have in Common

Tobias Herkula from Cyren opened his talk by giving an overview of his background of 11 years in the email industry, in which he was previously employed to send millions of emails per day, and today he is on the other end of the spectrum: responsible for stopping billions of emails per day. As a result, his talk was to provide advice to senders and brands on how not to get caught in his spam filters, by including domain alignment as an important part of brand identity. 

In his opinion, it is vital to involve IT/Ops in corporate identity discussions from the beginning. Building corporate identity with just the marketing team is not sufficient – all technical departments, all those responsible for trust anchors, need to be involved.


Brand identity

Firstly, he looked at what brand identity is: An end user has an experience with an entity, and interacts with a brand – this can include newsletters, transactional emails, status mails, etc. Brands want to nurture their identity, building a trust relationship. This is not simply a technical issue: the goal is that users recognize the brand and associate a value to it.

He asserted that nurturing, growing, and protecting brand identity is a shared responsibility with all departments. A broader view should be taken of company communications and their impact on brand identity. While marketing and corporate identity may not be associated with technical emails like Ops emails, these nonetheless form part of the brand’s overall emailing, and therefore impact on the brand identity.

Domain alignment – the technical side of brand identity

The rest of brand identity aside, Herkula’s talk had a technical focus, and that was domain alignment. This, he said, is basically a technical approach to achieve the same goal that you want to achieve in marketing with brand identity. A brand’s domain is the most trustworthy instrument to build trust.

There are a range of specifications – such as DKIM, DMARC, SPF, and BIMI – that help to pinpoint from a technical perspective who you are. For example, he admonished, a company should be signing every single email that comes out of it with its DKIM key. While Ops emails do not need a logo, they should still have a DKIM signature. ARC is another email authentication system that ESPs and vendors can implement it to support DMARC. These are all important because a lot of decisions are made based on your domain.

Herkula explained that domain alignment can be defined in two ways: firstly, according to DMARC, in which the Mailfrom and From domains need to align, and secondly, in the manner of anti-spam detection, where all domains found in the SMTP transaction need to align.

As a result, short links (those offered for free, which use the short-link provider’s domain) affect domain alignment, because they result in a link with a different top- level domain. Short URLs should be created using the company’s or brand’s own domain (there are many paid services which allow this). It is also important to consider this when you are hosting on a CDN – here again, a brand should use its own domain. Herkula warned against sharing trust anchors with someone you have no control over.

Avoiding being caught by anti-spam filters

If you, as the brand, are the only point in the chain who is responsible for a domain, it is easier for vendors to decide whether this a good or bad source. Anti-spam vendors do not want to deliver anything which appears questionable to end users, so if you make it hard for vendors, you are likely to be categorized as bad. Herkula went on to say that ESPs also have high risk of being compromised. The low income margin associated with an email customer may mean that some ESPs take shortcuts. Brands should therefore look out for ESPs that comply with the current state of best practices.

Tobias Herkula pointed out that working in anti-spam is much more difficult than the sending of spam. Vendors need to decide whether they should block the IP address, an IP range, or even the whole ASN, etc. He explained that it is easy for spammers to look like your brand. There are increasingly sophisticated tools for counterfeiting brand images, and spammers may also make use of the brand’s URL. This also makes detecting illegitimate mails difficult, meaning that anti-spam filters need to be more aggressive.

It was at this point that Herkula finally explained the cats: Of the 350+ cat images in his slideshow, not one was real. They had all been generated by a neural network. He emphasized that this is also how easily a spammer can make themselves look like you.

Reputation & computational trust

In the end, it is all about reputation and computational trust, according to Herkula. This is achieved through having an authenticated identity, which starts with domain alignment.

The sender header and the from header need to align (the “sender” is the technical identity who sent the email; the “from” is the person who it should be coming from). This can be achieved using a DKIM signing gateway, for example.

Herkula pointed out that once a brand has established computational trust with an “identifier” or domain, this should remain static. A brand should not keep changing it with new corporate identity initiatives, or because of a new provider. Switching the source IP address is not so bad, as long as everything else remains unchanged.

His key take-away was the need to involve IT/Ops in Corporate Identity discussions, and to take this seriously. It is not enough to attempt to build corporate identity with just the marketing team – all technical departments need to be brought into the boat as well. So, he concluded, stop reinventing your brands, and start evolving!