Thursday, 15 March 2018

What is a disposable email address?

Disposable email addresses are email addresses that last for a limited period of time. Typically between ten minutes to a couple of weeks.

They are used by people who want to hide and remain anonymous online, and it's often true that users of disposable email addresses are hiding their identity because they want to act badly.

It's not always the case that a disposable email address is being used with bad intent. Some users are just trying to control communication so they don't 'get spammed' or have their data shared.

Where can I get a disposable email address?

Not here. And here's why.

Email Hippo is an email validation company, responsible for identifying disposable email addresses and domains.  Our clients remove them from their mailing lists and block people with disposable email addresses buying from them or using their services.

Blocking disposable email addresses is on the increase as there is a strong link between disposable email addresses and online fraud.  More and more companies don't want to deal with people who hide online.

Why we watch for disposable email addresses

Disposable emails are indicators of fraud

There's a clear link between usage of disposable email addresses and anti-social behaviour online. Credit card chargebacks, abusive behaviour, anti-social behaviour, crime and identity fraud are all enabled by disposable email addresses. DEAs are the email equivalent of 'burner mobile phones' and instantly erased social media posts.

Do you trade online? Disposable email addresses aren't good for online business, and it's travel, SaaS, electronic goods and apparel that are hit the hardest.

Businesses trading online need to trust the people buying from them. It's not easy to trust people who want to stay anonymous and stay out of  all communication reach.  It's easy to keep DEAs out of your checkout journey, by using an API that prevents people signing up with a disposable email address. If you trade online you need to decide whether to deal with people who hide their identity. It's tricky as there is plenty of advice given to 'man in the street' consumers that having a disposable email address is a simple way to stop spam in their inbox.

Online retail continues to grow and shows no sign of stopping. More businesses are trying to grow a business and instead finding they are under pressure to become security experts. Online sales revenues need to balance the direct and indirect costs of fraud reports and chargeback admin, card alerts and proof of shipping for goods that are being contested.

Removing DEAs from your data and your transaction process will help you get back in control of your revenue turnover and your time.

Do you worry about credit card fraud, or service abuse? If people want to buy from you but remain anonymous and then disappear, you're entitled to choose not to sell your goods and services to them.We know there is a proven link between online fraud and the use of disposable email addresses. There's a number of things you can do to reduce fraud and save time.

Do you send spam to your customers? Thought not. Most companies don't.

At Email Hippo we're a Software as a Service (SaaS) company, so we don't ship physical products, but we still like to know who we're dealing with. We began blocking people using disposable emails over a year ago, because we were able to look at the email data closely and see that people who hid were more likely to rip us off, by using our services and then charging back the credit card. We blocked temporary emails and guess what - our rate of fraud and chargebacks immediately fell by >95%.

You can use an API to stop the emails being entered in your online forms, or you can use a single look up for manual review before you ship goods and services. It depends on your rate of sales and how your operation works. 

People who want to buy from you for legitimate reasons will still buy from you. Your time will be spent doing what you want to do, instead of what you have to do. You'll save resources and admin time. As far as planning and growth goes, you'll have more accurate figures to work from as you won't have to allow for chargeback lags, so your business will benefit all round.

By stopping DEAs you'll be taking a simple, inexpensive and effective route to stop most of the bad guys getting through.

Data re-sellers and disposable email addresses - adding value to data 

You look after your data because you know it's got a value. It costs to get it, store it, keep it up to date and augment it. Disposable email addresses cost you time and money and reduce the value of any list. Removing disposable emails addresses will save your resources and make your data more valuable.
You are an expert at curating, gathering and harvesting data for augmenting and reselling. 

You know that your data has a value and that you work in a competitive market. So every email address you have on file that hard bounces is a mark against your quality. That's why you need to remove disposable emails from your data. 

There are community-curated lists of disposable emails and APIs that provide access to those lists. Your IT team will likely have access to community software resources, your email validation company or checking service should be alerting you to the domains and addresses that are disposable.

The problem is that disposable emails are fluid, and the people creating them have their quality standards too. All DEA providers want to hide their domains and keep them moving, refresh them often and keep them viable and off those community alert lists.

If you take disposable email address elimination seriously, you should use an API from a reputable company to scrub your data. You should look for a company that does a lot more than rely on integrating static community lists of disposable emails, or manually searching and updating records. The best companies use heuristics and machine learning to watch disposable email address providers and updated results in realtime. 

Making marketing better by deleting disposable emails

Reaching out to people via email is an effective marketing channel. It's frustrating when you're doing everything by the book and customers hide their identity because they don't trust your 'opt-out' promise. There's no point trying to get friendly with a smoke trail, which is basically what you're doing if your customer list is hot with disposable addresses. 

How to remove disposable email addresses from databases

Disposable Email Addresses (DEAs) are junk mail and if you have them, it's a 'tell' that you have bad data on your database.

They prevent you getting close to your customers - because they are email addresses used by people who want to avoid your communication and stay anonymous. By mailing them, you're increasing your bounce rates, lowering your deliverability rates, harming your sender reputation and skewing your marketing campaign data.  Ultimately they make you and your team look bad.

Many DEAs are profane and the domains would be likely to trigger any profanity filters that you have.  Plenty of them would go under the radar though so it's worth cleaning them out of the system each time you do routine data housekeeping.

Two ways for marketers to clean out disposable email addresses

1. Point of entry / API

Get an API installed that will prevent DEA users getting onto your database. There are APIs out there (Email Hippo's is the best one - see here for comparison report) that will do a realtime check against DEAs. When you use an API people trying to use your services and buy your stuff online whilst hiding behind a DEA will be stopped after they've typed their email address in.  You'll need to decide what message to give and at what point in your process you put the DEA filter in, but it is a very effective way of stopping the trash before it gets your data dirty.

You can also use an API to clean you data as and when you like within your systems. Your CRM for instance, could incorporate an API for DEAs.

2. Housekeeping and routine sweeps of your data

The second way to stay clean is to regular sweeps of your data. This is something you're probably doing already, taking out old emails and lapsed customers etc., but to step it up and include DEAs, look for a service that offers disposable email address filtering. 

If you capture data at point of transaction and you have DEAs on your system, it's worth checking on the link between your DEAs and chargebacks. In our experience, removing DEAs from our system saw a drop in online fraud of >95%. That's more one for the online retailers though.

How will action against Disposable Emails improve your marketing results?

  • You won't be trying to communicate with people who don't want to hear from you - so your open rates will improve
  • You'll be sending mail to more email addresses that exist - so your bounce rate will fall
  • Because your bounce rate will fall, your ESP (Email Service Provider) will rate you and your data higher
  • Because your bounce rate has fallen, your sender reputation will improve
  • Because your sender reputation improves you'll get more emails into more inboxes
  • So your campaigns will have higher success rates
  • So your effectiveness measures and KPIs relating to email marketing will improve
  • So you and your team will look better

And that, is how to remove disposable email addresses and improve your marketing effectiveness.

Tools to help you deal with Disposable Email Addresses are generally split into two types;

1. Online lists of DEAs - so you can cross check your data and make your own exclusion models

2. API links to make the DEA lists useful - so you can build a DEA API into your system

Tools to help you deal with Disposable Email Addresses

Here are links to two of the most up to date Disposable Email Address lists. These lists are generally community managed. There's a growing number of people working collaboratively to make DEAs visible online. Because they're community managed there is no promise about how up to date they are, so use them with common sense. We help curate and moderate the GitHub list #1 so we confidently steer you to that resource.

Both APIs are effective. The first is ours, which we know is up to date with heuristic DEA detection and a >99.9% uptime. The API 'Disposable Email Guard' is an independent service that provides free detection on a relatively small scale. We sponsor this service as it's a grass roots API that's community spirited and everybody doing something good deserves support!

GitHub List #1  Burner-email-providers

GitHub List #2 Disposable Email List


Disposable Email Guard

How to keep your inbox clean without using a disposable email address

1. Have more than one email address 

Keep an email address for correspondence with friends / family etc and don't use it for online purchases.  That way you can get emails from people you want to hear from, and keep other correspondence on your terms.

There are plenty of mailbox providers that provide free email addresses. Among the most popular are Yahoo (still - even though the service has a reputation for poor security) Gmail, Outlook and Yandex.

2. Only buy online from companies your trust 

If you're buying from a company but you think they will sell your details and send you spam, buy from another supplier. Research who you are buying from and decide whether you can trust them. If you don't trust the seller online, ask yourself why you are giving them your money. Take your card (and your email address) somewhere else. It's often the larger companies who send more emails, as they have the resources to manage fluid email marketing campaigns.

3. Relax a bit, not everyone is out to get you with spam emails 

The news and hysteria press are full of stories of spam and bad use of data and marketing emails that go on and on. In reality, companies don't want to annoy you, they want you to like their brand and stay loyal. The best marketing campaigns are clever enough to give you information when you need it, choices when you are shopping and support after you've purchased.

4. Take time to read the sign-up details and check the boxes so you don't get added to mailing lists

5. Report spam

As long as you're using a reputable email service, (not a Disposable Email Account)  there will be an option to report an email as spam. If you want to keep your email inbox clean, use the spam button if a company sends you unsolicited emails that you are sure you haven't signed up for. Reporting genuine spam works. Please don't report genuine marketing emails - that's not fair.

Reporting spam will also help you in the long run as your email address can be identified as a 'squealer' account. This means it will be kept off email lists and that companies who validate their email address lists might decide not to waste their resources on you. Win win.

6. Use your inbox filters - don't just delete unwanted emails 

It's tempting to purge your inbox in a mass 'delete.' It's better to set up a filter, so that emails from the same sender, or containing particular subject lines are automatically filtered away from your inbox. It may take a bit of time to set filters up but it is a really good, effective way to get your inbox more relevant. Keeping your inbox neat and tidy will help you stay clean from spam.

7. Don't forward spam if you don't want more of it 

No use complaining about spammy emails if you are one of the people responsible for sharing it round. If you interact with spammy emails you are more likely to get more of them. That's because disreputable people who sell email addresses illegally, create 'hot lists' of email addresses that are responsive. Move away from the kitten pictures and promises of good things happening if ten friends forward the email...

8. Unsubscribe from email marketing lists

We all buy things online whilst in a good mood and then get grumpy when the emails come offering us the next new product. It's better to unsubscribe than it is to get annoyed. At the foot of every genuine marketing email there will be an unsubscribe link. It should be a one-click process, occasionally it takes two clicks as you have to confirm you mean to unsubscribe. If you want to feel empowered, take a screen grab of your unsubscribe and have it ready to email to their marketing department or paste to their Facebook page! Remember that it can take a while to see the impact of your unsubscribe, depending on how the company runs their email marketing.

9. Go public

Companies can get their email marketing processes wrong. Don't be worried about putting your head above the clouds and letting them know through another channel if they continue to send unsolicited emails. Facebook is a great leveller, and larger companies often run their social media through agencies or teams that are very responsive. Don't be rude when you complain and always say thank you when it has been sorted. This sort of communication also helps companies change their approach to email gathering and marketing, as it provides evidence that their approach isn't perfect.

NB. Don't make your email address public on Facebook! Only provide it in a private message.

10. Don't sign up for loyalty schemes unless you want to hear from the company

When you get tempted by discounts and you sign up for vouchers at checkout or discount codes to use in the future, it's safe to assume you'll be hearing from that company again. There's no such thing as a free lunch after all.

11. Don't give your email to high-street stores, or share your email address in offline channels 

Retailers try to make sure you get consistent exposure to their brand, whether you are buying from them online, on the high street or over the phone.

There's a rising trend in high street stores to ask for your email address, so they can 'just email you the receipt' for goods you purchase in store. Some even say the primary reason for having your email is so they can reduce their environmental footprint by saving paper for till receipts. Well, it might be I suppose. Or it might be in order to add your details to their mailing list...

Harvesting emails from offline channels also takes place at events, in feedback forms, competitions, research -in fact anywhere where you get into conversation with the company. If you don't want to have a conversation in your inbox, don't give your email address unless you are sure what it is going to be used for, and be explicit about that usage when you hand it over.

Here are our 4 rules for a clean inbox 

  • Don't deal with companies you don't trust
  • Do your inbox housekeeping
  • Report spam
  • Be careful how you share your email address -online as well as offline
  • spam

Free disposable email identifying tool
Video: How disposable email address detection works in Email Hippo's API

Thursday, 1 March 2018

Domains explained - what do domains say about your email data?

What email domains do you have on your list - does it matter?

If your customers are consumers, chances are you will have email data with plenty of freemail addresses. Those are domains such as Yahoo and Gmail. You're also more likely to have disposable email addresses on your list, with domains that often look like gibberish.

If you're dealing with businesses, you'll have the majority of domains looking like company addresses; it's not very usual to have individuals within companies using freemail accounts. Most of your emails should be instantly recognisable as company addresses. Plenty of companies use Gmail and Outlook to power their emails, (they are the two most popular small-mid size company emailprovider) but they don't use the generic domain, they use their own, so at first glance you can't tell what email service they are using.

Does it really matter though, what email domains your customers use? What does it mean for your email deliverability?

When our bulk email address service receives a new file of email addresses, the first thing that happens is a 'shallow verification' process. this process gives an overview of the top domains on the list.

One of the reasons we do this is because it indicates whether the list is likely to contain a high percentage of 'grey listing' email addresses. Grey listing is when we reach out to check an email address are told by the mail server to come back later, so we can prove we are listening and we aren't spammers. Business accounts are more likely to do this, as individual mail servers are set up by IT departments, who'll put in various screens to help keep bad emails from the system.  If your email list has a high proportion of grey listing addresses, it'll take longer to validate than a list with few or zero grey lists.

Consumer email addresses are often likely to be a full mail box. In fact, people typically have more than one email address, using one for things they want to read, and another for online shopping and subsequent marketing correspondence. So your carefully crafted emails following up purchases can get some really low open rates if you deal with consumers who aren't buying out of loyalty. That's why multi-channel, engaging content needs to be part of your marketing armoury!

Domains matter because your delivery rates and open rates matter to your sender score.

If you mail to people who don't open your email, your sender score takes a hit. That means your email service provider might not use its 'best' servers for your emails, which means that domain servers might view you as less than squeaky clean, so they might divert your emails to spam. It's a downward spiral. That's why it's good to segment your data, maybe send email campaigns by domain type, or by email status, so you can build the open rate on one list and keep another for your customers who don't engage with you so well.

You can't decide what domains your customers use, but you can consider what their domains tell you. Then you can take action to see how dealing with domains differently can improve your marketing effectiveness.

To find out more ways to improve your email deliverability, make this great little yellow book your friend. For just a few dollars you can learn all you need to know. Email Deliverability by Ken Driscoll

Monday, 5 February 2018

Email Hippo welcomes new General Manager

Adam Thompson joins the Hippo team!

Email Hippo Limited, one of the South West’s fastest growing software companies, has appointed Adam Thompson as General Manager.

He joins the team in Launceston, at the company’s Development Centre, where Email Hippo’s cloud-based software is designed, engineered and supported.

“Email Hippo has experienced rapid growth and I’m excited about helping to take it to the next stage,” said Adam. “We’ve ambitious targets and new products in the pipeline, and I’m thrilled to come on board at this stage of the company’s development. It’s very pleasing to be working for a company based in Cornwall, the UK's fastest growing hi-tech region. I'm impressed by the way that Email Hippo is delivering first class service all over the world.”

Adam’s extensive skill set will be given a workout at Email Hippo as the company continues to grow and dominate the international email and identity validation sector.

Rowland O’Connor, CEO of Email Hippo, said: “Adam will be key in moving the company into the next phase of our development, and his skills and experience will help us develop our services further and deliver them worldwide.”

Adam joins Email Hippo from OneServe – a cloud-based field service management software company that grew from a fledgling system to an award winning, influential service provider under his leadership.

Thursday, 21 December 2017

Client side email validation API integration

Learn why we don't support client side email validation

In this video our CEO answers the question we’re often asked...'Do you do client side integration?' He goes into detail to explain why we don’t do it, and why we think nobody else should either.

This ten minute video is aimed at people with technical skills, but clearly explains the commercial reasoning behind the topic that will be of interest to non-technical people; especially those involved with working out the procedures of how and where email validation should take place.

Listen to our CEO, Rowland O’Connor, as he reflects on old-school email validation technology that’s still being used and expands upon why you shouldn’t be using old engineering for your email validation. (Hint – it’s a security nightmare).

Rowland outlines what you should consider if you’re interested in integrating client side validation into your email validation process.

Watch  as he hacks straight into a client side validation product to illustrate his point.

Old engineering gives new fraud opportunities

Why is it such a security risk? Put simply, old engineering (circa 2009) continues to support email validation affiliates who are active in the market place. The end points haven’t changed, so we know exactly what's going on and we're in a great position to shine a light and discuss what happens on client side API integration. 

Fraudsters can pretend to be you, so you end up paying for emails they validate

When you sign up to an email validation service, you generally get allocated a quota, or a number of credits to validate emails. This means there’s a direct cost to you, as you pay for the emails you validate. It's not right that you should pay when someone hacks in and free-rides off your account.

There's something else to consider relating to fraud.  Back when we were first creating email validation systems email fraud was in its infancy. Now, personal data is available for sale for just a few dollars and the better the data, the more value it has. It's not just good guys who want to validate emails. We screen all our sign-ups to prevent people using our service to check stolen emails. If you're using a client side integration you could be opening the door for online thieves to scrub their stolen lists.

If you’re currently using a client side integration you might find it disturbing to follow Rowland as he walks through a demonstration of an API, how it works and how easy it is to hack. He also discusses licence keys, and how simple it can be to sidestep security and access email validation by spoofing a domain. He makes it look very easy. That’s because it is easy for anyone with a pretty basic technical level of expertise.

Once you’ve seen this video you’ll understand why we backed away from a client side approach. It’s very easy for people to rip you off. 

Technical users will enjoy watching at 5 minutes 43s...when the hack is shown

Rowland spoofs details to pretend that we’re using a domain which fools the API as he bypasses the access control that’s in place and bingo, he's accessing free email validation within moments.

What are the solutions to client side email checking?

If you’re wondering how to use an email validation API securely, check in at 8 minutes as Rowland considers three solutions in turn.

What are the solutions?
#1 token based integration -immensely complex and beyond a basic level of technical ability
#2 some sort of basic authentication – fairly complex, viable but far from simple
#3 server to server integration, which is what we do at Email Hippo

We feel strongly that client side integration for email validation APIs shouldn’t be used. It's a quick solution that brings many problems. There are wide-open security holes that can be exposed very easily.

We hope you find this video useful. 
If you’ve got any questions, please get in touch with comments here, via emailing [email protected] or contact us via twitter; @Email_Hippo

Monday, 18 December 2017

Mailchimp change to single opt-in. What does it mean for the GDPR?

Why has Mailchimp changed from double to single opt-in on sign-up forms?

If you use Mailchimp to manage your email lists and have a double-opt in sign-up form, you'll have had a notification telling you that your sign up form is going to switch to a single opt-in, unless you take steps to keep it as double. 

Who does it effect?

It's supposed to only impact Mailchimp users with primary contact addresses inside the USA. However, we know of companies (ourselves included) with a primary address in Europe who have had subscription double opt-in settings switch to single. 

What should I do? Should I care? 

First off, don't assume that because you're based in Europe you won't have been affected. Mystery-shop your site and check if your sign-up process is broken.  If you're not double-opting in within Europe you're working outside the data protection laws and setting yourself up for a problem with GDPR.  If your list process has changed and you're letting people sign-up with a single opt-in, you'll need to change your Mailchimp sign-up form process back to the double! (You do that on the List name and defaults page).

And 'yes', you should care. If you're in Europe and you're not double opt-ing in you're breaking the law. If you're outside Europe but your subscriber lists include European citizens you will be breaking the General Data Protection Regulation when it comes into force on May 25 2018.

You should also care if you use double-opt in as a way to filter bots and spam sign-ups from your list. Your door is now open and although Mailchimp will spot spam-sign up patterns and slow things down to prevent your list being oversubscribed by spammers, do yourself a favour and revert to double opt-in if the thought of spam bots keeps you awake at night.

Why has Mailchimp changed the sign-up process?

Nobody can see inside another company, but Mailchimp are a pretty straightforward bunch of people who share thoughts out loud and we can also make some pretty good, educated guesses about the reasons they don't chat about.

Sender reputation is massively important: 61% of double opt-in emails aren't opened

Mailchimp sends billions of emails each year and needs to have an impeccable IP reputation. Sending double-opt in emails that never get a response will drag down an IP reputation as open rates will be low. Only about 30% of double opt-in emails are opened, so switching to single-opt in makes the process quicker for subscribers and better for Mailchimp. 

Mailchimp is clear about the fact that all users are equal and access to IP addresses isn't filtered with those who pay more getting access to the IP addresses with best sender reputation. However, they're also clear about the fact that they categorise their IP addresses in relation the reputation of the subscriber. So your laggard subscribers who don't engage with you much will receive emails from a 'lower' IP address than those who open everything you send out. 

What's this got to do with single-opt ins? 

Mailchimp is looking after it's IPs. It has over 7,000 IP addresses by changing policy to remove many, many unopened emails. According to Mailchimp's own figures, about 61% of double-opt in emails don't get opened. So part of this change is likely to be some housekeeping that will have an overall positive effect on it's IP reputations. There isn't a limitless supply of IP addresses, it takes a while to warm up new ones and develop good sender reputations so Mailchimp is being sensible in looking after the ones its got. It will also save money in processing and storage - which is never a bad thing.

Also, let's consider what's been happening recently in the USA relating to email addresses. We've had massive data leaks, instances of disposable emails being used in combination with personal data to 'vote' on key issues fraudulently and let's not even get into whether emails and social media were used wrongly in the election campaign! Maybe (remember, we don't know and we're not saying this is the case - we're just making educated guesses) just maybe Mailchimp is doing some housekeeping in order to prompt users to freshen up lists, weed out the dead wood and keep it's systems watertight and prevent future email problems.

We've also got a hunch that a benefit of this massive change will be for Mailchimp to get into more dialogues with customers that will help shape some more, new, cool stuff in the future. On which note, Mailchimp has been popping more pop-up forms into it's newsletters. Pop-up forms work best as a single-opt in mechanism, so this move to single-opt in will also help businesses sign up more subscribers and ultimately sell more stuff. 

Finally, we reckon that Mailchimp's email filtering system, 'Omnivore' has developed enough to be a reliable screen for Mailchimp to be able to filter out spammy sign-up attempts from single-opt in sources. You can read more about that here in a developer article in the Mailchimp Blog.

Will my sign-up process break?

It shouldn't. But you ought to check. We had a couple of lists with low activity levels on free user accounts that have just disappeared.#justsaying 

Think about why you were using double-opt in in the first place. If it was to keep spam off your email list then take the advice of Mailchimp and enable a reCAPTCHA step in single opt-in processes. (You can do that in your List settings). 

My sign-up changed to single opt in. Do I still comply with GDPR?

Nope. Not if you've got email addresses on your list from Europe, or if you operate in Europe. You need to use double opt in. 

Actions to take as a result of Mailchimp's single opt-in change

  • Test your sign-up process, don't assume you aren't affected
  • Revert to double-opt in if the new European General Data Protection Regulation impacts you
  • Enable a reCAPTCHA stage if you decide to stick with single-opt in
For further reading, lose yourself in Mailchimp's Knowledge Base and blog and learn more about GDPR. 

Friday, 10 November 2017

General Data Protection Regulation (GDPR), ISO 27001 and Email Hippo

What is the GDPR?

The General Data Protection Regulation is a European Directive that is coming into force on May 25th 2018.

The regulation will be in force in all twenty eight countries within the European Union. Companies not based in the EU, who handle data relating to EU individuals will have to conform.

It replaces the Data Protection Act and in doing so extends the scope of the Act. The penalties under the GDPR are greater than those enforceable under the Data Protection Act.

Email Hippo is a UK based company. The UK government has confirmed that Brexit will not prevent the UK from being required to conform to this Directive. Regardless of the finer detail of any Brexit negotiation, Email Hippo will still conform to GDPR as it will be processing data about individuals of EU member states. It is possible that companies in the UK who deal solely with data relating to UK citizens will be required to conform to an alternate, comparable law post-Brexit.

Why does GDPR matter to Email Hippo customers?

Email Hippo customers upload lists of email addresses for bulk validation, or use the Email Hippo API to check email addresses on an individual basis.

It is understandable that customers want to be assured that data provided to Email Hippo is handled in a safe, secure environment and that Email Hippo will not store, copy or share the data.

Email Hippo customers will have their own uses for data and their own methods of collecting, storing and using data. The GDPR will impact all companies either based in the EU, or using or selling data about citizens of the EU to identify or contact EU individuals.  This document outlines the relationship between Email Hippo and its customers in relation to the ISO 27001 and the GDPR. If you need information about your specific implications for the GDPR relating to your company, please read here.

Email Hippo and ISO 27001

Email Hippo systems are ISO 27001 accredited. The ISO 27001 quality standard is an international best practise standard that applies to information security management and encompasses the people, processes and technology of Email Hippo.

Email Hippo adheres to the ISO 27001 framework and manages data in a way that minimises risk and maximises reporting efficiency.

The GDPR asserts that the Controller and Processor must ‘implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk.’ In addition,  GDPR Article 42 encourages companies to establish data protection certification mechanisms.

GDPR Article 43 mentions ISO/IEC (International Organization for Standardization) as being a named national accreditation body. The ISO is an independent non-governmental international organization, based in Switzerland. It has a membership of 162 national standards bodies around the world. The British Assessment Bureau is accredited by the UK government accreditation service (UKAS). UKAS is the sole accreditation body for ISO in the UK. The British Assessment Bureau certified the Email Hippo ISO 27001 system.

Email Hippo gained the ISO/IEC 27001 Information Security Management standard via the British Standards Institute (BSI). The BSI is the UK member of the ISO/IEC.

Email Hippo customers should be assured that Email Hippo information management systems are robust, relevant and fit for purpose in relation to conforming to GDPR.