MailChimp tightens up security – will other email marketing services follow suit?

MailChimpI may be a little late to the party, but I was pleased to discover today that MailChimp – a popular online tool used by companies and individuals for managing email campaigns – has tightened up its security with a number of new features.

If you’ve never been involved in managing mailing lists, you might not be familiar with MailChimp. But it’s certainly made a name for itself both through its ease-of-use and strong branding courtesy of its chimp mascot.

In an email to its users, MailChimp explains that the new security features are “optional but strongly encouraged”:

* TXT and email security alerts: MailChimp can send your phone an SMS text message when it detects a login, attempted list download, or other change that might affect your account’s security. Email alerts are also available. More info.

* Detect location changes: If someone logs in to your account from a different location than usual (determined via the IP address used), MailChimp users can force them to answer your account security question. More info.

* Multi-factor authentication: Whenever you log in to MailChimp, a passcode – generated from a smartphone – can be required. More info.

Personally, I think all of these options make a lot of sense for people who manage their mailing lists, and although I would prefer for there to be an option for a physical keyfob generating an authentication passcode, I think MailChimp has done some good work here.

No doubt MailChimp is very aware of the harm that was done to one of its larger rivals, Epsilon, who suffered a horrendous mega-leak of email addresses last month which tarnished many well-known brand names.

Epsilon’s lax security meant that many internet users received email alerts from organisations of which they’re customers, including Best Buy, McKinsey Quarterly, Beachbody,, Marks & Spencer, Hilton, AbeBooks and Lacoste:

Epsilon leaks email

None of MailChimp’s new security features can completely protect accounts from hackers, of course. But they certainly can make life much more complicated for cybercriminals.

And don’t forget, if you manage a mailing list of thousands of customers, the last thing you need is for a criminal to gain access to that list and begin to spam out malicious messages to your users.

If you’d like to understand more about e-marketing security why not read Sophos’s Best practices top 10: Keep your e-marketing safe from threats guide all about how to avoid security vulnerabilities in your e-marketing strategy.