Bank of America Fights Phishing as a Unit
"Inventory all the senders in your organization," he said. "We look at all our business units and which hosts are sending out from Bank of America." Some ISPs check not only the URLs that e-mails originate from, but also the Web hosts.
All units in a corporation must be educated on e-mail authentication, Mr. Johnson said.
"So many of the business units we deal with don't understand sender identification [Sender ID e-mail authentication]," he said. "We're providing them with a way of being educated."
Bank of America holds an e-mail group meeting weekly with executives across several units, including information security, e-commerce and marketing.
"We know ahead of time if problems are going to come up," he said. "Maintain continuous communication with all of your internal groups."
Implementing Sender ID is not easy, Mr. Johnson said, so e-mail senders also should collaborate with their competitors.
"We're all in this together," he said. "It's not like Bank of America ... are the only ones being phished."
Testing e-mail campaigns before sending them also is vital.
"The different ISPs all have their different interfaces set up," he said. "I want to see what the e-mail is going to look like ... at all these different places."
Christine Blank covers online marketing and advertising, including e-mail marketing and paid search, for DM News and DMNews.com. To keep up with the latest developments in these areas, subscribe to our daily and weekly e-mail newsletters by visiting www.dmnews.com/newsletters