This post was originally published in August 2018, and updated in October 2023.
At Marigold, we’re committed to keeping Campaign Monitor a safe and trusted application through our ongoing investment in security and reliability.
Over the last year, our product teams have been hard at work delivering a range of new features and product enhancements focused specifically on data privacy and security. These are available now across all account types to benefit all customers.
New reCAPTCHA updates to subscribe forms
Say goodbye to spambots! Whether you’re using a copy/paste subscribe form, a hosted form, or an embedded subscribe button to collect new subscribers, we’ve added an extra layer of security via Google’s reCAPTCHA service.
Implementing reCAPTCHA forms shows a huge reduction in spambot attacks and blacklistings, improves deliverability, and is essential in GDPR compliance.
Note: if you are using the HTML copy-paste forms, it’s recommended that you update your HTML code for added security, but you will still benefit from the updated Captcha until you update your form code.
Two-step verification
Two-step verification (also known as two-factor authentication) adds an extra security step to your login process. Once you log in to your account with your username and password, an additional code is sent to an authenticator app on your phone that’s required to successfully log in.
Account administrators can also work with our engineering team to apply a mandatory two-factor authentication policy to all users (or just to all administrators). Alternatively, customers will be able to go to an in-app security page and manage two-factor authentication themselves
Reach out to your Account Manager or contact support for more information.
Subscriber permission
Under the GDPR, obtaining permission requires that any processing be done with lawful purpose. Of the options outlined by the regulation, permission is best suited to marketers and their subscribers. We’ve updated our subscriber-related features to take into account how GDPR has updated the definition and practical application of getting that permission.
Now, you can ask for permission right from your HTML subscribe forms. You’ll also be able to link to your privacy and cookie policies if you have them, directly from the form. Existing subscribers can change their own permission and subscription settings in their preference center, providing you enable the option to do so.
Extending the security of our API
provides you with the flexibility to adapt the Campaign Monitor experience to suit your specific needs. To protect your data, we have always protected API access with either OAuth or an API key authentication to prevent against any unwanted access. And now extending this, we have made two additional security updates to our API.
Firstly, to further protect your data, we recently took steps to strengthen the security of the Campaign Monitor API key format and added the ability for customers to easily update their own API key. The new key is longer and uses the latest encryption techniques.
Secondly, we have discontinued APIs that do not encrypt your data as it moves across the internet. We are now solely focused on supporting HTTPS, an encrypted version of HTTP, which offers an extra layer of security for communications between a client and server, further protecting potentially sensitive information.
Wrap up
These updates are available to all Campaign Monitor customers and they’re built to heighten account and data security and help you gather consent from your subscribers, ultimately providing a more secure email experience from signup to send. For more information, feel free to contact our team.