Tech Compliance Standards for Businesses

If you’re sending emails in bulk (>5000 emails/day), you need to know this. In a recent update, Google laid down a threshold of spam rate for bulk senders, which is less than 0.3%. This means two things: [1] You need to monitor the no. of spam complaints regularly - Spam complaints are NOT emails landing in your spam folder [2] You need to keep your spam complaints below 0.3% - Many of the companies I know have higher spam complaints First, start monitoring spam complaints by setting up Gmail Postmaster Tools for your domain. It’s a free tool by Google to check delivery errors, spam reports, domain reputation, and IP reputation. The more important question though is how to maintain spam complaint rates below 0.3%. The answer is simple - Be more relevant and valuable to users. For that, make sure to: [a] Segment your users (Use their activity, intent, and need to segment) [b] Understand what each of these segments want (Ask them questions) Send emails that are relevant to their needs. Don’t just sell but educate, entertain, and engage them [c] Bring novelty in each email. Don’t just keep sending the same sales-oriented email every day. If you don’t have any value to add, don’t send the email. There are other requirements for senders, too, like: [1] Authenticate outgoing emails by setting up SPF, DKIM, and DMARC. DMARC may be set to p=none. [2] Enable one-click unsubscribe. And process unsubscription requests within two days. The deadline to set these up is February 1, 2024 - but they’re nudging senders to set them up already. In fact, setting these up earlier “may improve your email delivery”, the update said. For more details - read their email sender guidelines [link in comments]

It’s official: email best practices are no longer best — they’re required. Here’s why... Microsoft recently announced new bulk sender requirements that mirror the ones Google and Yahoo rolled out last year. And they aren’t just doing this for fun, promise. They’re doing it because too many senders ignored best practices when they were optional. So, now they’re mandatory. ¯\_(ツ)_/¯ Starting May 5th, if you’re sending more than 5,000 emails a day and not following the rules, Microsoft’s going to start rejecting your mail. Not junking it. Rejecting it. And I wanna be clear here: this isn’t coming out of nowhere. The writing’s been on the wall for a while... and mail has been silently filtered away from the inbox all this time. Now it's just that the rules aren't written in invisible ink! So, what are these rules I speak of? 💌 Authentication (SPF, DKIM, DMARC) Yes, we’re still talkin’ about this… get used to it. Microsoft wants the same setup Google and Yahoo asked for. If your domains aren’t properly authenticated and aligned, your deliverability will suffer. 💌 Valid “From” and “Reply-To” Addresses Microsoft wants to make sure that when someone replies to your message, there’s someone on the other end. No more sending from a “noreply@brand.com” black hole. 💌 One-Click Unsubscribe (RFC 8058) They’re cracking down on bad unsubscribe flows. Make it easy. No weird hoops or loops or “oops, we need 10 days to process your request.” Just a simple unsubscribe option that actually works. If you’re already sending it right (ahem, compliant with Google and Yahoo’s requirements), this is mostly a “cool, cool, carry on” moment. But you’ll need a whole lotta margaritas and tacos to overcome your sorrow if you’ve been dragging your feet. May 5th (ahem, cinco de mayo!) is not the day to find out Microsoft doesn’t play. What happens if you’re not ready? If you need help figuring out where you stand, here are a few fast checks: ✅ SPF, DKIM, and DMARC passing in headers? ✅ “Reply-To” address monitored and functioning? ✅ One-click unsubscribe live and working? ✅ Lists clean and bounce/spam complaint rates under control? If not, now’s the time to fix it. Not next week. Not next quarter. Now. TLDR: if you’re not sending responsibly, you’re not sending at all. Because come Monday — yes, THIS Monday — non-compliant mail will be rejected at the door. No inbox. No spam folder. Just blocked. So, get it together, you (not so) filthy animals! LinkedIn says I’m outta characters, but if you need tool recommendations or a second set of eyes on your setup, I'm happy to help. Reach out, email scout. 💌

Leveraging GHG data and analytics to accelerate business transformation 🌎 As regulations tighten and the demand for transparency grows, businesses face increasing pressure to adopt robust greenhouse gas (GHG) data and analytics systems. Establishing a structured framework for emissions measurement and analysis is critical for compliance, but its benefits extend far beyond regulatory requirements. A comprehensive GHG data architecture enables businesses to measure, manage, and act on emissions across the full value chain, paving the way for meaningful transformation. To meet both current and future expectations, organizations must focus on measuring emissions across Scopes 1, 2, and 3. Addressing direct emissions (Scope 1), energy-related emissions (Scope 2), and value chain emissions (Scope 3) ensures a complete understanding of an organization’s carbon footprint. Scope 3, in particular, represents the largest and most complex challenge, but it also holds the greatest opportunity for reducing environmental impact and driving systemic change across supply chains. With precise data on emissions across all scopes, businesses can move beyond compliance to actionable insights. By identifying carbon hotspots and setting reduction targets, organizations can optimize processes such as energy efficiency, supply chain sourcing, and logistics management. These actions help integrate sustainability into business operations while delivering cost efficiencies and improving resilience. A robust GHG data and analytics system also facilitates full-value chain transformation. Leveraging technologies like machine learning, scenario modeling, and ecosystem data exchanges enables businesses to plan for long-term carbon reduction strategies and innovate low-carbon products. Addressing emissions holistically across Scopes 1, 2, and 3 ensures alignment with global climate goals while creating competitive advantages in sustainable markets. Measuring and acting on emissions across the entire value chain is no longer optional. Businesses equipped with accurate data and advanced analytics capabilities can meet regulatory demands, reduce emissions at scale, and drive meaningful progress toward a low-carbon economy. Source: Gartner #sustainability #sustainable #business #esg #climatechange #GHG

Are you sending more than 5k emails to Gmail accounts and is your spam rate <0.3%? 🤔 It's not a question you would have asked yourself a week ago. Google's latest announcement around new Gmail requirements as of Feb'24 will mean a good amount of companies will need to review their email-sending practices very soon if A) they're sending over 5k emails per day to Gmail users B) have a >0.3% spam rate A couple of things to note on the spam rate 1. Spam rate applies to all email traffic of the domain, not just sales/marketing 👀 0.3% is 3 emails marked as spam for every 1,000 emails sent This means you'll need to drive down spam rate for your email domain across every email motion whether you're sending newsletters, cold emails etc. 2. 0.3% spam rate requirement is for all the senders, not just those sending over 5K emails to Gmail users. What you should consider doing? 1. Monitor Postmaster Tools 2. Increase quality and reduce quantity (Easier said than done). 3. Warm-up EVERY mailbox you use to send emails to people you don't know 4. Introduce dedicated domains for email motions and do domain rotation 5. Reduce # of emails you have in a sequence. More emails sent to a recipient within a short timeframe = higher likelihood of spam report There's more, but ultimately think from a user's standpoint and reduce the likelihood of them reporting your email as spam. There are things that aren't in your control due to email fatigue. Some users # Don't open emails from unknown senders. They can't/won't manage it. # Automatically filter emails from unknown senders or use tools to block them. # Mark automatically as spam, even newsletters they signed up to, which is cruel :) The good news there's plenty of time for you to adjust. More info and a link to the article in the comments below.

Important Email Update! New requirements from Gmail and Yahoo Mail effective February 2024. 𝐄𝐦𝐚𝐢𝐥 𝐬𝐞𝐧𝐝𝐢𝐧𝐠 𝐛𝐞𝐬𝐭 𝐩𝐫𝐚𝐜𝐭𝐢𝐜𝐞𝐬: As part of their ongoing commitment to enhance email security and protect user inboxes, Gmail and Yahoo Mail have announced a set of new requirements for email senders, effective February 2024. The new requirements include long-standing best practices that all email senders should follow in order to achieve good deliverability with mailbox providers. What's new is that Gmail, Yahoo Mail, and other mailbox providers will require alignment with these best practices for those who send bulk messages over 5000 per day or if a significant number of recipients indicate the mail as spam. 𝐑𝐞𝐪𝐮𝐢𝐫𝐞𝐦𝐞𝐧𝐭𝐬: - SPF (Sender Policy Framework) is a domain-based way to determine what IPs are allowed to send email on somebody's behalf. - DKIM (Domain Keys Identified Mail) is a message-based signature that uses asymmetric cryptography to sign email and verify that a message was not altered in transit. - DMARC (Domain-based Message Authentication, Reporting & Conformance) builds on top of SPF and DKIM and instructs receivers to approve, quarantine, or reject email messages. 𝐖𝐡𝐲 𝐢𝐭 𝐦𝐚𝐭𝐭𝐞𝐫𝐬: For senders of bulk messages, meeting these requirements is crucial to maintaining good deliverability and ensuring that your emails reach the intended recipients' inboxes. Failure to comply may result in emails being marked as spam or rejected by mailbox providers. 𝐖𝐡𝐚𝐭 𝐲𝐨𝐮 𝐬𝐡𝐨𝐮𝐥𝐝 𝐝𝐨: Review your current email sending practices to ensure alignment with SPF, DKIM, and DMARC. If necessary, update your SPF, DKIM, and DMARC configurations to comply with the new requirements. Check the diagram showing how SPF and DKIM work together with your DMARC policy. #EmailSecurity #GmailUpdate #YahooMail #SPF #DKIM #DMARC #Authentication #CyberSecurity #EmailBestPractices

On August 1, 2024, the European Union's AI Act came into force, bringing in new regulations that will impact how AI technologies are developed and used within the E.U., with far-reaching implications for U.S. businesses. The AI Act represents a significant shift in how artificial intelligence is regulated within the European Union, setting standards to ensure that AI systems are ethical, transparent, and aligned with fundamental rights. This new regulatory landscape demands careful attention for U.S. companies that operate in the E.U. or work with E.U. partners. Compliance is not just about avoiding penalties; it's an opportunity to strengthen your business by building trust and demonstrating a commitment to ethical AI practices. This guide provides a detailed look at the key steps to navigate the AI Act and how your business can turn compliance into a competitive advantage. 🔍 Comprehensive AI Audit: Begin with thoroughly auditing your AI systems to identify those under the AI Act’s jurisdiction. This involves documenting how each AI application functions and its data flow and ensuring you understand the regulatory requirements that apply. 🛡️ Understanding Risk Levels: The AI Act categorizes AI systems into four risk levels: minimal, limited, high, and unacceptable. Your business needs to accurately classify each AI application to determine the necessary compliance measures, particularly those deemed high-risk, requiring more stringent controls. 📋 Implementing Robust Compliance Measures: For high-risk AI applications, detailed compliance protocols are crucial. These include regular testing for fairness and accuracy, ensuring transparency in AI-driven decisions, and providing clear information to users about how their data is used. 👥 Establishing a Dedicated Compliance Team: Create a specialized team to manage AI compliance efforts. This team should regularly review AI systems, update protocols in line with evolving regulations, and ensure that all staff are trained on the AI Act's requirements. 🌍 Leveraging Compliance as a Competitive Advantage: Compliance with the AI Act can enhance your business's reputation by building trust with customers and partners. By prioritizing transparency, security, and ethical AI practices, your company can stand out as a leader in responsible AI use, fostering stronger relationships and driving long-term success. #AI #AIACT #Compliance #EthicalAI #EURegulations #AIRegulation #TechCompliance #ArtificialIntelligence #BusinessStrategy #Innovation 

🚀UAE is getting ready for its own carbon market! ✅While COO29 is taking place in the news - the UAE is getting teady for the entry into force of its New Carbon Credit Regulation 💡The Cabinet Resolution No. (67) of 2024, establishing the National Register for Carbon Credits aims to reduce greenhouse gas (GHG) emissions and achieve climate neutrality by 2050. 🎁Key Takeaways for UAE Companies are: 1️⃣ Mandatory MRV for High-Emitting Entities: Companies with significant carbon footprints will be required to implement a robust Monitoring, Reporting, and Verification (MRV) system to track their emissions. 2️⃣ Carbon Credit Trading Opportunities: The National Register will facilitate the trading of carbon credits, offering businesses a potential new revenue stream and a mechanism to offset their emissions. 3️⃣ Alignment with Global Standards: The register will adhere to international standards and requirements, ensuring compatibility with global carbon markets - ISO 14064, 14065, 14067, 17029 and 17065. 4️⃣ Potential Regulatory Compliance Costs: Companies may need to invest in technology, expertise, and processes to comply with the new regulations. As the UAE transitions to a low-carbon economy, understanding and adapting to this new regulatory landscape is crucial for businesses. By embracing sustainable practices and participating in carbon credit markets, companies can contribute to a greener future while securing a competitive edge. #UAE #sustainability #climatechange #carboncredits #corporatesustainability Link to the legislation: https://lnkd.in/d_ec763J

#blockchain | #digitalidentity | #crossborder | #trade : "Unlocking Trade Data Flows with Digital Trust Using Interoperable Identity Technology" The paper reviews the current challenges in unlocking cross-border data flows, and how interoperability of digital identity regimes using high level types of decentralized technologies can overcome this with active public-private partnerships. Decentralized identity technologies, such as verifiable credentials (VCs) and decentralized identifiers (DIDs), coupled with interoperability protocols can complement the current Web3 infrastructure to enhance interoperability and digital trust . It is noted in the World Economic Forum White Paper that global trust worthiness is an important identity system principle for future supply chains, as this process of dynamically verifying counterparts through digital identity management and verification is a critical step in establishing trust and assurance for organizations participating in digital supply-chain transactions. As the number of digital services, transactions and entities grow, it is crucial to ensure that digitally traded goods and services take place in a secure and trusted network in which each entity can be dynamically verified and authenticated. Web3 describes the next generation of the internet that leverages blockchain to “decentralize” storage, compute and governance of systems and networks, typically using open source software and without a trusted intermediary. With the new iteration of Web3 being the next evolution of digitalized paradigms, several new decentralized identity technologies have become an increasingly important component to complement existing Web3 infrastructure for digital trade. VCs are an open standard for digital credentials, which can be used to represent individuals, organizations, products or documents that are cryptographically verifiable and tamper-evident. The important elements of the design framework of digital identities involves three parties – issuer, holder and verifier. This is commonly referred to the self sovereign identity (SSI) trust triangle. The flow starts with the issuance of decentralized credentials in a standard format. The holder presents these credentials to a service provider in a secure way. The verifier then assesses the authenticity and validity of these credentials. Finally, when the credential is no longer required, the user revokes it. This gives rise to the main applications of digital identities and VCs in business credentials, product credentials and document identifiers in the trade environment involving businesses, goods and services. EmpowerEdge Ventures

Beyond Technology - Addressing Emerging Threats with Security by Design In the rapidly evolving digital landscape, relying solely on technical security measures is no longer enough. Recent incidents, like a finance employee being tricked into transferring $25 million through deepfake technology, highlight the urgent need for a comprehensive approach to cybersecurity. My latest article dives deep into why Security by Design must be applied to processes and not just systems. I’ll explore the inherent insecurities in widely used technologies like email and video meetings, and how emerging AI technologies are amplifying these risks. 🔑 Key Takeaways: - Shared Responsibility: Security is not just the responsibility of IT; every manager plays a crucial role. - Avoiding False Confidence: Quick technical fixes can create a false sense of security. Real security requires addressing underlying vulnerabilities. - Practical Steps: Implementing non-technical measures such as verification protocols and regular training can significantly mitigate risks. #SecurityByDesign #CyberSecurity #DeepFakes #SocialEngineering #ProcessSecurity #Leadership #DigitalTransformation

Improving your B2B SaaS email footprint can drive growth. 5 tactics to consider (some might look like bad ideas): [1] 𝗖𝘂𝘁 𝗱𝗼𝘄𝗻 𝘆𝗼𝘂𝗿 𝗲𝗺𝗮𝗶𝗹 𝘃𝗼𝗹𝘂𝗺𝗲 - As new email triggers get added and user bases grow, the volume of emails ejected per day balloons exponentially. With Google's stricter spam policies, this can spell trouble. - I often see PMs build new notifications and keep them on by default. This should be done sparingly. - It's better for users to get fewer, more important emails than be swamped with an email upon every action. [2] 𝗧𝗵𝗶𝗻𝗸 𝗮𝗯𝗼𝘂𝘁 𝘀𝘁𝗮𝗻𝗱𝗶𝗻𝗴 𝗼𝘂𝘁 𝘄𝗶𝘁𝗵 𝘀𝘂𝗯𝗷𝗲𝗰𝘁 𝗹𝗶𝗻𝗲𝘀 - Here's a mistake I made - I once set the subject line of an automated email as: "[Alert] {First Name}, here are results matching your criteria". - Users were frustrated as they were lost in a sea of emails with the SAME subject line. - Using personalization isn't enough. Think about unique tokens in subject lines, especially for alerts and digests. - Using a solitary emoji for a few (not all) might be worth experimenting with. [3] 𝗘𝘅𝗽𝗲𝗿𝗶𝗺𝗲𝗻𝘁 𝘄𝗶𝘁𝗵 𝘀𝗲𝗻𝗱𝗶𝗻𝗴 𝗲𝗺𝗮𝗶𝗹𝘀 𝗮𝘁 𝗼𝗳𝗳-𝗽𝗲𝗮𝗸 𝗵𝗼𝘂𝗿𝘀 - Emails synced with a cron job (like a digest) are often set at optimal sending times. - The problem: every other platform is sending emails at that time too. - This might be counter-intuitive, but one should experiment with sending emails (with less time sensitivity like a digest) during downtimes. [4] 𝗥𝗲𝘀𝗼𝗿𝘁 𝘁𝗼 𝗽𝗹𝗮𝗶𝗻-𝘁𝗲𝘅𝘁 𝘄𝗵𝗲𝗻𝗲𝘃𝗲𝗿 𝘆𝗼𝘂 𝗰𝗮𝗻 - I've seen reset password emails with chunky, branded banners and flashy footers. - Adopt plain-text for system emails to avoid consuming real estate unnecessarily. - At max, plug in a logo + a single-line footer with the un-subscription link. - It also helps with avoiding the wrong inbox profile. [5] 𝗣𝗲𝗿𝘀𝗼𝗻𝗮𝗹𝗶𝘇𝗲 𝗯𝗲𝘆𝗼𝗻𝗱 𝗮 𝗻𝗮𝗺𝗲 - Most emails are "personalized" by referencing the name or company. - That's not personalization. That's just token insertion. - With LLMs on the rise, the best personalization will be contextualizing the copy based on the persona at hand. Let me explain the last point with an example. Assume the product is a Project Management tool like Asana or Clickup. Say they launch a new analytics dashboard view. A Marketing manager might get: "Our new Analytics Dashboard gives you a bird's-eye view of your marketing campaigns' progress. Track key performance indicators like campaign completion rates and team productivity, helping you optimize resource allocation and hit your marketing goals faster." But for the same feature, a software lead might get: "We've just launched our Analytics Dashboard, allowing you to visualize your development team's velocity and sprint progress. Monitor critical metrics like code commit frequency and bug resolution times to streamline your development cycles and boost overall productivity" -- What are your SaaS email tips?