Latest news with #DMARC
Time Business News
8 hours ago
- Business
- Time Business News
Send Email Online vs. Letter Mailing Service: Which One Suits Your Needs in 2025?
Introduction In 2025, organizations and individuals have more ways than ever to reach customers, partners, and loved ones. Two options dominate: send email online through cloud-based platforms, and use a Letter Mailing Service to deliver printed correspondence. Each channel offers unique advantages—and potential drawbacks—depending on your goals. This guide breaks down both methods, highlights emerging trends, and helps you decide which solution (or combination) fits your needs. Factor Send Email Online Letter Mailing Service Average Delivery Time Seconds 1–7 days (domestic); longer international Cost per Message Often free; premium plans $0.0001–$0.02 $0.55–$3.50 (print, envelope, postage) Personalization Dynamic content, segmentation, A/B tests Hand-signed letters, custom stationery, enclosures Legal Validity eIDAS 2.0, ESIGN, PKI signatures Wet ink signatures, Certified/Registered Mail Security & Privacy Encryption, DMARC, MFA Tamper-evident sealed envelopes Environmental Impact Low carbon footprint; server emissions Paper, ink, transport emissions Engagement Rate* ~21 % open; 2–3 % click (B2C avg) 90 % open; 42 % read within 3 minutes Best For Rapid updates, marketing automation, receipts Contracts, official notices, high-value donors *2024–2025 global averages across industries Cloud infrastructure (AWS, Azure, Google Cloud) lets you send one or one million messages instantly. Transactional emails—order confirmations, password resets—arrive within seconds, maintaining customer trust. 2025's email platforms now embed Gen AI to write subject lines, segment audiences, and predict send-times. Tools like Mailchimp AI Assistant and HubSpot's AI Optimizer can lift click-through rates by up to 19 %. Dashboards show opens, clicks, conversions, and device type in real time. Integrations with GA4 and CRM systems help marketers attribute revenue precisely. Most ESPs offer free tiers; even enterprise senders pay fractions of a cent per email. This is unbeatable for newsletters, drip campaigns, and customer success updates. • End-to-end encryption under TLS 1.4• Default BIMI logos that validate brand identity in inboxes • FIDO2 multi-factor login, minimizing account takeovers When 'Send Email Online' Shines Daily marketing or product updates Digital receipts and invoices Real-time alerts (IoT, banking, travel) Low-cost global outreach for startups Physical mail creates a sensory experience—paper weight, embossing, even scent. In an age of overflowing inboxes, a high-quality letter stands out and signals importance. Courts and government agencies worldwide still require hard copies or wet signatures for certain documents: property deeds, some HR notices, certified compliance letters. A Letter Mailing Service handles printing, secure sealing, and tracking via USPS Intelligent Mail or comparable systems. Research by the Postal Innovation Council (2024) shows that 42 % of recipients place a meaningful letter on a desk or fridge for at least 17 days—far longer than the average email lifespan of 2 seconds in the inbox. Variable-data printing lets you merge names, offers, even QR codes that link to personalized webpages—bridging print with digital. Modern services integrate APIs: you upload a PDF and address list, and the provider prints, stuffs, and mails within hours. Some also embed NFC chips or augmented-reality triggers to create interactive experiences. When a 'Letter Mailing Service' Excels Priority legal notices (termination, debt collection) Fundraising for nonprofits (average donation up to $57 vs. $11 via email) Luxury brand invitations or VIP loyalty programs Hand-signed thank-you notes and holiday cards Global Data Privacy Laws Tightening New AI-generated phishing attacks push businesses to adopt DMARC at 100 % enforcement. Authentic-looking physical mail counters email spoofing for certain missions. Rising Postal E-Stamp APIs USPS, Royal Mail, and Pakistan Post now offer digital postage APIs, letting SaaS platforms compare email delivery with auto-generated mailing labels in one dashboard. Green Mandates Corporations must report Scope 3 emissions. Sending email online has a smaller carbon footprint, but recycled paper and carbon-offset shipping make letter mailing more eco-friendly than in 2020. Hybrid Customer Journeys A 2025 Gartner survey shows campaigns mixing email and direct mail enjoy a 27 % higher ROAS. Example: send a promo code by email; follow up with a postcard to top spenders. Ask yourself these four questions: How urgent is the message? Need immediate action? Send email online. Can wait a few days but must be noticed? Letter Mailing Service. Is legal proof or physical signature required? Yes → Letter Mailing Service (prefer Certified/Registered). No → Email with e-signature (DocuSign, Adobe Acrobat). What budget constraints exist? Low or zero budget → Email. High-value client outreach → Direct mail ROI often justifies cost. What engagement depth is needed? Short-term clicks → Email. Memorable unboxing experience → Letter or package. Implement BIMI to display brand logo next to the 'from' line. to display brand logo next to the 'from' line. Adopt AI content filters to avoid spam triggers. to avoid spam triggers. Maintain ADA compliance (WCAG 2.2) with alt text and clear fonts. Use recycled FSC-certified paper to meet ESG goals. to meet ESG goals. Add dynamic QR codes that load personalized landing pages. that load personalized landing pages. Track via USPS Informed Delivery so recipients preview your letter digitally first. Q1: Can I automate both email and letter mailing from one platform? Yes. Providers like PostGrid, Lob, and ClickSend offer unified APIs to trigger either channel based on business logic. Q2: Is email legally binding in 2025? Under ESIGN, UETA (U.S.), and eIDAS 2.0 (EU), digital signatures are valid. But some jurisdictions still mandate paper for certain contracts. Q3: Which option is greener? Email consumes less energy per message, but data-center electricity isn't zero. Choose renewable-powered ESPs; for mail, select recycled materials and carbon-offset shipping programs. In 2025, 'email vs. snail mail' isn't a zero-sum debate. Send email online for immediacy, scale, and analytics. Use a Letter Mailing Service when legal compliance, tangible impact, or premium branding matters. The smartest communicators blend both: automate routine emails, then deploy limited-run direct-mail pieces to break through the noise. Evaluate your audience, objectives, budget, and compliance needs—then craft a hybrid strategy that delivers results today and in the future. TIME BUSINESS NEWS
Yahoo
7 days ago
- Business
- Yahoo
York technology chief warns on email security
The founder of a York IT services company says over four-fifths of city businesses have a critical gap in their email security, putting them at risk of impersonation or delivery failure. Thomas Siron of Techscend says recent changes in email handling by tech giants Google, Yahoo, and Microsoft could have serious consequences for businesses that haven't taken proactive steps to protect their domains. These providers have now implemented stringent policies requiring all domains that send emails to have properly configured DMARC (Domain-based Message Authentication, Reporting & Conformance) records. Thomas said: 'Businesses that don't have DMARC in place - or have it set up incorrectly - are playing with fire. Their emails may never even reach the recipient's spam folder, let alone their inbox. This could lead to client proposals going undelivered and email marketing efforts being wasted. Worse still, their domain could be hijacked by scammers to send fake emails that appear 100% legitimate to the average person.' DMARC is a security protocol that works with other domain records - SPF and DKIM - to prevent email spoofing - a tactic commonly used by cybercriminals to impersonate legitimate companies. Without it, hackers can forge the identity of a company's domain and send malicious emails to unsuspecting customers, partners, or staff. The warning follows recent high-profile cyberattacks involving household names, such as M&S, The Co-Op and Harrods. Techsend says these incidents highlight the devastating consequences of cyber threats and the urgent need for businesses of all sizes to tighten their security. Siron explaine: 'A lot of business owners think that because they're using Microsoft 365, Google Workspace or email services provided by their website, they're automatically protected. 'But unless DMARC, SPF, and DKIM are correctly configured for your domain, your outbound emails could be held back by recipient servers - or worse, used by fraudsters to carry out scams in your name.' Emma Hollinrake, from Phishing Tackle, the preferred partner for security awareness training with Aviva, added: 'Cyber insurance needs - and claims - are increasing year on year, in line with the increase of cyber risks to organisations of all sizes. One thing is certain; - now, more than ever before, education and awareness for employees is absolutely critical across all areas of risk.' Techscend is urging businesses to conduct a domain health check immediately and has launched a free email security audit service to help identify gaps in protection. Businesses can sign up for a free domain health check at Siron concluded: 'In a digital world, your email domain is your identity. If you don't lock it down, someone else will use it - and the fallout can be catastrophic.'
Associated Press
30-06-2025
- Business
- Associated Press
New Report Finds 56% of Private Equity Domains Vulnerable to Spoofing
Updated Atumcell Analysis Reveals Modest Progress — and Mounting Cloud-Driven Risks 'Email is now the primary attack surface. Attackers no longer need to break into infrastructure. They phish for credentials, exploit email weaknesses, and move through cloud environments undetected.'— David Williams, Atumcell CEO BOSTON, MA, UNITED STATES, June 30, 2025 / / -- Six months after revealing widespread domain spoofing vulnerabilities among private equity (PE) firms, cybersecurity firm Atumcell has released an updated report showing that most firms remain exposed — and the risks are growing. The study, titled Still Spoofable, finds that 56% of PE firm and portfolio company domains are spoofable, a slight increase from 55% in November 2024. The report evaluates 179 mid-market PE firms and their 2845 portfolio companies for adoption of SPF, DKIM, and DMARC, the email authentication protocols that protect organizations from being impersonated in phishing attacks. 'Email is now the primary attack surface,' said David Williams, CEO of Atumcell. 'Attackers no longer need to break into infrastructure. They phish for credentials, exploit email weaknesses, and use that access to move through cloud environments largely undetected.' One Firm Gets It Right. Most Still Don't For the first time in Atumcell's analysis, a single firm achieved a perfect score, demonstrating complete implementation of spoofing protections across its domain ecosystem. The next closest firm left over 20% of its domains vulnerable, highlighting the gap between best practice and the industry norm. Other notable changes include five new firms entering the top 20 ranking, with one firm climbing 85 spots. However, the overall picture remains bleak: several previously top-ranked firms lost ground, and the majority of domains remain vulnerable to impersonation. Spoofing Now Enables Cloud Breaches The report warns that spoofing is no longer just a phishing risk. It's often the first step in cloud compromise. As PE firms rely more on cloud-based tools for communication, file sharing, and portfolio management, a single spoofed email can lead to credential theft, unauthorized access, and significant data exposure. Cloud service providers charge extra for security logging and alerting, and many mid-market firms forego those features, leaving massive blind spots when attackers gain access. The report includes actionable recommendations for PE firms and portfolio companies: 1. Check any domain for spoofability using Atumcell's free tool 2. Enforce DMARC policies to block unauthorized use of domains 3. Monitor domain configurations regularly 4. Test for spoofing in penetration tests and phishing simulations 5. Invest in cloud logging and visibility tools The full report, Still Spoofable: Insecure Domains Leave PE Firms Exposed to Modern Cyberattacks, is available at About Atumcell Atumcell ( provides a cybersecurity operating system tailored to private equity firms and their portfolio companies. With innovative tools and a strategic, attacker-focused approach, Atumcell helps clients reduce risk, mature security posture, and meet insurability standards. David E Williams Atumcell Inc +1 617-671-8810 email us here Legal Disclaimer: EIN Presswire provides this news content 'as is' without warranty of any kind. We do not accept any responsibility or liability for the accuracy, content, images, videos, licenses, completeness, legality, or reliability of the information contained in this article. If you have any complaints or copyright issues related to this article, kindly contact the author above.
Techday NZ
18-06-2025
- Health
- Techday NZ
Major healthcare providers leave email systems open to phishing risk
More than a third of the world's largest healthcare providers are yet to implement essential email security measures against phishing and spoofing, according to research conducted by EasyDMARC. The report analysed the adoption of DMARC, an email authentication protocol, across 4,100 prominent hospitals and clinics in both the United States and Europe, including the 100 highest-ranked healthcare organisations worldwide. The research revealed that while the proportion of top providers using DMARC increased marginally from 62% in 2024 to 65% in 2025, a substantial 35% still operate without DMARC protection altogether. Of those that have put DMARC in place, the study found that nearly half are not fully utilising its protective capabilities. Just 18% of the top 100 global providers have enforced DMARC to actively block suspicious emails, whilst 48% are using the weakest setting-known as 'p=none'-which merely monitors email activity and does not prevent fraudulent messages from reaching inboxes. Ongoing cyber threats The findings come against a backdrop of significant cyberattacks targeting the healthcare sector in recent years. This includes a notable breach at the UK's National Health Service (NHS) in 2024, where almost 400GB of patient data was illicitly obtained, as well as disruptions experienced by Yale New Haven Health in Connecticut. The report highlights that the sensitive nature of healthcare data and the sector's vital societal role make it an attractive target for cybercriminals. Healthcare organisations, which are heavily reliant on digital communication and critical infrastructure, are especially susceptible to cyber threats such as phishing attacks. Such incidents not only threaten financial loss but can also impact patient safety and healthcare delivery. DMARC functions by verifying whether incoming emails originate from approved sources, allowing organisations to block potentially fraudulent emails before they reach users. Full enforcement requires setting DMARC to 'p=reject', which rejects unverified emails outright rather than simply monitoring them. Regional differences in protection EasyDMARC's analysis of 2,000 of the largest European healthcare providers indicated that only 48% have DMARC implemented, and of those, over half have the setting at 'p=none'. This approach fails to block harmful messages, leaving significant vulnerabilities. In the United States, DMARC adoption reaches 55%, but nearly 40% of these providers also operate with the weakest monitoring-only policy. The research indicates that, despite an increase in awareness of email security, many healthcare providers remain exposed and have not moved towards policies that fully block phishing attempts. With over 90% of all cyberattacks said to originate via email phishing, the lack of comprehensive DMARC enforcement is highlighted as a substantial and ongoing risk. Industry-wide changes in policy from major email providers, including Google, Yahoo, and Microsoft, have made it mandatory for bulk email senders to enforce DMARC, reflecting the protocol's place as an industry standard. Microsoft's requirements came into force in early May. Call for stricter enforcement Gerasim Hovhannisyan, CEO of EasyDMARC said: "The healthcare sector is under constant pressure to protect patients, keep services running, and manage sensitive data, but too many organisations are still stopping short of full protection. DMARC only works when it's configured properly and enforced, and that means setting it to 'p=reject'. Anything less leaves inboxes open to impersonation and phishing attacks. For healthcare providers, the risk isn't just financial; it's operational and deeply human. Every unprotected email domain is another opportunity for attackers to disrupt care and put lives at risk." Data from the report also breaks down DMARC deployment within each region. In Europe, 955 of the 2,000 largest healthcare domains have valid DMARC records, but only 241 are set to 'p=reject' and 229 to 'p=quarantine', with the remainder on monitoring only. In the United States, 1,103 of 2,000 have DMARC records, 170 set to 'p=reject', and 501 to 'p=quarantine'. For the top 100 global providers, 65 domains have DMARC, with just 12 set to enforcement and 22 to quarantine. Healthcare providers are being encouraged by security experts to review their DMARC configurations and move toward full enforcement settings to better safeguard sensitive information and maintain the continuity of essential services in the face of increasingly sophisticated cyber threats.
Tourism Breaking News
15-06-2025
- Business
- Tourism Breaking News
85% of UAE travel sites adopt email authentication measures to protect holidaymakers during peak booking season
Post Views: 39 Proofpoint, Inc., a leading cybersecurity and compliance company released new research revealing that 85% of the top online travel sites* in the UAE have adopted Domain-based Message Authentication, Reporting and Conformance (DMARC), a key email security protocol that helps protect users from email fraud. However, only 45% of these sites have implemented it at the highest enforcement level of 'reject,' which actively blocks unauthorised emails from reaching inboxes. The findings are based on a DMARC adoption analysis of the top 20 online travel sites in the UAE, and across Europe and the Middle East. DMARC is an email validation protocol designed to protect domain names from being misused by cybercriminals. It authenticates the sender's identity before allowing a message to reach its intended destination. DMARC has three levels of protection – monitor, quarantine and reject, with reject being the most secure for preventing suspicious emails from reaching the inbox. With travel demand in the UAE continuing to rise, a recent KPMG study found that 77% of UAE travellers use mobile apps or hotel booking services, increasing the volume of digital interactions between consumers and travel brands. But as consumers eagerly plan and book their getaways, this surge in activity – coupled with a high volume of emails and promotional offers from travel companies – creates a perfect storm for cybercriminals, turning dream holidays into costly scams through sophisticated email fraud. Key findings include: • The UAE demonstrates stronger foundational email security adoption compared to its European counterparts, with 85% of the top travel sites publishing a DMARC record, reflecting growing awareness of cybersecurity best practices across the country's travel sector. • However, there is room for improvement with only 45% of the UAE's top travel sites using the policy at 'reject' level, meaning 55% are leaving their customers, staff, and partners more vulnerable to receiving fraudulent emails impersonating these brands. • On average, 88% of the top travel websites across Europe and the Middle East have published a basic DMARC record. However, only 46% of all travel sites analysed are at reject, meaning 54% of the top travel sites across the regions are leaving customers at risk of email fraud. 'Holiday bookings often represent a significant number of high-value financial transactions and bring experiences of high personal and emotional value; this combination makes travellers prime targets for cybercriminals. Attackers actively use sophisticated email fraud, especially during peak holiday season, to exploit vulnerabilities,' says Matt Cooke, cybersecurity strategist, Proofpoint. 'Fake booking confirmations, too-good-to-be-true deals, and urgent payment requests for supposed flight changes are common tactics. These fraudulent communications can appear highly convincing, putting travellers' finances and personal data at risk.' 'Travel companies bear a social responsibility to do everything they can to stop convincing scam emails being sent in their name, to holidaymakers,' continues Cooke. 'Implementing DMARC technology to its fullest level of 'reject' allows travel companies to massively reduce the risk of that happening, protecting both their brand and all of the holidaymakers at the same time., it's a win-win.' Proofpoint advises consumers to follow these tips to stay safe when booking and managing travel online: 1. Secure your bookings – and your accounts. Use strong, unique passwords for travel accounts and booking sites. Enable multi-factor authentication (MFA) wherever possible to add an extra layer of security. 2. Watch out for fake travel deals – and websites. Be wary of unsolicited offers that seem too good to be true. Scammers create convincing fake websites for airlines, hotels, or comparison sites to steal money and credentials. Always book through official sites or reputable, verified agents. 3. Navigate away from phishing trips – and smishing scams. Stay alert to phishing emails or smishing (SMS phishing) messages regarding flight changes, booking confirmations, or visa applications that demand urgent action or personal details. These often lead to fake login pages designed to capture your information. 4. Don't get detoured by suspicious links. Avoid clicking directly on links in unsolicited emails, social media messages, or pop-up ads, especially for special offers or urgent alerts. Instead, type the official website address directly into your browser. 5. Check reviews before You book. Fraudulent travel offers, websites, and apps can look deceptively genuine. Before providing payment details or downloading a new travel app, invest time in researching the company, reading independent online reviews, and checking for customer complaints.
