ESPC Sets Deadline to Require MD5 Hash Encryption
As of September 1, 2009, MD5 hash suppression file encryption will be required for all ESPC members. Stolen suppression files and lingering cases of suppression list abuse have long plagued marketers, who are required by CAN-SPAM to share suppression lists with affiliates and these sometimes end up in the hands of third parties. In the past, these lists have been shared in plain text formats, which has allowed for future mailing and abuse.
MD5 is a one-way encryption tool that has long been used for password encryption to secure login info and protect against corrupted files. It is particularly useful for suppression list management because encrypted files cannot be transmitted back into original email addressess. However, because each address will have a dedicated line of hash, publishers and affiliates can still use the files for compliance when scrubbing send files against suppression lists.
Although MD5 is a needed improvement in the standard for protecting suppression files, it has become somewhat outdated and is vulnerable to decryption and hacking. According to the ESPC Be…
As of September 1, 2009, MD5 hash suppression file encryption will be required for all ESPC members. Stolen suppression files and lingering cases of suppression list abuse have long plagued marketers, who are required by CAN-SPAM to share suppression lists with affiliates and these sometimes end up in the hands of third parties. In the past, these lists have been shared in plain text formats, which has allowed for future mailing and abuse.
MD5 is a one-way encryption tool that has long been used for password encryption to secure login info and protect against corrupted files. It is particularly useful for suppression list management because encrypted files cannot be transmitted back into original email addressess. However, because each address will have a dedicated line of hash, publishers and affiliates can still use the files for compliance when scrubbing send files against suppression lists.
Although MD5 is a needed improvement in the standard for protecting suppression files, it has become somewhat outdated and is vulnerable to decryption and hacking. According to the ESPC Best Practice Guideline for ESPs, newer hashing methods such as SHA-256 provide much greater levels of security and require far more time and resources to hack. A brute force attack is another way to gain information about hashed email addresses. This is where a person gathers a list of email addresses, hashes them, and compares them to the hash of an email list. The hacker would not gain new email addresses, but would be able to find out more info about the email addresses that match their list.
Additional precautions should be taken along with hashing, especially during data transfer in order to secure your lists. For example, storing a list on an FTP site that allows anonymous login could be insufficient security for data transfer (ESPC 2008).
Trending Now
How Virtual Assistants Use Data Analytics To Save Clients Money
Diana Hope - January 12, 2019
Here’s Why 2019 Will Bring Debates About Ethics of Artificial Intelligence
Andrej Kovacevic - January 12, 2019
Artificial Intelligence Chatbots Could Make Your Doctors Obsolete
Ryan Kade - January 12, 2019
6 Ways Big Data Can Improve eCommerce For Your Business
Sean Mallon - January 11, 2019
Is Your Data At Risk? Here’s How To Protect Your Information Online
Rehan Ijaz - January 11, 2019
5 Genius App Data Monetization Strategies That Can Make You Bank
Annie Qureshi - January 10, 2019
You must log in to post a comment.