How I Almost Got Duped by a Spammer

As an email marketing guy, I tend to receive more email than the average consumer. I subscribe to a variety of email newsletters so that I can see the opt-in process, check out the welcome email (assuming they send one), and evaluate/critique all future emails.

If you are responsible for email marketing at your organization, I highly recommend doing this as well. It will give you ideas for subject lines, copy and creative, social connecting and sharing options, and so on.

Because I receive so much email, some legitimate email lands in my Gmail spam folder. I blogged about some of the changes Gmail made recently and shared why I think Gmail spam may be hurting your email marketing program.

Today, I found an email from Bank of America in my Gmail spam folder. See below.

Just looking at this email as shown above … what do you think – Is it spam?

Now let me share a bit more information with you. See if this changes your original answer.

The From Name was “Bank of America Alerts” and the Subject Line read, “Bank of America – Irregular Activity ..” While neither were terrible, it still did set off my “Spam Radar.” I would have expected the From Name be simply “Bank of America.” Also, the Subject Line just seemed spammy. Then I reminded myself that just because a Subject Line sounds spammy, it may not be – sometimes email marketers intentionally break the “rules.” 

However, as I continued to scroll down through the email, there were other red flags that confirmed this email was indeed spam. Check out the short screencast I did below to see what those red flags were. They almost got me! Also in this screencast, I share with you some tricks to determine whether an email is spam or legit.

Having trouble seeing this screencast? View it here.

Have you even been duped by a spammer? I’d love to see the email that you thought was legit. Please share below!

DJ Waldow


Did you know … Jason Falls and I just wrote a new book about breaking the rules of email marketing! In the book, we dedicate an entire chapter to “The Ideal Subject Line.” In The Rebel’s Guide to Email Marketing: Grow Your List, Break the Rules, and Win, we share with you all sorts of email marketing “best practices” individuals and companies are breaking each and every day … and still finding success.


Should LinkedIn Have Emailed Members About Its Security Breach?

In case you missed the news last week, LinkedIn’s site was breached and more than six million of its customers’ passwords were stolen.

I read about the news first on Twitter, then confirmed it through a serious of articles and blog posts from reputable sites. There was even a healthy discussion about it on the Only Influencers email list including some suggestions from my online security friends about how to check and see if your password was compromised.

The first thing I did was to change my LinkedIn password. By the way, if you haven’t done that yet … now is a good time (Mashable explains how to here).

A few of the tweets I saw and email conversations I had pointed to the LinkedIn blog. Its first blog post acknowledging the possibility of a data breach was very well written (read it here). They told members they were looking into the possible breach and directed folks to follow the process by “following us on Twitter @LinkedIn and @LinkedInNews.” They also took the opportunity to remind members about online security and privacy:

…one of the best ways to protect your privacy and security online is to craft a strong password, to change it frequently (at least once a quarter or every few months) and to not use the same password on multiple sites.

Later that day, LinkedIn confirmed that passwords were stolen. Again, I thought the blog post was well-written. It was direct, to the point, and apologetic. Sure, they could have used a better word then “inconvenience” (“We sincerely apologize for the inconvenience this has caused our members.”), but still pretty good.

Then, I read this Mack Collier blog post, Why Isn’t LinkedIn Proactively Alerting Members to its Security Breach?

I’d encourage you to take a few minutes to read the post. Mack makes some excellent points about how LinkedIn communicated the breach as well as suggestions for how they could have done it better. As an email marketing guy, this statement from Mack jumped out at me:

But if LinkedIn can address the situation on its blog, why can’t it email its members to let them know what’s happening? … Because if you don’t, you are sending a very bad message to your members. You are telling us that you only send us emails when it’s important, like when you want us to upgrade to a premium account, or update our profile, or connect our email address book to our account.  But when it comes to our security, well that’s not important enough to warrant a ‘personal’ email.

Spot on.

As it turns out, LinkedIn did email its members: however, only those who were impacted by the data breach. Check out the email below (thanks to Peter Ghali for forwarding me a copy).

What a great email! It explained the situation and clearly outlined the necessary steps to reset the password. Yet again, this was only sent to those members who were affected by the data breach.

Why didn’t LinkedIn send an email to all members alerting them of the data breach? Here is what one commenter (and good friend), Tom Martin, had to say:

For once I have to disagree with you. When LinkedIn published the fact they had emailed effected users, they DID communicate with you by not sending you an email.

As soon as I saw that story and realized I hadn’t received an email — I relaxed and felt good knowing that my password had not been hacked.

Only something like 4% of LI’s base was effected so I can see where they’d not want to make a mountain out of a molehill by shining a big light on a subject that you as a user may or may not have been aware of in the first place.

We digitally connected folks often forget that just because we’re aware, that doesn’t mean the average user is aware — unless the story was in their local paper or on their local news, they very well could have missed it.

Had they blamed a glitch or some other such silly nonsense then I’d agree they might have a problem… but I think if we could jump forward in time about 90 days you’d find that precious few folks will even remember much less care (outside of the echo chamber).

While I agree with Tom that sending an email to the entire LinkedIn membership when only a small fraction where impacted by the security breach would have been making “a mountain out of a molehill,” I still think they could have communicated to all members.

In the email marketing world, this is a topic we discuss often. In many ways it’s similar to how marketers handle and email “oopsie” – one that does not impact all email subscribers. Is it worth sending an apology email to your entire database or only those impacted? The answer is not that black and white. My general stance is why alert/worry everyone if only a handful are impacted by the error (and yes, I realize that this data breach was more egregious then an “oopsie” or error).

However, in this case, the news of LinkedIn’s password hack made mainstream news. Many people were wondering if their account had been compromised. If I were LinkedIn, I would have sent an email to all member, but segmented it as follows:

Those who were impacted (Segment A): Send them a “here’s what happened & here’s what you need to do email” – very similar to what they did. See example above.

Those who were NOT impacted (Segment B). Send them an email saying that “You may have heard the news … we are in the process of looking into it … read more on our blog (link) … in the meantime, to be on the safe side, we recommend changing your password … here is how.” In fact, I would have pretty much copy/pasted this LinkedIn blog post, Updating Your Password on LinkedIn and Other Account Security Best Practices, into the email.

My question is this: Did LinkedIn choose to intentionally NOT send an email to those members who were not impacted by the data breach? When the news broke, did its marketing team discuss the options of how best to communicate it? My bet is that yes, they did have a conversation. I also believe they talked about how to leverage the email list to communicate.

If this were you … if this data breach happened at your company and impacted your membership, how would you have communicated the news? Would you have gone the route of LinkedIn and only emailed those members who were affected or would you have taken a similar approach to the one I suggested and segment your list and communicate to all members?

Do you have a “Crisis 101″ email marketing plan in place?

I’d love to hear your thoughts in the comments below.

DJ Waldow


Did you know? Jason Falls and I just wrote a new book about breaking the rules of email marketing! In the book, we talk about ways to grow your email list AND break some rules along the way. We also dedicate a section to “the power of pairs” – using email marketing and social media together. In The Rebel’s Guide to Email Marketing: Grow Your List, Break the Rules, and Win, we share with you all sorts of email marketing “best practices” individuals and companies are breaking each and every day … and still finding success.


7 Keys to Building a Successful Manage Preferences Page

Stephan Hovnanian, Shovi WebsitesThe following is a guest post from Stephan Hovnanian of Shovi Websites. At Shovi, Stephan works hands-on with businesses & non-profits to build, manage & market their websites, so they can focus on more important things. Shovi’s eCampaigns email marketing platform works hand-in-hand with their in-house CMS framework to make email marketing more polished and convenient. Connect with Stephan on Twitter, LinkedIn or Google+ to talk more about your next web design project.

After reading this post about the Unsubscribe process, I reached out to DJ to ask if I could expand on his points as they relate to using a Manage Preferences page.

Below you’ll find a short screencast (3:53) talking about some key points when using a Manage Preferences page in your email marketing.

7 Keys to Building a Successful Manage Preferences Page

  • Clarity - Part of the reason you have a page like this is because you want to segment your lists, so be clear about those segmentation options.
  • Expectation - Offer samples whenever possible, so subscribers know what to expect. (Idea: if you’re offering a desktop vs. mobile option, offer a QR code that links to a sample email, or an auto-responder campaign, so the subscriber can see if the mobile version makes sense for their phone)
  • Transparency - Always be clear about the email address you’re using; some people use forwarders and may not realize that’s what they signed up with.
  • Simplicity - Keep the process simple, starting with the email, and use as few clicks as possible.
  • Tactfully Opportunistic - If you’re offering a one-click unsubscribe option (a good idea), and you have multiple lists, make the unsubscribe confirmation page a place to subscribe to other lists. Why lose the subscriber forever?
  • Professionalism - Don’t skimp on the branding. Use your ESP’s API to build your own Manage Preferences page (like we did above), instead of settling for the default, empty look. If you can brand your public-facing pages (archives, subscription forms, manage preferences, etc.) then do that as well. Your subscribers will be more comfortable coming to a page that looks like your website than a blank one that gives little indication of who or what they’re opting out of.
  • Mobile-ready – If you can make this page mobile-friendly (or responsive), do it. At this point, everything related to your email marketing needs to function on more than just a desktop.

Do you have any good, great or … not so great examples of manage preference pages? If so, please share in the comments below!

Pinterest and Twitter Love Email Marketing

Email is dead.

It used to bother me when I heard someone utter that phrase or when I read a blog post proclaiming that email marketing is dead. No longer. Now I use it as a conversation starter, as an opportunity to educate folks that not only is email not dead, it’s alive and thriving.

There are a ton of studies out there proving that email marketing is far from dead. One of my favorites is from my friends at ExactTarget (read more & download the study). In fact, Jason Falls and I discuss this fallacy (and then dispel it) in the Introduction of The Rebel’s Guide to Email Marketing.

In case you needed a bit more proof that email is not dead, check out what two of the most popular social media sites, Pinterest and Twitter, announced recently. On May 14th, Twitter shared that they would begin rolling out an email digest – The best of Twitter in your inbox. A few days ago, Mashable wrote about Pinterest’s plan to send a “curated newsletter” to users.

As it turns out, Pinterest and Twitter love email marketing.

Wait. I thought email marketing was dead? Social media is going to replace it, right? Nope. In fact, nearly all social networking sites send out some type of email marketing message to it’s subscribers. Some of them are updates (like Facebook). Others are more detailed (like LinkedIn). Now, both Twitter and Pinterest are sending curated content to users via email marketing.

This also plays into my belief that email marketing and social media go together like Batman and Robin.

The New Twitter Email Digest

Let’s say you wanted to opt-in to the new Twitter email digest. How would you go about it? Here’s what the folks from Twitter said about opting in to this new email:

We’re rolling out this new email out to everyone over the next few weeks, so keep checking your inbox for new messages from Twitter. Like other Twitter email notifications, you can manage your preferences for this new digest in your Notification Settings.

So, again, how do you opt-in? Twitter is leveraging what my friend Janet Roberts calls a “soft” opt-out approach (another “rule breaker” we address in The Rebel’s Guide). They are rolling it out to everyone. The only way to turn it off (opt-out) is to “manage your preferences” in your Notification Settings. Here is what that looks like – notice the pre-checked box in front of all email options.

The bottom checkbox – “A weekly digest of Stories & Tweets from my network” is the new one Twitter just added. So, again, if you do NOT want to receive these new weekly digest emails from Twitter, you must go into your Notification Settings and uncheck the box.

I just started receiving these email digests from Twitter and I have to say, I kinda like them. Below is a screenshot of the top half of one of these emails from this week. Note: This example is from my 2-year old’s Twitter account. Don’t ask.

Here is what Twitter had to say about the content of these digest emails:

This new email digest also features the most engaging Tweets seen by the people you follow, even if you don’t follow those who wrote them. You can see who from your network retweeted or favorited these Tweets and click “View details” to retweet, favorite, reply or view the conversation around them.

As you can see from the screenshot above, Twitter does a very nice job of fulfilling on that promise. I really love that they show me stories of what the folks I follow are saying. The emails also show other people I follow who have shared this particular article or blog post – good “social proof.”

What happens when you click?

  • Clicking on the headline takes the reader directly to the article.
  • Clicking on the avatar brings people to the actual tweet about the article.
  • Clicking on “tweet this story” auto-populates a tweet (assuming you’re logged in) with the article headline and its associated URL.

Pretty neat, huh?

However, the bigger story here, and what I really love, is that this Twitter digest is making email more social. The inbox is becoming (slightly) more interactive – a trend I see playing out more and more as email and social begin to integrate more.

I’m very curious to see what impact these types of emails will have on social sharing. Twitter is, for all intents and purposes, using email marketing to power the social media channel. They are curating content from Twitter, dropping it into an email digest, which then redirects clickers back to … Twitter. For those folks whose articles get somehow magically selected (I’m not entirely sure how Twitter decides the content), there is an opportunity for more eyeballs on their articles.  Again, pretty neat.

The New Pinterest Curated Newsletter

Unfortunately, I don’t have much to share here (yet) as this service is quite new. I have yet to receive an email from Pinterest. Then again, maybe that’s because I have Pinterest email updates turned off. I posed this question on Twitter yesterday:

Andrew Burch replied saying that he just created his account and the email digest was sent automatically. If that’s the case, it appears that Pinterest, like Twitter, is turning this feature on by default. Andrew was kind enough to capture a screenshot of how the Pinterest email appears on his iPhone (see picture here - Celebrity Breastfeeding Mamas? Ha!).

What Do You Think?

As an email marketing guy, I just love (LOVE) it when social networking sites understand the power of email marketing. Clearly Pinterest and Twitter see the value, but what about you? How are you integrating email marketing and social media?

Also, I’d love to get your thoughts on email marketing becoming more social. Is this something you see happening more and more? Is this the next trend in email marketing?

Please share in the comments below. As always, I’d love to hear and learn from you.

DJ Waldow


As mentioned above, Jason Falls and I just wrote a new book about breaking the rules of email marketing! In the book, we talk about the fact that email marketing is not dead. We also dedicate an entire section to “the power of pairs” – using email marketing and social media together. In The Rebel’s Guide to Email Marketing: Grow Your List, Break the Rules, and Win, we share with you all sorts of email marketing “best practices” individuals and companies are breaking each and every day … and still finding success.