Should email security have its own slack channel?

Key findings

• Overlap recognized: Many discussions initially perceived as deliverability issues often uncover underlying compliance or security problems. Email deliverability problems can stem from security misconfigurations.
• Distinction highlighted: Security topics such as STARTTLS, DANE, and MTA-STS are not strictly mandatory for email delivery, although they are critical for securing mail flow. These are often more aligned with mail transfer agent (MTA) operations than marketing deliverability.
• Volume of discussion: The practicality of a new channel depends on whether there's sufficient, ongoing volume of specific security-related discussions to justify its existence, preventing it from becoming a 'one-off' or sparsely used channel.
• Phishing and attacks: Email remains a primary vector for cyberattacks, including phishing and business email compromise (BEC). Addressing these broader security concerns might warrant a dedicated space that goes beyond typical deliverability troubleshooting.

Key considerations

• Channel sprawl: Creating too many specialized channels can lead to fragmentation, making it harder for members to find relevant discussions or decide where to post. This can also dilute participation in existing, broader channels.
• Clear scope: If a new channel is created, its scope needs to be clearly defined to avoid confusion and ensure that discussions stay on topic. For instance, distinguishing between email security (threats, encryption) and email authentication (SPF, DKIM, DMARC) is essential.
• Existing alternatives: Some communities might already have an 'operations' or 'sysadmin' channel where technical security aspects like StartTLS, DANE, and MTA-STS are more appropriately discussed. See Slack's security tips for general workspace security.
• Engagement: The success of a new channel hinges on active participation. Without a critical mass of interested members, it might not provide the intended value.

Key opinions

• Deliverability focus: Many marketers primarily care about whether their emails reach the inbox, viewing security as a supporting element rather than a distinct, separate field of discussion.
• Practicality over granularity: There's a preference for channels that encompass broader topics like 'deliverability' to avoid excessive specialization, which can lead to fragmented conversations.
• Overlap with compliance: Some marketers find that issues initially identified as deliverability problems often evolve into discussions about email compliance, which has strong security implications (e.g., proper opt-in, data handling). Understanding blocklist impacts can be crucial here.
• Less direct impact: Highly technical security topics, such as specific encryption protocols (e.g., STARTTLS), are often seen as the domain of Mail Transfer Agent (MTA) operators or Email Service Providers (ESPs), not directly relevant for daily marketing tasks.

Key considerations

• Consolidated discussions: Maintaining broader channels (like general deliverability) keeps related discussions together, which can be helpful for marketers who need a holistic view of email performance, even if it touches on security.
• Threading for clarity: Using Slack threads effectively within a general channel can help segment specific security-related discussions without needing a separate channel. This maintains context within a broader deliverability conversation. For more information, read about best practices for using threads in Slack.
• Accessibility of information: If security topics are too niche, a separate channel might not attract enough participants to make discussions valuable, potentially leaving questions unanswered. Communication needs to be streamlined and accessible.
• Holistic view: From a marketer's standpoint, email communication channels, whether Slack or email, serve different purposes. As Superhuman Blog notes, most teams benefit from using both tools for internal communication.

Key opinions

• Security vs. deliverability distinction: Experts emphasize that email security (e.g., STARTTLS, DANE, MTA-STS) is distinct from deliverability. While highly recommended for best practices and integrity, these aren't always prerequisites for an email to be delivered. However, they are becoming increasingly important for sender requirements.
• Operational fit: Many email security topics, particularly those related to MTA configuration and email system administration, fit well within an 'operations' or 'sysadmin' focused channel rather than a purely 'deliverability' one.
• Broad security scope: Email security encompasses a wide range of topics, including message authentication, user security, and content scanners. These go beyond the typical scope of deliverability discussions centered on inbox placement.
• Risk mitigation: Email is a significant vector for cyberattacks, with substantial financial implications (e.g., Business Email Compromise). A dedicated forum allows for focused discussion on mitigating these risks, which might be too specialized for a general deliverability channel.

Key considerations

• Channel purpose: The primary goal of a deliverability channel is often to address 'what happened to my email' scenarios. While security impacts this, a specific channel might be too granular for the general user base seeking deliverability solutions.
• Community participation: Even with expert consensus on the distinct nature of security, the success of a new channel depends on whether there's sufficient community interest and active engagement to sustain it. This also relates to how email communities choose their platforms.
• Interdisciplinary discussions: Some topics naturally bridge deliverability and security, such as DMARC authentication. Maintaining a degree of flexibility in channel discussions, perhaps through threading, can be beneficial.
• Defining scope: Before creating a new channel, a clear definition of 'email security' within that community's context is needed to ensure it serves a unique purpose and attracts the right audience. As noted by Expert Insights, security measures are crucial, as Slack (like email) requires users to be vigilant about phishing.

Key findings

• Encryption standards: Documentation outlines protocols like STARTTLS for opportunistic encryption, DANE for DNS-based Authentication of Named Entities, and MTA-STS for Mail Transfer Agent Strict Transport Security. These are foundational to secure email transport.
• Threat landscape: Official sources detail that email is a primary vector for cyberattacks, including phishing, malware distribution, and Business Email Compromise (BEC), emphasizing the need for robust defensive measures.
• Platform security: Platforms like Slack implement strong encryption and security practices, but their effectiveness still relies on user vigilance against threats such as phishing attacks and spam messages.
• Authentication protocols: Standards like SPF, DKIM, and DMARC are crucial for message authentication, ensuring that emails originate from legitimate sources and have not been tampered with. These directly impact both security and sender reputation.

Key considerations

• Comprehensive security posture: Organizations must adopt a multi-layered security approach, securing not just email but also collaborative platforms to prevent them from becoming entry points for attackers. This includes practices like two-factor authentication.
• User awareness: Despite robust technical controls, user education and awareness remain critical. Documentation frequently stresses the human element in email security, warning against sharing sensitive information or clicking suspicious links.
• Regulatory compliance: Email security often ties into broader regulatory and legal compliance requirements. Understanding RFCs and other standards is vital for adhering to these. For instance, RFC 5322 is important here.
• Integration with operations: Many security configurations and monitoring fall under IT or mail operations. This requires close collaboration between security teams and those managing email infrastructure. Slack's own documentation on security solutions highlights collaborative security.