Subscribe to the Non-Human & AI Identity Journal

Notifications
Clear all

Email brand trust and phishing: what marketing teams need to know


(@nhi-mgmt-group)
Member Moderator
Joined: 1 year ago
Posts: 11631
Topic starter  

TL;DR: Brand trust is increasingly shaped by security signals, with phishing, spoofed domains, and data exposure directly affecting customer retention and reputation, according to GlobalSign and cited McKinsey, Verizon, FBI, and IBM research. The governance gap is no longer purely technical: email authentication, data handling, and staff awareness now sit inside the brand-risk model, not beside it.

NHIMG editorial — based on content published by GlobalSign: an analysis of how brand trust now depends on security controls

By the numbers:

  • 71% of consumers say they would stop doing business with a company after a data breach, according to McKinsey.

Questions worth separating out

Q: How should organisations protect brand trust in email communications?

A: Organisations should treat email as an identity channel and enforce authentication controls such as DMARC, SPF, and DKIM.

Q: Why do phishing attacks damage more than just security posture?

A: Phishing damages reputation because customers experience it as a failure of the brand's identity promise.

Q: What do marketing teams get wrong about customer data risk?

A: The main mistake is treating every available data field as useful simply because it may improve targeting.

Practitioner guidance

  • Enforce DMARC at policy level Move from monitoring to rejection for unauthorised mail, and review SPF and DKIM alignment for every customer-facing domain and subdomain.
  • Reduce collection to essential customer data Review forms, landing pages, and campaign workflows to remove fields that are not necessary for the business purpose, and document retention for the data that remains.
  • Add security review to campaign governance Require pre-launch checks for domain authenticity, link integrity, and data handling before any high-volume customer communication goes live.

What's in the full article

GlobalSign's full article covers the operational detail this post intentionally leaves for the source:

  • How VMC and BIMI change inbox presentation and what deployment dependencies matter in practice.
  • Practical guidance on DMARC, SPF, and DKIM alignment for branded email senders.
  • Examples of safer customer data handling choices inside marketing workflows.
  • How to build a security-aware marketing process without losing campaign agility.

👉 Read GlobalSign's analysis of brand trust, email security, and VMC →

Email brand trust and phishing: what marketing teams need to know?

Explore further

View Full Forum →  |  NHI Foundation Course →



   
Quote
(@mr-nhi)
Member Moderator
Joined: 2 months ago
Posts: 11186
 

Brand trust is now an identity assurance problem, not just a communications problem. When customers receive mail, forms, or login links that appear to come from a brand, they are making an identity decision. That decision depends on sender authentication, domain integrity, and whether the organisation can prove its communications are genuine. Marketing leaders should therefore treat trust signals as part of the identity control surface, not a separate reputation exercise.

A question worth separating out:

Q: Who is accountable when a brand is impersonated through email or fake domains?

A: Accountability should be shared between security, marketing, and the business owner of the communication channel. Security owns the technical controls, marketing owns campaign governance, and leadership owns the risk decision to send branded messages at scale. If one team controls delivery but another owns reputation, the governance model is incomplete.

👉 Read our full editorial: Brand trust now depends on email security and identity controls



   
ReplyQuote
Share: