MailChimp tightens up security – will other email marketing services follow suit?

MailChimpI may be a little late to the party, but I was pleased to discover today that MailChimp – a popular online tool used by companies and individuals for managing email campaigns – has tightened up its security with a number of new features.

If you’ve never been involved in managing mailing lists, you might not be familiar with MailChimp. But it’s certainly made a name for itself both through its ease-of-use and strong branding courtesy of its chimp mascot.

In an email to its users, MailChimp explains that the new security features are “optional but strongly encouraged”:

* TXT and email security alerts: MailChimp can send your phone an SMS text message when it detects a login, attempted list download, or other change that might affect your account’s security. Email alerts are also available. More info.

Sign up to our free newsletter.
Security news, advice, and tips.

* Detect location changes: If someone logs in to your account from a different location than usual (determined via the IP address used), MailChimp users can force them to answer your account security question. More info.

* Multi-factor authentication: Whenever you log in to MailChimp, a passcode – generated from a smartphone – can be required. More info.

Personally, I think all of these options make a lot of sense for people who manage their mailing lists, and although I would prefer for there to be an option for a physical keyfob generating an authentication passcode, I think MailChimp has done some good work here.

No doubt MailChimp is very aware of the harm that was done to one of its larger rivals, Epsilon, who suffered a horrendous mega-leak of email addresses last month which tarnished many well-known brand names.

Epsilon’s lax security meant that many internet users received email alerts from organisations of which they’re customers, including Best Buy, McKinsey Quarterly, Beachbody, 1800Flowers.com, Marks & Spencer, Hilton, AbeBooks and Lacoste:

Epsilon leaks email

None of MailChimp’s new security features can completely protect accounts from hackers, of course. But they certainly can make life much more complicated for cybercriminals.

And don’t forget, if you manage a mailing list of thousands of customers, the last thing you need is for a criminal to gain access to that list and begin to spam out malicious messages to your users.

If you’d like to understand more about e-marketing security why not read Sophos’s Best practices top 10: Keep your e-marketing safe from threats guide all about how to avoid security vulnerabilities in your e-marketing strategy.


Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "The AI Fix" and "Smashing Security" podcasts. Follow him on Bluesky, Mastodon, and Threads, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.