In an effort to further tighten security and combat phishing targeting military personnel, the Department of Defense (DoD) is pushing a new policy that will disable HTML links in email sent to military domains (.mil) by outsiders.
Why is the DoD pushing for such a policy?
The government is constantly fighting off cyberattacks, and one (significant) attack vector is email. Because the military holds so much confidential data and its email addresses can be easily identified by their .mil sTLD (sponsored Top Level Domain), they are the target of many spear phishing campaigns.
A spear phishing campaign is where a specific domain or organization is sent spoofed email that appears to come from a trusted source, with hopes of gaining access to protected data or damaging the victim’s network. To protect the government interests and those of its employees, the DoD has decided it necessary to render HTML links unclickable, forcing users to take an extra step before they can follow links in the content they receive. The expectation is that forcing users to copy and paste links will provide an opportunity for the message recipient to scrutinize the links and consider the associated security implications before proceeding.
How does this change impact senders?
DoD networks have been heavily regulated for some time. When sending email their way, restrictions include stripping or breaking of HTML formatting, removal of attachments, and breaking of some long HTML links.
With this new policy, click response rates from this audience may decline from their current levels due to the extra steps required for recipients to hit the link destination.
What should senders do?
With HTML links unclickable, you may want to reconsider your approach in sending to this audience; plain text email is probably best when compared to sending HTML that will end up broken anyway. In either case, images won’t be displayed and open tracking will be affected. Configuring .mil recipients to receive only the text version is preferred, because a sender then has control over the text displayed rather than taking their chances on having their HTML broken and displaying in a less controlled way.
Focus your attention on the call to action for your most important links and consider minimizing the inclusion of extraneous links. Because a .mil recipient will have to copy and paste any links they wish to follow, having an email with too many may result in fewer click throughs (copy/paste actions) on the important ones. Make the links as short as you can so they are easier to copy, but be cautious about using third party link shortening tools.
Review your list building process and consider if acquisition of .mil addresses should be handled differently. Can you acquire an alternate (personal) email address from these subscribers? If you can, you will be able to serve them your HTML emails that they can see and interact with more easily than they would otherwise on the DoD networks. Are .mil addresses critical to your list, or are they not worth the extra effort you may have to expend?
While this change does pose a problem for senders, I can’t fault the DoD for making such a change. Because of the security implications involved, this isn’t too different from how some financial and healthcare institutions may handle email from outsiders, too. Any receiving organization with significant data to protect will apply more stringent controls to secure their networks.
The post Text Email, reporting for duty, SIR! appeared first on Informz.