Phishy, phishy, phishy phish!

Phish: an Internet scam designed to trick the recipient into revealing credit card, passwords, social security numbers and other personal information to individuals who intend to use them for fraudulent purposes. The scam is known as "phishing" and the communications appear as if they come from reputable companies. The e-mails often instruct the recipient to verify or update account information by requesting a reply to his e-mail with updated information, or by providing the recipient with a link to a website where the new information may be entered.



Big brands, especially financial institutions, are the main targets of phishing scams so they tell their customers to be suspicious of any email messages that claim to be from them but don't quite look right.

Now think about the way we survey our clients' customer lists.

To make the example more concrete, let's pretend we've been hired to do an online customer satisfaction survey for a major bank. We email survey invitations to the bank customers. The messages claim to be from the bank, but the sender is either a forgery of the Bank's email address, or some completely strange address belonging to a market research company the Bank customer has probably never heard of. On top of this, the email asks the bank customer to follow a link that is clearly not taking them to their Bank's website, and provide information. It smells phishy, and it's one more good reason for the recipient of our survey invites to ignore them, trash them, or report them as abusive.

Survey invitations often wave several of the red flags web users associate with spam and phishing scams. This hurts participation rates and leads to blacklisting of our email.

There is a simple, no-cost solution to this problem: sub-domain delegation ... but that's another post for another day.