How a data breach affects email deliverability

Email Industries Octopus Sadly, data breaches happen everyday.

While we have all been diligently working to protect the privacy of European customers, data breaches have continued to happen. Here's a small sampling.

January: As many as 2 million payment cards and email addresses were compromised when criminals gained access to Jason's Deli POS system, impacting at least 164 locations. 

March: Orbitz announced a breach affecting 880,000 consumer email addresses. 

June: Ticketfly had a data breach of more than 26 million customer accounts which included email addresses.

You get the idea. Chances are, you’ve come across many of these email addresses without knowing it.

So what's affect of data breaches on email deliverability?

You might think these data breaches matter primarily because they involve sensitive information such as credit card or social security numbers however, as you can see above, they often involve email addresses too, and that can eventually come back to haunt email deliverability.

Although you’re right in assuming that someone’s social security being stolen has little bearing on email deliverability, the fact is, legitimate emails in the wrong hands can lead to misdeeds, mischief and damaged reputations at seemingly innocent email senders.

Why do hackers want email addresses?

Hackers go after email addresses because that information can provide an access to a person’s online life and sensitive information, as well as a way to “phish” for even more data. However, the bad guys also want email addresses because they can make money from them.

Between 2009 and 2012, one of the largest data breaches in U.S. history took place, as hackers broke into an ESP and gained access to over 1 billion email addresses. These email addresses were used to send spam, because the hackers made money as affiliate marketers. Email addresses stolen in this manner are often sold as well, offering hackers another way to profit from their bounty.

This is just one example, and perhaps the most noteworthy one. But as we’ve said earlier in this post, data breaches happen everyday.

Why should email vendors care?

So how does all of this impact the email service providers? After all, they are innocent, right? Sure, they lacked the diligence to keep the hackers locked out, but the ESPs are not deliberately or intentionally providing access to email addresses, nor profiting from the stealing of them. The evil doers aren’t even using the ESP’s platform to do the sending. So what’s the problem?

The problem is, these soon-to-be abused email addresses make their way on to bad lists, and from there, on to good lists. Once these emails have become part of the list selling business, senders can either knowingly or unknowingly send spammy emails—spammy because they don’t have permission to be emailing that recipient. When I say “sender,” I mean a bad guy, but it could also be an innocent marketer who is sending to that email, ignorant of the permission-less status of that email.

How can email vendors protect themselves?

Diligent email senders should work hard keep these potential bad actors off of their platforms, as well as to make sure legitimate marketers aren’t using bad email addresses. This probably sounds like common sense, but this diligence is often overlooked because ESPs assume every sender and email is on the up and up…because ignorance is bliss, right? Sure—until you’re blacklisted.

There is one easy way to practice this diligence and protect your reputation: BlackBox. BlackBox helps mitigate risks by scoring a sender's list before that list is sent through an ESP's platform. BlackBox scans an unknown list, comparing that list to the problematic emails in the database. After the scan, a match rate returned. The higher the match rate, the riskier the send.