Find It With Favicons

There’s been a lot of buzz this week regarding last weekend’s posting on TechCrunch about Gmail messages with favicons. Some follow-up postings have uncovered more about the approach, which was commented on by Google in a July post on their support site.

Comments on the various posts vary from “good idea – this will make things easier to find” to “I hope this doesn’t give spammers a new way to trick us” to “What criteria is Google using to decide which messages get favicons?”

We applaud Google for moving in this direction – it’s something we’ve been promoting for awhile. For a few years now, we’ve been marking messages across all major email clients using icons and logos, and we recently expanded that by using favicons as well (ironically, our post about this even includes a Gmail screen shot). As such, we’ve learned a lot about what companies and consumers care about when it comes to highlighting messages. 

First, there absolutely must be a strong underlying verification method. Highlighting messages is useless (even dangerous) if the bad guys can use it to their advantage. In our Truemark  service, we use the industry-standard email authentication methods of SPF/SenderID and DomainKeys/DKIM to verify authenticity of messages. But that’s not enough (see When Authentic Isn’t Real), since bad guys can also authenticate their messages. So, we make sure that the message came from a domain or address known to be used by the company (essentially a whitelist). Also, the image displayed to the user isn’t embedded in the email where it can be altered – it’s delivered securely in real time over the web as messages are verified.

Next, the user experience must be very simple and intuitive. We started by using a mixture of generic icons and some company logos placed in the “from” field of the inbox, which addressed the basic goal of informing users about the integrity of the message. But as the service grew to highlight messages from more than 1000 senders, users suggested that we take it a step further and make the messages easier to find. In response, we increased the number of logos and added favicons to the mix. We’re now highlighting messages from more than 1700 companies using hundreds of logos and favicons. In fact, more than 90% of the messages we highlight have a logo or favicon.

Favicons are an ideal way to visually identify a message – they’re compact, widely known via their use in browsers, and usually are as distinguishable as the company’s logo (in fact, we’ve seen some companies start to rebrand themselves using a square logo that more closely aligns with online use). Though not all companies use favicons, we’re seeing the list grow every day. And best of all, users love it – they can quickly find what they want and know they can trust it.

Sneak Peek Update

This week, through an article in DMNews titled “Inside the inbox: What are your customers really seeing?,” we revealed some preliminary results from a study we’re conducting with thousands of email users.

One of the areas we covered was the use of preview panes, which has always been a blind spot for email marketers. Yet it’s important to understand since it dramatically impacts the user’s email experience (do they see the message in a full window or just a snippet along the top or side?).

There are two ways to quantify use of preview panes – by % of users that utilize them or by % of messages read that way. The numbers in the DMNews article are based on % of messages read in the preview pane for each email client. It’s useful (and maybe more important) to understand the % of users that utilize the feature. So, here’s a side-by-side comparison of the two –

		Use of preview pane
	Email client	% of users	% of messages
	AOL webmail	2%	2%
	Earthlink	0%	0%
	Gmail	0%	0%
	Outlook	81%	72%
	Outlook Express	78%	71%
	Windows Live Hotmail	32%	13%
	Yahoo! Mail	58%	56%
	Yahoo! Mail Classic	0%	0%

Note that Earthlink, Gmail and Yahoo! Mail Classic do not support a preview pane.

While some of the email clients (AOL, Yahoo! Mail) have similar preview ratios for both users and messages, note the moderate difference (1.1X) for Outlook and Outlook Express users and the huge difference (2.5X) for Windows Live Hotmail users. There is a common thread – for all clients, the % of users who read messages in the preview pane is higher than the % of messages read that way.

What’s the takeaway? Don’t waste effort and potential impact by ignoring one of the primary ways consumers interact with email – designing for digestion in the preview pane is critical.

It’s Baaack… Or Maybe It Never Left

Earlier this year there were stories based on IBM’s midyear X-Force Threat Report with headlines such as “Phishing Drops,” “Is Phishing Finally on the Decline?,” and “Phishing Dries Up as Users Get Smarter.” The sound bites left the impression that the problem was all but solved and that scammers had moved on to other methods.

But this clearly isn’t the case, as noted by the Anti-Phishing Working Group’s Phishing Threat Trends Report for the first half of 2009. They found that the number of consumer-reported phishing attacks in May (37,165) was 7% higher than last year’s peak, and that the number of phishing sites detected in June (49,084) was the second-highest ever (April, 2007 still holds the record).

Want more proof? Just this week we hear about tens (hundreds?) of thousands of accounts that have been compromised at Hotmail, Gmail and other webmail services. Presumably the credentials were acquired via phishing attacks, indicating that this form of fraud is alive and well. Looking at the comments on the articles, the age-old opinions about phishing are rampant – “I can’t believe anyone would fall for that” and its companion “I’m too smart to let that happen to me.”

It’s ironic, but probably appropriate, that this news hits during the sixth annual National Cybersecurity Awareness Month. Admittedly there are obvious spoofs, but what about the ones that look real and are from entities you do business with? Clearly, many people are succumbing to the schemes arriving in their inbox, and most of us don’t have the ability to peel into an email message to determine its legitimacy.

So what’s a person to do to stay safe online? The Cybersecurity Awareness site above has a great list of resources for consumers, but most experts admit there’s no silver bullet to address this issue (except possibly to stop using the Internet ;-)). Still, there are practical measures users can take, ranging from behavioral approaches (don’t click on links or open attachments in email) to the use of tools to detect/eradicate malware and verify the legitimacy of email and websites.

In particular, there are several useful free services that help consumers avoid missteps online – our Truemark service highlights legitimate email messages from thousands of companies and organizations, and the top security software companies all offer tools to visually confirm the safety of websites (e.g., Trend Micro’s TrendProtect, McAfee’s SiteAdvisor , and Norton’s Safe Web.  Using these tools will help consumers bypass the bad guys’ offers, no matter how innocent or enticing they look.