EPISODE 125 OF THE BOOM YOUR BIZ PODCAST: TWO PRIVACY CHANGES THAT COULD COST YOU THOUSANDS
There have been a few updates in digital marketing land that will affect you if you run Google ads or utilise email marketing. They aren’t related, but they are important. This is just a quick episode to get you across what you need to know - fast.
(INTRO)
Let’s start with the update around Google Cookies.
I’m not talking cookies like the DELICIOUS ones our Social Media Manager, Sarah, makes and brings in regularly for the team… I’m talking about the third-party cookies that you accept when you visit a website that track your movements online.
Cookies are like an air tag that you’ve stuck to your car. They remember where you’ve been, how long you were there, and they notice patterns, like if you go to the same place at the same time on the same day each week.
It’s important to note that we have FIRST party cookies, which are limited to one website only, and THIRD-party cookies, which follow you around the entire internet. It’s the third-party cookies that are being eliminated. And not everyone is happy about it.
Third-party cookies have been an essential tool in every digital marketer’s toolbox up until now.
And they don’t just allow Google to track each user’s online activity across platforms, but across devices, too.
So, if you’re signed into Google on your work computer, and your laptop at home, AND your phone, Google tracks you across all three devices and compiles a profile of your interests, preferences and even your browsing behaviour.
If you’ve ever joked that a brand is ‘following you’ and showing up everywhere you look, it’s not fate or a sign that you need to buy their product, its Google cookies being effectively used by a digital marketing team to keep that brand or product front and centre in your awareness.
But it doesn’t stop there. Google also has access to your PHYSICAL LOCATION, tracked through your device’s GPS or IP address. And when you clicked “accept” on Google’s Privacy Policy, you consented to this tracking. This is why you get sponsored ads for local cafes, or gym ads that say, “WOMEN AGED 25-40 IN… insert your suburb name here”.
But wait, there’s more! Google has partnerships with third-party companies that allow those companies to access and use your data, often without your knowledge. And again, you signed up for it when you accepted their privacy policy!
And THIS is where they’ve run into trouble.
Those privacy policies are difficult to understand, they’re deliberately vague, and even though they’re LEGALLY covered, Google has been fined MILLIONS of dollars for a lack of transparency.
So, they decided to get rid of third-party cookies altogether.
Starting this year, Google turned off cookie support in Chrome for 1% of users, worldwide. And they’ll continue to do so in small increments until third-party cookies are a thing of the past.
If you’re running ads, this means you’ll need to think about your marketing strategy a little differently.
We’re seeing a return to foundational marketing practices, and I am HERE for it.
I’m talking SEO, email marketing, and first-party cookies, which are data points collected directly from your website visitors and clients through your website, emails and loyalty programs. This data comes from people who WANT to interact with you, and have demonstrated this through a website search, signing up for a freebie or subscribing to your email list.
Another option is to experiment with targeting based on the content people are interested in, not their past cookie crumbs. Explore privacy-focused options like Google's Privacy Sandbox to keep things above board.
The third option, which is my personal favourite, is to level up your content game!
Create awesome content and experiences that people genuinely enjoy, and focus on building relationships, not just reaching specific targets.
The best ads are the ones people don't even realize are ads, they’re not always polished or perfect, but they’re authentic – and they connect.
Speaking of connection…
There’s NOTHING worse than receiving a text or email from scammers, pretending to be someone you know or an organisation you interact with, like the ATO or your bank.
And while most of us are getting better at spotting a scam, email providers are finally stepping up to do their part to stop this type of email from getting through to your inbox in the first place.
You may have received an email from your email marketing provider in recent weeks about DMARC Authentication. And trust me, that’s NOT an email you want to send to the trash folder!
In a nutshell, DMARC is a security protocol that helps prevent email spoofing and phishing.
Email spoofing is when someone sends an email that looks like it's from a trusted sender but is actually from a malicious source. For example, we’ve seen an increase in clients receiving emails that LOOK like they’re from Shopify, but when you check the sender’s email address, it comes from shopifysupport@gmail.com, which is not a legitimate Shopify email.
Phishing is when someone tries to trick you into giving them personal information like passwords or credit card numbers. This might look like an email about your Dropbox or PayPal access, a website enquiry that includes a link to a Google document, or even an invoice from the “accounts department” of a national company that you may (or may not) have an account with.
DMARC is intended to prevent those emails from getting through to you, adding another layer of security to business email systems.
But what is DMARC exactly, and how does it work?
DMARC stands for Domain-based Message Authentication, Reporting, and Conformance.
Essentially, it helps receiving mail servers determine if an incoming message “aligns” with what is known about the sender, and how to handle messages that don’t align.
This next bit sounds tricky, but stay with me:
DMARC is what allows those receiving mail servers (usually Gmail or Outlook) to check for alignment between the “header from” domain name and the “envelope from” domain name that is used during SPF authentication, and alignment between the “header from” domain name with the “d= domain name” in the DKIM signature.
So, when you receive an email from an email address where the public-facing and back-end domain names don’t match? DMARC will nope that email straight through to spam.
If you, as a business owner, want to make sure your marketing emails get delivered, you need to make sure you’re following DMARC guidelines.
If you DON’T implement DMARC, several potential consequences may arise:
Decreased Email Deliverability: Email providers like Gmail, Yahoo, and Outlook increasingly use DMARC to authenticate incoming emails. Without DMARC implementation, your emails are more likely to end up in recipients' spam or junk folders, or they might be outright rejected by email servers, reducing the effectiveness of your email marketing campaigns.
Risk of Email Spoofing and Phishing: Without DMARC, your domain is more vulnerable to being spoofed by cybercriminals. This means scammers could impersonate your business and send fraudulent emails to your customers, potentially damaging your brand reputation and causing financial harm to your customers.
Loss of Customer Trust: If customers receive suspicious or fraudulent emails claiming to be from your business, they’re going to lose trust in your brand. The result? Decreased customer engagement, loss of sales, and even negative word-of-mouth publicity and reviews, impacting your overall business success.
Missed Opportunities for Customer Engagement: Emails are a valuable tool for communicating with customers, promoting products or services, and nurturing relationships. If your emails aren't reaching recipients' inboxes or are being ignored due to suspicions of fraud, you'll miss out on opportunities to engage with your audience and drive sales.
IMAGINE being flagged as spam during the Black Friday sales! DISASTERPotential Legal and Regulatory Issues: Depending on your industry and location, there may be legal and regulatory requirements related to email security and privacy. Failing to implement adequate measures, such as DMARC, to protect sensitive customer data or prevent email fraud could result in legal consequences, fines, or penalties.
So, I think we can all agree that getting your DMARC sorted should be pretty high on your priority list. Here’s what you need to do:
FIRSTLY:
Check Your Domain’s DNS Records: DMARC settings are configured through your website’s DNS (Domain Name System) records. You can access your domain’s DNS settings through your domain registrar or hosting provider’s control panel and check for existing DNS records.
SECONDLY:
Create DMARC DNS Record: If your domain doesn’t already have a DMARC DNS record, create one.
The DMARC record contains policies that specify how email providers should handle emails that fail authentication checks. You can use an online DMARC record generator, or consult with an IT professional for assistance with creating that record.
FINALLY:
Publish your DMARC Policy: Publish your DMARC policy by adding the DMARC DNS record to your domain’s DNS settings. Ensure that the policy aligns with your organisation’s email authentication practices and specify how email providers should handle emails that fail authentication checks (e.g., quarantine or reject).
If this all sounds overwhelming, or you don’t have time to do it yourself, we can take care of your DMARC Authentication for you. Shoot us an email at hello@linchpindigital.com.au or visit bit.ly/dmarcsetup – I’ve linked it up in the show notes for you.
Like I said at the start of this episode, it’s ESSENTIAL that you’re across these changes, it really could cost your business thousands, if not tens of thousands, if you ignore them.
Reach out if you need support or have any questions, and if there’s something happening in the world of marketing that you want me to cover in a future episode, I’d love to hear from you.
Let’s continue this conversation over in the Boom Your Biz Facebook Group, where you can connect with like-minded business owners. Just search Boom Your Biz on Facebook and hit the Request to Join button.