Email Security

Top Four Questions to Ask an Email Signature Provider Before You Commit

January 27, 2020

You are ready to sign a contract for an email signature management service.  This will enforce and strengthen your brand, save your IT team loads of time and effort, and boost your marketing efforts markedly. Your field and event marketing teams are pumped. Your demand gen team is raring to use signature banners to distribute all the juicy nuggets of inbound wisdom they have lovingly constructed. Let’s go!

But let’s take a second to consider the consequences and make sure you asked all the right questions before you finally cross the signature Rubicon.

 

Email signatures are not a simple technology; to the contrary, they require a delicate navigation of SPAM filters, dozens of email software and web clients, and enterprise security systems in order to deliver your beautiful signatures and banners all the way to an inbox.We suggest that before you sign any email signature service contract with a software or SaaS provider, you ask these four simple questions.

Question 1: What is your uptime guarantee?

When you sign up for an email signature service that relies on external servers, you are relying on a third-party to deliver a key part of your brand and marketing playbook. Account-based marketing, event and field marketing, content marketing and other efforts will all rely on your ability to deliver the email signatures and signature banners that you have built.

So why wouldn’t you want to know the reliability record of this service you are putting your trust in? Any email signature service that is confident in in their technology will gladly put their money where their mouth is and provide an uptime guarantee, or Service Level Agreement. And – this is important – that signature company should clearly state the penalties that they will owe you if they fail to match their uptime guarantee. Granted, you do not want an adversarial relationship with a key vendor. But uptime SLAs are a core component of any serious enterprise software deal. If an email signature service provider won’t offer you one, then you know they do not believe in their technology.

Question 2: Where is your support team and how quickly can you respond?

Time zone is the killer here. You want a support team that is in or within shouting distance of your time zone. Otherwise, if you report an outage, then you might have to put with an entire business day of problems. Some email signature service providers claim that their support teams is all in the United States but, in fact, that’s only the front line of support; the top-level support experts 9 hours away.

 

This means not only will your problem potentially not be solved for 24 hours or longer but your team will likely have to stay up late or wake up very early to communicate with the top-level support team and explain what you are seeing, share images and screen shots, and other necessary steps. If you are sprinting to make a quarter and rely on email signature banners to drive leads or make other crucial numbers, losing a day or two can be a killer.

Question 3: Do you control your code base?

This is an absolutely crucial distinction.

Some email signature providers are white-labeling other software products and solutions. This is risky and dangerous in multiple ways. First, if a cyberattacker is able to breach their system, then all of your customers would be vulnerable. In particular, we are seeing a rise in so-called “supply chain” attacks where hackers are looking to compromise third-party services and use those to propagate “phishing” campaigns and other ways to gain unauthorized access to sensitive systems. If your provider does not control their code base, then they are a step removed from any security discussions, warnings, or other signs of attack. Worse still, they are unable to alter the codebase in case of attack and are thus held hostage to whenever the owner of the code gets around to the fix. In addition, the owner of that code may reside in a jurisdiction that is not legally favorable to you, making any legal recovery of your losses impossible or too expensive.  

 

The security issue is bad but just as bad is the issue of improving the product. When your email signature provider does not directly control the development of the product, they will not be able to respond to your requests to improve or customize the product. You will have to work with the owner of the code to do that. This may be expensive or impossible. In that case, as well, you will have to pay for the code improvements yourself rather than file a feature request and have it met (which is the way highly responsive software companies who own their code treat their customers).

Question 4: Has your software code passed a third-party security audit?

Every email signature provider claims to be super secure. But you should ask for more detail on that question and ask that the company certify specific actions and capabilities. In particular, SaaS companies point to SOC2 compliance as a sign that they are secure and accountable. (Opensense has SOC2). But SOC2 is only a first step. SOC2 verifies that a company follows the right procedures and can show evidence of the right processes required to maintain security and compliance.

However, SOC2 is only a snapshot in time and is renewed once per year at most. In addition, SOC2 compliance does not tell you anything about the security of the SaaS company’s software code. The best way to guarantee that the code is secure is through third-party security audits. The auditor should be reputable. (At Opensense we use a team that formerly worked for the National Security Agency, one of the most prestigious computer security organizations in the world). We run an audit annually, because our code develops each year. Any SaaS company you are going to trust your business and reputation to should be able to point to a solid third-party audit performed within the last twelve months. If they are unwilling to make this certification, then take your business elsewhere.

Conclusion: Knowing upfront is always better

These four questions are all essential pillars of any successful and secure relationship you will have with an email signature management and marketing provider. Ask them early in the conversations with any vendor. If they refuse to answer, you have your answer. If they try to explain that you shouldn’t worry about them not having a third-party code audit, back away quickly. Your business will depend on the answers to these three questions in a crisis or when things have gone badly sideways. Make sure you get the answers you deserve and need. Your CEO, CIO, CMO, CTO and BOD will all thank you. And you will sleep well at night.

Was this helpful? Share the love.
Opensense
View all posts
CONNECT WITH US

Keep reading

Email Insights
Email Signature Management
Email Signature

6 Ways Mortgage Companies Can Be More Strategic With Email

Are you a mortgage professional looking for ways to be more strategic with email? Here are a few ideas and examples.
March 21, 2024
Email Insights
Email Signature Management
Email Signature

Email Signature Audit for Mortgage Companies: Do You Pass the Test?

Here's an email signature audit and checklist for mortgage and real estate professionals. Are you (or any of your colleagues) guilty of these mistakes?
March 8, 2024
ABM
Branding
Content Marketing
Event Marketing
Growth Marketing

Top 21 Marketing Tips for Success in 2024

We asked 21 industry leaders what perspective marketers should adopt to sow the seeds of success for 2024. Check out their advice to dominate & crush this year!
February 1, 2024