I stumbled upon a pretty interesting piece of spam this morning (click thumbnail to zoom in—I censored the naughty stuff). It was a perfectly legit HTML email newsletter that a spammer stole from Men’s Health. They took the Men’s Health logo, design, code, and content, and left it all intact. Then they just replaced the lead story with their own “pharmaceutical” promotion. They even threw in an eye-catching thumbnail. Scary.

On the surface, it was pretty smart. A spammy piece of parasite content hiding inside of lots of “real” content. Surely, the spammer was banking on the fact that Men’s Health probably invested lots of time and energy in creating a newsletter that would “get past the spam filters.” Also, they used a publication that sends slightly racy content anyway, so inserting their spammy stuff wouldn’t really raise any red flags.

In the end, my spam filter still caught it. The spammer used “known-spammer” domains throughout the message. And despite the sophistication of the message itself, the subject line and “from” seemed like run-of-the-mill amateur spam. But this is a sign of things to come.

Just like how every email address in the universe has been spoofed by now, your HTML email newsletters will inevitably be spoofed as well.

If you’re a legit email marketer, one way to protect your newsletter’s “identity” is by authenticating all of your email marketing. An authenticated email basically contains a secret little piece of code that says, “this email is not a forgery.” Authentication is getting adopted by more and more ISPs, so it’s something you should be thinking about now. ISPs have already begun marking authenticated emails with little “verified” icons and stuff like that. But ISPs are suggesting that soon, they’ll outright block non-authenticated emails.

Here’s how to authenticate your campaigns in MailChimp (it’s free, and all it takes is one click).