Identity Resolution: 7 Ways Your Behavior Paints Your Digital Portrait

Identity Resolution, particularly in the context of disparate systems, refers to the process of harmonizing and connecting data points from various sources to create a comprehensive and accurate representation of an individual’s digital identity that we refer to as the Golden Record. In today’s hyper-connected world, our personal information is scattered across multiple platforms, devices, and databases, typically owned by big corporations. Identity Resolution bridges the gaps between these siloed data sources, allowing organizations and marketers to piece together a coherent and detailed profile of each user.

Identity Resolution systems employ advanced algorithms, data matching techniques, and machine learning. These technologies sift through vast amounts of data, recognizing patterns and connections that might be imperceptible to human observers. As a result, the Golden Unified Record offers a level of insight into an individual’s online persona that often surpasses what their closest friends or family members might know. These apps know the naughty websites others might search (not you because you’re a saint lol), they know what you’re searching for in Google, in fact, when you really parse through this – these systems know our greatest desires, material and otherwise. Its scary that we’re simply leaving it to the algorithm to decide when to pitch us tomorrow’s next “need.”

The Golden Record

The Golden Unified Record stands as the pinnacle achievement in Identity Resolution. It represents a single, authoritative, and all-encompassing digital identity for an individual, formed by integrating data from sources such as social media profiles, online transactions, customer interactions, and more. This unified record is like a digital mirror, reflecting a person’s online activities, preferences, and behaviors with remarkable accuracy.

In 2022, a survey by Dashlane discovered that most people have an average of 240 different online accounts with logins. All these different sites, apps, and systems just so happen to share account info, cookies, and other identifiable data with one another in an attempt to individually identify a given consumer. My job across email marketing often if not always entails connecting separate systems’ databases, record fields, and identified activity to figure out who a customer is by considering 7 factors:

  1. Data Points: The Digital You is shaped by a multitude of data points, including personal information, browsing history, social media interactions, purchase history, location data, and more. These data points are collected from various sources and are used to build a comprehensive profile of an individual’s online presence.
  2. Online Activity: It encompasses all activities and behaviors conducted by an individual on the internet. This includes the websites they visit, the content they engage with, the products they buy, the articles they read, the videos they watch, and the interactions they have on social media and other online platforms.
  3. Digital Footprint: The Digital You leaves behind a digital footprint, which is essentially a trail of online actions and interactions. This footprint can be extensive and may persist for a long time, providing valuable insights into an individual’s interests and habits.
  4. Personalization: Businesses and organizations use the Digital You to personalize user experiences. This can include tailored content recommendations, targeted advertising, and customized product offerings. By understanding the Digital You, companies aim to provide more relevant and engaging interactions.
  5. Privacy Concerns: The creation and use of the Digital You raise significant privacy concerns. Many individuals are unaware of the extent to which their online activities are tracked and used to build profiles. Data privacy regulations, such as GDPR and CCPA, seek to address these concerns by giving individuals more control over their digital identities.
  6. Security Implications: Protecting the Digital You is not only a matter of privacy but also a cybersecurity concern. Unauthorized access to this data can lead to identity theft, fraud, and other malicious activities. Therefore, securing the Digital You is crucial.
  7. Dynamic Nature: The Digital You is dynamic and constantly evolving. As individuals engage with new online platforms, their digital personas adapt and expand. This dynamic nature makes it essential for businesses to employ Identity Resolution and other technologies to keep up with changes in the Digital You.

For instance, one might profess to be a huge Chicago Bulls fan, however their data could show that they’ve attended a Miami Heat game, have purchased a San Antonio Spurs jersey online, and consistently choose the Dallas Mavs when they play NBA 2K. Which data point takes priority in determining Golden Record? – that’s a question for the algorithm. I’d think the touch point most closely related to a purchase activity (conversion), with “game attendance” being the top indicator. So, purchasing a ticket, which would be a conversion from prospect to customer, would be the most ideal action that we’d both want each fan to take as well as the action that holds the most weight since basketball’s business model revolved around views and attendance.

Which Representation is the True You?

In essence, the Golden Unified Record encapsulates the Digital You by harmonizing and unifying the various facets of your online identity, from your basic information to your complex digital behaviors. It serves as a single, authoritative source of truth about an individual in the digital realm, enabling organizations to provide personalized services while addressing privacy and security concerns.

Even if we argued that our digital activity doesn’t inform the individuals we are in reality, we’d still have to deal with the facts. Police and investigators these days are investigating crimes starting online with social media cues. These same detectives are parsing victims’ and suspects’ phones for the best knowledge about events leading up to these calamities. This should tell us how crucial the digital footprint is and how accurate it may be to determining who we actually are in comparison to who we each claim to be. Very dystopian, indeed!

CRM Systems and Identity Resolution

There are a ton of CRM systems that handle and manage identity resolution. In my professional experience, I find that Salesforce Marketing Cloud and Pardot do a great job of managing duplicates and finding logic to merge into a unified Lead profile in Salesforce CRM. For example, if you’re using unique keys, or email address as a unique key, the Salesforce integration can resolve that unique key to an email address, phone number, or lead. On the other hand, there’s the Adobe framework within Adobe Experience Platform and Adobe Experience Manager which handles it a lot more seamless. On the Adobe side, there’s a native relationship within the Adobe Experience Data Model (XDM) that manages a wide array of customer attributes into an individualized Person profile. This only speaks to Adobe’s out of the box features and doesn’t even scratch the surface of also integrating other upstream enterprise identity resolution processes like Epsilon’s COREID cloud-ware. AEM might be a bit clunky, it lacks a database, is built on Java, but you’d be crazy not to acknowledge

Security and Privacy Concerns

However, with great power comes great responsibility. While Identity Resolution, artificial intelligence, and the Golden Record enable personalized marketing, enhanced user experiences, and improved customer service, they also raise significant concerns about privacy and data security. In 2023, a Forbes Advisor Survey found that 76% of consumers were concerned with misinformation among AI tools like identity resolution. Striking a balance between harnessing the potential of data unification and safeguarding individuals’ data rights is an ongoing challenge for businesses and policymakers alike. I myself spend my life creating lead captures, lead magnets, forms and other data events for collecting customer information while also being a proponent for data privacy.

In Conclusion

In summary, Identity Resolution in the realm of disparate, unconnected, systems is the key to understanding and engaging with individuals on a profoundly personal level in the digital landscape. As long as we understand how and where our data is being harnessed, we have a much more leverage at being able to curate our forever-persistent, digital selves. All these processes culminate in the creation of the Golden Unified Record, an invaluable asset for organizations seeking to tailor their services to the unique needs and preferences of their customers while simultaneously fighting the good fight at respecting their privacy and data protection concerns.

This is a super high level explanation and I’d love to break this down based on your specific use case. I’d also be very curious as to see how others feel about lead magnets and captures popping up more and more in real life. When you shop and checkout, how do you feel about inputting your email address for merchants? Do you feel a way about giving corporations your personal information or are you cool with the trade-off for more streamlined experiences (marketing)?

Lawrence LaBee IV

Lawrence LaBee IV

Lawrence is an email marketer, brand consultant, online entrepreneur, and all-around pet lover. He's helped optimize global and international omnichannel marketing campaigns for companies like Audible, SiriusXM, and the National Football League (NFL), just to name a few. Lawrence, his wife DeiAnne, and their twins, Lawrence V and Lindsey, currently reside in Dallas, Texas. You can learn more at LawrenceRLaBee.com or LinkedIn.

Clean Those Lists: 9 Best Practices for Better Data Hygiene

Do you ever get that dentist-office feeling when someone mentions email list cleaning? It’s like when the hygienist asks about your flossing habits – you know it’s important, but it’s not exactly a thrilling topic. However, just like flossing, good list hygiene is crucial for maintaining email health.

Think of invalid email addresses and unengaged contacts as the plaque and tartar of your email list. If left unchecked, they can wreak havoc on your inbox placement and email performance metrics. But fear not! In this article, we’ll dive into why email list cleaning matters, how to do it effectively, and a few steps you can take to enhance your deliverability.

Why Clean Email Lists Regularly?

Email list cleaning isn’t just a chore – it’s a necessity for maintaining a healthy email ecosystem. By regularly purging invalid email addresses and unengaged contacts, you’ll not only improve your deliverability but also ensure that your engagement rates are more accurate.

“Duis vestibulum quis quam vel accumsan. Nunc a vulputate lectus. Vestibulum eleifend nisl sed massa sagittis vestibulum. Vestibulum pretium blandit tellus, sodales volutpat sapien varius vel. Phasellus tristique cursus erat, a placerat tellus laoreet eget.

Best Practices for Email List Cleaning

1. Regular Scrubbing:

Set aside time on a regular basis to clean your email lists monthly, quarterly, or annually- consistency is key. In most organizations, emails will constantly be coming in as new users, updates, overwrites, etc. The only way to stay on top of the data is to set up focused time to run any cleaning formulas, dynamic rules, or other automation tools for list hygiene based on your specific CRM. In a platform like HubSpot, I find it easier to clean lists using Automation Rules, Dynamic Lists, and Salesforce tasks within Engagement series. 

2. Verify Email Addresses:

Use email verification tools to identify and remove invalid email addresses from your list. This will prevent bouncebacks and improve your sender reputation. You’d think we would put more emphasis on verification of email addresses with them being the lifeblood of society these days. In my experience, most marketers and tech stack implementers don’t put enough checks in place for email verification and validation.

3. Segmentation:

Segment your email list based on engagement levels. Identify subscribers who haven’t interacted with your emails in a while and consider re-engagement campaigns or removal from your list. This sounds straightforward, but can get tricky. In my experience, teams I’ve worked with have always set a date that we’d use for Unengaged – so, for instance 180 days of no activity. Likewise, I’ve worked with teams who have a more detailed approach like “subscribers who have been emailed 5 times, but have 0 opens” in the past 180 days. Proper segmentation can really help bucket subscribers into more manageable AB Tests, reengagement campaigns, or outright unsubscribes. 

4. Update Preferences:

Give subscribers the option to update their email preferences. This allows them to control the frequency and type of emails they receive, reducing the likelihood of unsubscribes or spam complaints. On that same note, there’s a layer of email design for finding the sweet spot for where to include your Unsubscribe link. I’ve seen cases where the Unsubscribe link was always in a static, consistent location at the email footer, but I’ve also seen clients who change the Unsubscribe location along the footer elements based on the particular email segment. For instance, we would hide the Unsubscribe within the Disclaimer text for specific audiences. 

5. Monitor Metrics:

Keep a close eye on your email performance metrics, such as open rates, click-through rates, and bounce rates. This will help you identify areas for improvement and gauge the effectiveness of your list cleaning efforts. In a perfect world, we’d have time to create after action bounce reports to send back to business intelligence teams, but oftentimes marketers don’t have that flexibility. We have to keep a keen eye on email metrics between sends just to make sure that all is well in email land. There’s a wide array of processes, verifications, and validations that take place between email design and the recipient actually receiving the communications in their inbox. It only makes sense to keep an eye on all the moving parts. 

Steps to Improve Deliverability

1. Authenticate Your Domain:

Implement SPF, DKIM, and DMARC authentication to verify your domain and improve deliverability. Email marketing is all fun when it comes to email design and personalization, but I think the rubber hits the road in domain authentication. It takes a level of technical thinking and collaboration to get SPF, DKIM, and DMARC aligned with IT gatekeepers. I’ve worked in more advance arenas of verification where we’d implement third party solutions like Return Path (now, its a tool called Everest). 

2. Monitor Complaints:

Keep track of spam complaints and unsubscribe rates. Address any issues promptly to maintain a positive sender reputation. Complaint monitoring can really help flesh out the holes in the technical side of your platform implementation. In many cases, ESPs flag organizations who don’t have validated sender credentials. We can utilize tools like Everest to monitor any IP level complaints, spam traps, or otherwise pesky details hindering our email performance. 

3. Stay Compliant:

Ensure that your email practices comply with relevant regulations, such as GDPR or CAN-SPAM, to avoid legal troubles and maintain trust with your subscribers. In addition to email compliance, be especially conscientious about HIPAA, PHI, and PII within emails and as we share customer email databases across the organization. Proper data handling dictates how we maintain databases of customer and it varies by industry regulation level. I’ve seen situations where we could only share spreadsheets of customer data across Microsoft Sharepoint, OneDrive, and Outlook. This didn’t include Teams, Workfront, or any un-encrypted platforms. Be sure you know what you can and can’t do with data as well as with any PHI data within your email content. 

4 Test, Test, Test:

Regularly test your emails across different devices and email clients to ensure they render correctly and are optimized for deliverability. As much as we hate it, we need to be testing in desktop Outlook on PC, especially if we’re a B2B servicer. In addition to that pesky Microsoft rendering, be sure to design mobile first in the majority of cases unless your audience/industry has a contextual reason for designing desktop first. 

Conclusion

Just like a thorough dental cleaning, email list cleaning may not be the most exciting task, but it’s essential for maintaining a healthy email strategy. By following best practices and staying proactive, you can improve your deliverability, enhance engagement rates, and keep your email campaigns shining bright. So, roll up your sleeves and get ready to sparkle up your email strategy with some top-notch list cleaning techniques!

2024 Guide to Email Authentication: SPF, DKIM, DMARC, and BIMI Explained – Part 2

While email authentication protocols may appear complex and technical, they provide a crucial standardization framework. Email marketers can appreciate the convenience of adhering to a unified set of protocols across various mailbox providers, sparing them from the burden of navigating diverse authentication requirements.

Now, let’s delve deeper into the four pillars of email authentication: SPF, DKIM, DMARC, and BIMI.

SPF

The Sender Policy Framework, commonly known as SPF, stands as an email authentication protocol designed to specify which IP addresses or hostnames are authorized to send emails on behalf of a particular domain.

Implemented as a DNS TXT entry, SPF allows the receiving mail server to verify the legitimacy of an email purporting to originate from a specific domain by cross-referencing the sending IP address with the authorized entries in the SPF record. This verification process involves the receiving server querying the DNS records to retrieve rules associated with the bounce or return-path domain, subsequently comparing them with the entries in the SPF record to validate the correspondence.

Failure to implement SPF significantly heightens the risk of messages being flagged as spam by mailbox providers.
In some instances, Email Service Providers (ESPs) handle SPF implementation automatically by furnishing both the IP address and the return path. However, for senders dispatching a high volume of emails, opting for a dedicated IP address is preferable to maintain control over sender reputation. It’s important to note that in the case of shared IP addresses, updating the SPF record may become necessary when transitioning between ESPs.

One drawback of SPF is its ineffectiveness in scenarios involving email forwarding. Instances where emails are forwarded pose a challenge as SPF validation may fail, potentially preventing messages from reaching recipients beyond the sender’s immediate list. This limitation is particularly pertinent for brands relying heavily on email word-of-mouth strategies, where forwarding plays a significant role in message dissemination.

DKIM

DomainKeys Identified Mail, abbreviated as DKIM, marks the culmination of efforts to combat email forgery by merging two pioneering methods developed in 2004: Yahoo’s “DomainKeys” and Cisco’s “Identified Internet Mail.”

DKIM operates by incorporating an encrypted key, termed a digital signature, into email headers to facilitate sender verification and establish a link between a message and its originating domain. This digital signature must be configured within the sender’s DNS record.

Conceptually, DKIM functions as a unique watermark or fingerprint specific to each email sender. Unlike SPF, DKIM signatures remain effective even when emails are forwarded.

At the core of DKIM lies a pair of keys essential for its operation. Administrators generate both a public key, which resides within the DNS record, and a private key utilized by mail servers during the transmission process to authenticate the email’s origin. The private key functions as the DKIM signature embedded within the email header.

Upon receipt, the receiving mail server employs the digital signature to ascertain the location of the public key for authentication purposes. Subsequently, the public key is utilized to validate the encrypted key within the DKIM signature, establishing a definitive connection between the email and the sending domain where the public key is housed.

Despite the robust security measures implemented by DKIM, there remains a possibility for hackers to compromise DKIM keys and exploit them for sender impersonation. To mitigate this risk, it is advisable to periodically change DKIM keys, typically several times per year.

An article published on CircleID.com in 2015 highlighted concerns about certain Email Service Providers (ESPs) sharing DKIM signatures among multiple customers. This practice poses significant risks, as a compromised digital signature could potentially affect numerous companies simultaneously. While it’s hoped that such issues have since been addressed and rectified, it’s prudent for senders to inquire with their ESPs regarding their DKIM practices.

If you’re tasked with generating your own digital signature, DKIM generators are available to streamline the process of creating email authentication records. Additionally, our blog offers valuable insights into DKIM signatures, along with an example record, to aid in your understanding and implementation of this essential email authentication protocol.

DMARC (Domain-based Message Authentication, Reporting, and Conformance)

DMARC, short for Domain-based Message Authentication, Reporting, and Conformance, owes its inception to PayPal, which spearheaded the development of this technology to enhance existing email authentication methods. PayPal, a frequent target of cybercriminals employing fake emails for impersonation, collaborated with other prominent brands and major mailbox providers to introduce DMARC.

Unlike traditional email authentication protocols, DMARC functions not as a standalone protocol but rather as a policy that receiving mail servers consult before delivering an email. Serving as a pivotal determinant of message handling in the event of authentication failures, DMARC policies are published as DNS records.

This policy, also referred to as Domain-based Message Authentication, Reporting, and Conformance, serves as a framework specifying whether a sending domain utilizes SPF, DKIM, or both authentication protocols. DMARC is often lauded for harmonizing SPF and DKIM, leveraging both protocols within a common framework to maximize efficacy.

Given the potential repercussions of erroneously blocking legitimate emails, DMARC offers a nuanced approach to handling authentication failures. Recognizing that genuine emails may occasionally fail DKIM and SPF authentication for various reasons, mailbox providers may opt to deliver such messages if they appear to originate from a legitimate sending domain. DMARC provides clarity in such scenarios by delineating specific actions to take.

DMARC policies afford senders the flexibility to establish a framework outlining their email authentication methods and dictating the treatment of messages that run afoul of the policy. Domain owners can choose from three options to specify the handling of emails failing DMARC validation:

[1] None: No specific action is taken.
[2] Quarantine: Suspicious emails are routed to the recipient’s spam or junk folder.
[3] Reject: Emails failing DMARC validation are outright rejected, preventing delivery to the recipient’s inbox.

Indeed, while a DMARC policy that outright rejects unvalidated emails represents the strongest stance against unauthorized senders, it also comes with potential risks. In scenarios where SPF and DKIM authentication failures occur, implementing a DMARC policy that rejects such emails could result in legitimate emails from the domain being halted as well.

This situation arises because DMARC policies mandate strict adherence to authentication protocols. If SPF and DKIM authentication processes fail for any reason, even legitimate emails may be subject to rejection under a DMARC policy set to “reject.” Consequently, email flow from the affected domain may be disrupted, impacting communication with recipients.

Given this potential drawback, domain owners must exercise caution and consider the implications before implementing a DMARC policy with a “reject” action. It’s essential to balance the need for stringent security measures with the risk of inadvertently blocking legitimate emails. Depending on the organization’s risk tolerance and operational requirements, alternative DMARC policy actions such as “quarantine” or “none” may offer more flexibility while still providing a degree of protection against unauthorized senders.

Implementing a DMARC policy offers several benefits, including the receipt of regular DMARC reports. These reports provide valuable insights such as:

* Identification of servers and third parties sending emails on behalf of the specified domain.
* Percentage of emails successfully passing DMARC authentication.
* Details on servers or third parties sending emails that fail DMARC validation.
* Actions taken by receiving mail servers on unauthenticated emails.

Despite its advantages, DMARC is not without its limitations. Similar to SPF, DMARC can encounter issues with email forwarding, and its setup may pose challenges for senders. Moreover, concerns regarding the potential disruption of legitimate email flow often discourage the adoption of stringent DMARC policies.

However, successfully implementing a DMARC policy can serve as an effective deterrent against phishing attempts that seek to impersonate the sending domain.

As of 2024, Gmail and Yahoo have introduced new requirements mandating the use of DMARC alongside SPF and DKIM for bulk senders. While a DMARC policy of “p=none” is currently acceptable, this is considered the minimum standard. The ultimate goal for mailbox providers is to encourage broader adoption of DMARC. Eventually, an enforced DMARC policy of either “p=reject” or “p=quarantine” will be required.

It’s important to note that while a DMARC policy of “p=none” is permitted at present, it may not suffice in the future. However, according to Marcel Becker of Yahoo, enforcing DMARC is advantageous for all stakeholders involved—mailbox providers, senders, and email recipients alike—making it a win-win-win situation.

BIMI

BIMI, the newest addition to the email authentication suite, operates differently from its counterparts SPF, DKIM, and DMARC. Unlike Gmail and Yahoo’s requirements for the implementation of SPF, DKIM, and DMARC, there’s no mandate for senders to adopt BIMI. Rather, BIMI serves as an incentive for organizations to embrace robust email authentication protocols.

BIMI stands for Brand Indicators for Message Identification. Its unique feature is its visual impact on subscribers’ inboxes. When correctly implemented, BIMI displays a branded logo designated by the organization next to its messages in the inbox.

This logo serves as a tangible indicator of trustworthiness. Its presence signifies that the email has passed through stringent authentication checks, including other email authentication protocols. Consequently, subscribers can rely on the displayed logo as an assurance of authenticity.

The significance of the BIMI logo lies in its ability to instill trust. Even if malicious actors succeed in delivering phishing emails, the absence of the verified logo signals to recipients that the email may not be legitimate. Thus, BIMI adds an extra layer of confidence for subscribers, bolstering trust in the authenticity of emails they receive.

To qualify for mailbox providers to display a BIMI logo, it’s imperative to have a fully operational DMARC policy along with SPF and DKIM records set up. BIMI serves as a culmination of sorts, rewarding organizations for their commitment to other email authentication methods.

Similar to other authentication protocols, BIMI is managed through a TXT record linked to a domain’s DNS. However, before incorporating a BIMI record, it’s essential to ensure the existence of a properly formatted logo.

BIMI logos must adhere to specific criteria to be compatible. They should be SVG files in the shape of a perfect square, capable of being cropped into a circle. Additionally, they require a solid background and must be published via HTTPS. Moreover, BIMI logo files should be compact, not exceeding 32kb in size. Lastly, to meet standards, the logo must be a registered trademark.

The journey towards BIMI adoption gained momentum when Google initiated a Gmail pilot program for BIMI in 2020. Subsequently, in July 2021, Gmail officially rolled out full support for BIMI. Additionally, in 2023, Apple announced its support for BIMI logos within its Apple Mail client, starting with iOS 16. This development holds significant implications, considering the substantial user base of Gmail and Apple Mail. It underscores the value of investing time and effort into setting up email authentication protocols.

By implementing BIMI, organizations can enhance subscriber confidence in the authenticity of their emails. For further guidance, resources, and tools related to BIMI, visit BIMIGroup.org. Additionally, gain insights from experts in the field by participating in our Ask Me Anything (AMA) session on Brand Indicators for Message Identification.

Conclusion

Should you use all 4 authentication protocols?

Absolutely, using all email authentication protocols is highly recommended.

In the realm of email authentication, the adage “two heads are better than one” perfectly encapsulates the synergy between SPF and DKIM. Likewise, adding DMARC to the mix amplifies the effectiveness of these protocols, akin to the notion that “three is the magic number.”

As previously mentioned, DMARC serves as a crucial component for maximizing the benefits of SPF and DKIM, as well as enabling the display of a BIMI logo. Thus, a comprehensive approach that incorporates all authentication protocols ensures optimal email security and integrity.

While the setup process may require time and effort, the investment is undeniably worthwhile, particularly for organizations with the necessary resources. However, it’s important to note that email marketers need not navigate the intricacies of authentication protocols alone. Collaboration with IT teams or individuals possessing technical expertise is often essential for configuring DNS records effectively. Additionally, involvement from Email Service Providers (ESPs) may be necessary, while support from colleagues, vendors, or security consultants can aid in troubleshooting any issues that arise during the setup process.

In summary, leveraging all email authentication protocols is vital for bolstering email security and ensuring deliverability. With the right support and resources, email marketers can successfully implement robust authentication methods to safeguard their email communications.