This post was originally published in August 2018, updated in July 2019.
At CM Group, we’re committed to keeping Campaign Monitor a safe and trusted application through our ongoing investment in security and reliability.
Over the last year, our product teams have been hard at work delivering a range of new features and product enhancements focused specifically on data privacy and security. These are available now across all account types to benefit all customers.
New reCAPTCHA updates to subscribe forms
Say goodbye to spambots! Whether you’re using a copy/paste subscribe form, a hosted form, or an embedded subscribe button to collect new subscribers, we’ve added an extra layer of security via Google’s reCAPTCHA service.
Implementing reCAPTCHA forms shows a huge reduction in spambot attacks and blacklistings, improves deliverability, and is essential in GDPR compliance.
Note: if you are using the HTML copy-paste forms, it’s recommended that you update your HTML code for added security, but you will still benefit from the updated Captcha until you update your form code.
Two-step verification (also known as two-factor authentication) adds an extra security step in your login process. As soon as you log in to your Campaign Monitor account with your username and password, an additional code is sent to an authenticator app on your phone that’s required to successfully log in. Despite the extra step, we strongly recommend it, as the security benefits are worth it.
Under the GDPR, obtaining permission requires that any processing be done with lawful purpose. Of the options outlined by the regulation, permission is best suited to marketers and their subscribers. We’ve updated our subscriber-related features to take into account how GDPR has updated the definition and practical application of getting that permission.
Now, you can ask for permission right from your HTML subscribe forms. You’ll also be able to link to your privacy and cookie policies if you have them, directly from the form. Existing subscribers can change their own permission and subscription settings in their preference center, providing you enable the option to do so.
Extending the security of our API
provides you with the flexibility to adapt the Campaign Monitor experience to suit your specific needs. To protect your data, we have always protected API access with either OAuth or an API key authentication to prevent against any unwanted access. And now extending this, we have made two additional security updates to our API.
Firstly, to further protect your data, we recently took steps to strengthen the security of the Campaign Monitor API key format and added the ability for customers to easily update their own API key. The new key is longer and uses the latest encryption techniques.
Secondly, we have discontinued APIs that do not encrypt your data as it moves across the internet. We are now solely focused on supporting HTTPS, an encrypted version of HTTP, which offers an extra layer of security for communications between a client and server, further protecting potentially sensitive information.
These updates are available to all Campaign Monitor customers and they’re built to heighten account and data security and help you gather consent from your subscribers, ultimately providing a more secure email experience from signup to send. For more information, feel free to contact our team.