In order to do our part to stop the spread of COVID-19, our team will be working from home. Please  via email.

Skip to main content
Grow. Retain. Engage.

Grow. Retain. Engage.

The Perils of Bulk Email - being CASL Compliant is not enough

posted on Jun 10, 2019
click to zoom

Anyone sending bulk email can be flagged as a spammer. Bulk email is sending an email to a group of recipients. The more emails you send and the larger your recipient lists, the greater the risk of being flagged, but there is no such thing as a safe limit that you can stay under. Any bulk emails you send could potentially land you in trouble.

Everyone is coming down hard on email spam, from governments with anti-spam legislation like CASL, to Internet Service Providers (ISPs), who are doing more and more to detect and block bulk email.

ISPs, as well as companies that provide spam-filtering services, process a lot of email. This gives them the ability to collect large amounts of aggregate data with which to identify spam, and potentially blacklist the sender. Once you are blacklisted, it takes time and money to fix.

Services such as MailChimp, Constant Contact, and Campaign Monitor protect you from getting blacklisted. However, even when using these services, you must follow good email practices, because the industry looks at your "email reputation".

What is Email Reputation?

Your email reputation is how ISPs and anti-spam systems track and score the desirability of the bulk email your organization sends. If you have a good reputation, then there's a good chance your emails will end up in recipient inboxes. But if your reputation is low, then your emails are more likely to end up in spam folders or be blocked entirely.

Many factors can go into determining your email reputation, and every ISP does it differently. Common things they look at include:

  • how many different people you send to.
  • the total volume of email you send.
  • whether you send to "spam trap" addresses - these are made-up addresses to which no emails should ever go.
  • what percentage of emails you send, end up bouncing.
  • how much user engagement your emails generate. If people delete your emails unopened, that's bad.
  • how many recipients mark your emails as spam.
  • how many recipients click "unsubscribe".

How can I protect my Email Reputation?

  1. You want to keep your email lists clean. This means removing bounce back addresses from your email lists, and correcting typos. Repeatedly sending emails to addresses that bounce can really hurt your email reputation, as it's the mark of an indiscriminate spammer.
  2. Follow CASL rules.
  3. Be mindful of what you send and how often, people don't want to be bombarded. Even if they consent to email, they may still indicate to their ISP that your emails are "spam".

If you have a bad email reputation, third party email services may drop you as well.

How does the Exware AMS help?

  • The Exware AMS has built-in CASL rules.
  • The Exware AMS filters out repeated bounce backs until fixed by admin
  • The Exware AMS integrates with third party email services so your domain/IP doesn't get blacklisted

In summary, organizations used to get away with anything when sending out email blasts. However, the industry and government legislation has changed that, and it's probably only going to get tougher.

Is your website content scannable?

posted on Dec 17, 2018
click to zoom

I read a great article on web content writing tips

The key tip was write for "scanners". The article points out that only 16% of people read web pages word-for-word. Most people just scan.

When people scan a page, the four things they notice most are:

  • Headings / headlines
  • Sub-headings
  • Image captions
  • Lists of bullet points

These are things you should pay special attention to. In particular:

  • Headings and sub-headings should focus on your key points.
  • Captions on images should connect back to your main talking points.
  • Bullet points are a good replacement for lengthy sentences and paragraphs. They should be short and concise.

These methods can help get your ideas across quickly, and perhaps entice people to read a little more.

A writer's most important tool is the delete key, so shorten your text and make your copy easy to read:

  • Use short sentences and paragraphs
  • Skip unnecessary words
  • Avoid repetition
  • Avoid jargon
  • Avoid the passive tense
  • Address your readers directly, using the word you

In a nutshell, write in plain English and keep it simple – visitors don't want to have to work to understand what you're trying to say.

The Pros and Cons of Different SSL Options

posted on Jul 18, 2018
HTTPS Web Page

SSL - What it Does

Website SSL provides a more secure way to interact with a website. With an SSL site, the URL starts with https instead of http - the "s" stands for "secure". SSL improves security in two ways: authentication and encryption.

  • Authentication ensures that the domain being displayed in your browser's address bar is indeed the website you are seeing. This prevents users being victimized by a variety of hacking techniques designed to trick them into entering private information to a website that is not what it appears to be. SSL is not a cure-all, as there are many ways hackers and con-artists can trick people, but it does prevent some of the more insidious methods, such as DNS highjacking and man-in-the-middle attacks.
  • Encryption prevents potential eavesdropping, which is especially important if you are accessing the internet over WIFI. Without encryption, your logins, passwords, and other sensitive information could be obtained by anyone able to intercept or listen in on your network traffic.

SSL - Why It's Become So Important

It's the need for encryption that has driven the adoption of SSL in recent years. Increasingly, browsers warn users whenever information is about to be entered on a website that is not using SSL. If you want users to trust your website and feel at ease, SSL has become a must-have.

Another huge motivator for encryption is the increased use of mobile computing. The ease and convenience of WIFI means it is also much easier for somebody nearby to listen in on your network traffic. The need for website SSL was made all the greater in October 2017 when it was discovered that WIFI's built-in security standard, WPA2, is highly vulnerable to attack, affording little protection against eavesdropping.

SSL - What are the Options?

SSL certificates are traditionally issued by a commercial certificate issuer, with prices ranging from tens to hundreds of dollars per year. In 2016, a new system for issuing free automated certs was created by Let's Encrypt, using a protocol called ACME. Commercial SSL certs are typically good for one or two years. Free ACME certs are good for at most 90 days but are renewed automatically.

So if there are expensive SSL certs, and cheaper certs, and very cheap certs, and even free certs, what's the difference?

The good news is that when it comes to encryption, there is no difference. All SSL certificates regardless of cost., support the same enterprise-level 2048-bit data encryption. And as we've seen, encryption is the main issue.

One way SSL certificates can differ is the level of website authentication they provide. The most basic level is domain validation (DV). This means that the domain on the cert matches the domain of the website, so if the browser address bar says https://www.somesite.com then you really are at www.somesite.com. All SSL certs provide this. For the vast majority of websites, this is all you really need.

Commercial SSL certificates can, at additional cost, provide organization validation (OV), and there's an even fancier version of this called extended validation (EV). While DV authenticates the domain, OV and EV also authenticates the legal business name of the organization, providing assurance that the people running the website really are who they claim to be.

With an OV cert, users can inspect the certificate in their browser and see the name of the organization, although most people won't know how to do that. With the even more expensive EV cert, the organization name appears in the browser's address bar in green, making it completely obvious. EV certs are what you normally see with banks and other financial institutions where trust is most important. Twitter currently uses an EV cert, but Facebook and Google don't bother, and just have OV certs. If your domain is widely recognized, then an EV cert doesn't add much.

There are a several other distinguishing features of SSL certificates:

Commercial SSL certificates provide liability protection, covering losses due to a flaw in the certificate. It's like insurance for the cert. For a basic GoDaddy cert, losses up to $100,000 are covered. Free certs do not have this at all, while more expensive certs typically cover higher amounts. It's debatable how useful this is.

Another consideration is reliability. SSL works because each browser - Chrome, Firefox, IE/Edge, Safari, etc - is programmed to trust the various certificate issuers. However if an issuer fails to exercise acceptable levels of security and diligence, they can have this trust revoked at the discretion of the browser makers. This could render invalid some or all of the SSL certificates that they've issued. While such occurences are rare, major websites typically use the more established and reputable issuers, which also tend to be more expensive.

Prestige and reputation can be a factor. Users who are very discriminating and technical may look at the issuer and level of a certificate, and use that to judge the trustworthiness and credibility of a website. A free or bargain-basement cert might be looked down upon.

For organizations wanting SSL on more than one domain, then a multi-domain SAN cert is an option. These support up to five different domains. Prices fluctuate, but if you have three or more domains, then a SAN cert is usually cheaper than three individual basic certs from a commercial issuer.

Do you have EU Citizens or Contacts in your database?

posted on Apr 20, 2018
The GDPR affects EU citizens and organizations who collect data on EU citizens

On May 25, 2018, the EU General Data Protection Regulation (GDPR) will come into effect.

The GDPR (General Data Protection Regulation) pertains to EU citizens and any organizations that collect or process data on EU citizens. If your membership database includes EU citizens, you will want to understand the GDPR, how it affects you, and what your obligations as a data controller are.

    1. You must obtain consent to track personal information about individuals. Normally this is not a big deal, because people who actively fill out forms to apply for membership or other website services are generally well aware of what they are signing up for. But if you intend to use that data for other purposes, or if you have old historical data in your database that was not collected in such circumstances, or you are creating records yourself to track information about people without their knowledge, then the situation is not so clear.
    2. If you have a privacy policy or terms of usage, they should state what information you collect and what you are using it for in simple, unambiguous language. If you find that you have old data in your records for which you do not have consent to use for your current purposes, that data should be removed.
    3. Even in cases where you have collected personal data with proper consent, the GDPR makes it clear that people can withdraw their consent, and you have to respect their wishes in that regard. The GDPR even allows them to request that you delete their personal data – this is called their right to be forgotten. If you receive such a request, you should know how to find their data records and either:
      • delete the records entirely
      • if you cannot delete the records, blank the personal data fields
      • if you cannot blank the fields (for example, if it is a required field), then anonymize the data (change it to something that is no longer personally identifying)
    4. When removing data, it is important to distinguish between their personal data, and your organization's business records. You do not need to eliminate all traces of their existence, only the personal data that you do not require to do your own work. For example, if the individual made a purchase from you, the records of that purchase are your business records, and it is reasonable to keep them on file for your own accounting. But if you are tracking personal information like photographs, birthdates, or education history, and those data are not pertinent to your organization's ongoing work, then that data should be removed on request.
    5. Individuals have a right to know what information you collect about them. If the person is a current member or guest on your system, they may already be able to access their profile, which shows most of the data that is collected. If they have been archived or do not otherwise have a login, and they request a copy of the data you have on file about them, you should:
      • verify that you are releasing the data to the person in question (sending it to an address that you already have on file for them is a reasonable approach)
      • use your Report Builder to build a custom report for just that member. Select as many fields to display as are likely to be relevant, and add a single condition to select information only where member_id = that member's ID.
      • export the results of that report, and send it to the person
      • you can also go to the Payments module, pull up their account history, and email their account statement, so they can see their purchase history with the organization.

As noted above, they can request that you delete personal profile data, but their purchase history is part of your accounting records, and you can retain that information if you wish.

Read more about the GDPR here.

Are you on top of your Member Demographics?

posted on Mar 23, 2018

Understanding the make-up of your membership can be an important tool to help with your planning and program development.

Research shows that while most associations are still dominated by members from Generation X or older (born before 1980), the next wave of members, consisting of Millennials and the even younger Generation Z, are coming up fast. Those born from 1980 onward represent over a fifth of a typical association's membership, and studies have show that associations demonstrating membership growth and high renewal rates are usually those that have a higher percentage of Millennials.

Is your membership mostly in the early stages of their careers, middle, or nearing retirement? Knowing this allows you to see what types of programs may be of most interest -- should you be focused on career building and networking events aimed at your younger members or leadership/management oriented programs?

Understanding your member age brackets also allows you to assess if you're attracting and keeping younger members that will continue with your association as older members retire. If you find that you need to attract and retain younger members, consider programs that will attract them -- mentorship programs, networking events, career building courses/events, member-only job boards, etc.

The best way to plan for the future is to know where you stand now.

What's this mean for Exware clients?

Exware now offers a Member Demographics module that shows membership stats by age. Associations can also set-up stats on three additional membership demographic fields. Ask us about it today.

Member Demographics

Tagged as: Exware News