In this episode, Barbara and Gary discuss:

  • Cybersecurity systems and its extension to email marketing as well
  • Why people hit the spam button and how you can avoid it
  • Why people get blacklisted and how you can avoid it

Key Takeaway:

Format your email so that it looks good on both the computer and the phone or mobile devices.  Only send emails to people who have opted in and want your emails. “- Gary Chan

 Connect with Gary Chan:  



Connect with Barbara Hales: 

Twitter:   @DrBarbaraHales



Show website:



YouTube: TheMedicalStrategist




Barbara:         Welcome to another episode of Marketing Tips for Doctors. I’m your host, Dr. Barbara Hales. And today, we’re lucky to have with us, Gary Chan.

Companies hire Gary Chan to help them build or improve their cybersecurity program. He has 16 years of experience, four security certifications, and an Electrical Engineering and Computer Science degree from MIT. Having worked in over a dozen countries, Gary has deployed security solutions to multiple state agencies, built the information security program for large-cap companies, mentored cybersecurity startups, and given seminars on cybersecurity. He’s here today to talk about how we can use security skills and ideas for anything including email marketing. Welcome to the show, Gary.


Gary:              It’s a pleasure to be here, Barbara. Thank you for having me.


Barbara:         Well, you have a lot to impart I’m sure because your resume is extremely impressive.


Gary:              Thank you.


Barbara:         How did you get into the business of marketing emails from security? It doesn’t seem to me to be a natural shift.


Gary:              Well, I agree with that. So actually, I’m still security and not marketing. What I think most people don’t know is that security underpins a lot of things in business. And what I learned was that I could use security knowledge and skills in the traditional ways to defend companies as what most people think or to do other things like help with marketing. So security basically underlies everything that I do and my only point is we can use it for pretty much anything.


Barbara:         Well, that’s absolutely true and we need to use it for absolutely everything. If I receive an email that I don’t want, you know, I’ll click Spam. What happens when I click the Spam button?

The Spam Button

Gary:              So when you click the Spam button, what that does is it tells that provider that you think it’s Spam. And so just at a very high level, you know, these email providers — And at this point, pretty much everyone uses either Gmail or Microsoft Office and there are a few other ones too. But whenever a lot of people click Spam, what they do is they try to use machine learning, so like artificial intelligence, to figure out, you know, what’s the commonality. Is it the same sender? Is it certain words that are in there? You know, what’s going on here, right?

So if a lot of people are clicking that particular email as spam, it’ll look at that and say, well, in that case, anything that matches this rule, you know, from this particular sender, you know, on this particular subject or whatever, that’s spam. And then it sort of will put that aside into the Spam folder for the other things. So what you do actually affects what happens in other people’s mailboxes. And if, you know, people do that time and again always from, for example, this sender, then at some point they get on a blacklist and no matter what they send, it’ll always end up in people’s spam boxes.


Barbara:         Ouch! That hurts.


Gary:              Yeah. It does, it does. And I think a lot of times people, they’ll send a lot of emails. They don’t really know what’s going on and they end up on the blacklist and they don’t even know, right? And a lot of people wouldn’t even get their emails because, you know, they’re not getting it. So, they’re not responding.


Barbara:         How do you discover that other than saying, you know, to each person, hey, did you get my email?

What if You Get Blacklisted?

Gary:              That’s kind of what you have to do actually. And there are a lot of times that you know, if you send it to a particular email provider, I’ll just use Gmail and Microsoft because everybody knows those, maybe it ends up arriving in Gmail but not arriving in people’s Outlook. And it’s true that Microsoft spam filters tend to be a little bit more aggressive than Gmails just on average but I’m sure you can find exceptions. But yeah, you basically just need to ask people or you can try testing it yourself. So, you can set up your own Gmail and your own Microsoft and your own — A lot of people use like AOL, Yahoo, all these things. You can set those up and then see if, you know, it makes it or not. But at some point, it’s just people telling you and you get the idea that people are not getting your emails.


Barbara:         If you have been blacklisted, is there any way to get off the list? Or is it just the way that you’re structuring your email?


Gary:              It’s really, really hard to get off the list once you’re on it. So that’s why, you know, I think it’s always good to have a proactive conversation, right? So to give you an idea, so you know, once you’re on the blacklist, it’s not like there’s one global blacklist that everybody uses. There’s like a dozen. There are two dozen. There’s a whole bunch of them. And so you know, you’re basically going to have to apply to each of those, to the administrator of each of those blacklists and say, hey, I’m not a spammer.

But guess what, like every other spammer is also applying to them to get off the list too. So they’re not going to verify everybody. So once you’re on it, you’re kind of on it. It’s very difficult to not be. So that’s why you always want to have that conversation upfront and be like, hey, what are the things that you’re doing? Are you setting things up appropriately so that in the end, you know, you don’t end up being on a blacklist and you can’t be removed without completely changing your company name or your email account or something like that?


Barbara:         Wow!


Gary:              Because that’s what some people actually end up having to do in order to get their emails across because they’ve just been blacklisted.


Barbara:         Email deliverability is a measure of how many of your emails actually reach your subscriber’s inbox to what we were just saying. How much does security knowledge improve email deliverability?


Gary:              Quite a bit actually. I would say that, you know, just to compare it, right, a lot of marketing folks will do things like figure out when is the best time to send an email, you know so that people will see it or maybe they want to tweak some words in there to try to, you know, get into some people’s mailboxes. That has some effect but frankly, if you’re configuring it properly you can easily multiply your deliverability by like three times, sometimes even more, simply by doing it correctly. Technically, you can get those emails into your reader’s hands or I guess mobile phones much more effectively than all the other things that people tend to do.


Barbara:         Are there different types of emails that listeners should be aware of?


Gary:              Yeah. So, there are generally three different types. The first is personal emails. And by personal I don’t mean, I just mean that it’s to me, right? So it could be me at my business account, you know, gary@mybusiness or it could be gary@gmail, like my personality. So there’s the personal email that you send one to one. And those generally aren’t a problem. You’re not sending thousands of emails per day or anything like that. It generally wouldn’t get picked up by the spam stuff unless you’re sending I guess, well unless you really are sending it to thousands of people a day. I don’t know how many emails you write. But then —


Barbara:         That’s certainly not me.


Gary:              Right, right. Then the second is your transactional email. So that’s an automated email that’s sent as a result of a trigger or an event. When you buy something from Amazon, it says, hey, thank you, Barbara, for buying this toaster from us, you know. And here’s your tracking information. Well, only you’re getting that, right? And you did something to create that to happen so that’s called a transactional email and that’s handled differently as well.


And then you have marketing emails which are, you know, hey, I’m Barbara and you know, you’re sending it out to a mass number of people. They’re not necessarily — They may have signed up for your mailing list but they’re not asking you specifically to send them that email. They’re not triggering anything for you to do that. And that would be a marketing email. And that’s what we’re talking about here today. And I’ll just sort of add the reason it’s important to distinguish between these is that what I see oftentimes is people, they mix them up.


Like some people when they have a local club, right? So like I belong to a magic club and they send out a newsletter every month. And someone uses their personal email to send it out to like a couple of hundred people every month.

Well, over time, like half of those people turn over. So like after three or four years, those people no longer want to get it. But rather than respond to them and say, I don’t want your newsletter, they click its spam. And so now that person even though he was just trying to be nice and do right by the club, all of his emails, they always go to Spam, like even his personal emails now because he never separated between, you know, his marketing emails and his personal emails. And that’s the way that all these companies are going to be categorizing, into those three categories and then they handle them differently.


Barbara:         Is there a way that you would send out your emails so that the search engine can distinguish between it being personal versus business?


Gary:              Sure. You can definitely do things differently. I would say it’s not the search engine that matters. It’s really more the email systems, right? So, they have spam filters and things like that that are attached to them. But there are a number of things that you can do. I break them out into a few different categories and each of these categories has a number of things. I don’t think we’ll have time to talk about all of them. But there are things you can do before sending your email like making sure that you have a good list of subscribers, that they are actually real people.

Some people like buy lists, right, and they’re not real to some extent, you know. So, you have to understand the law which we can talk about. You have to understand the technical setup like how are you doing it. That’s probably a part that I think most doctors, are very competent but not necessarily. They’re more on the body not as much on the computer stuff. That is an area that could be improved. You want it testing. We talked a little bit about, you know, opening up your own free accounts in different places and testing it. How you write the message. When you’re sending it. What you’re doing. You know, so these are the different categories of areas that people can be addressed proactively in order to send out emails that will reach their audiences.


Barbara:         Well, that’s really important. Can you tell us about some of the email marketing that a person can do to optimize it?


Gary:              Sure. So we can talk about kind of each of those areas that I mentioned in a little bit more detail if that’s helpful.


Barbara:         And could you explain a little bit about what the CAN-SPAM Act is all about?


Gary:              So yeah. There’s a law out there that’s called the CAN-SPAM Act and it was to sort of help prevent spam. I don’t know how effective it is. But if you just look up CAN-SPAM, C-A-N dash S-P-A-M, there’s a list of like seven things that everybody has to do. And one of those things I think most people don’t know is that you’re supposed to put a valid physical postal address in every email that you send if it is a marketing email. And the idea is that spammers generally wouldn’t have a physical address. And so if you don’t have that in there, that is a flag for some of these other companies to say, hey, you know, they’re not even following the CAN-SPAM Act so it is probably going to be spam. So if they think it is a marketing email that doesn’t follow the CAN-SPAM Act, they will often put it into the Spam box.


Barbara:         How do you know if your market has sufficient bandwidth for the information that you’d like to send out?


Gary:              I didn’t quite understand the question. Could you paraphrase that?


Barbara:         Well, sometimes if a person wants to send out content, their consumers don’t have the bandwidth to receive it so that instead of having images and videos, that you really are restricted to using just a small amount of, you know, verbiage to sell. How do you know if that’s going to be an issue?


Gary:              Sure. So something like that, I would just say you have to use a rule of thumb, right? So generally speaking, you’re not going to know exactly what the bandwidth is for any of your receivers. You wouldn’t know that unless somebody shows you or tells you about it. So what you’re going to have to do is just make certain assumptions, right? So if you think that most of the people who are receiving it are going to be looking at it on their phones or over the internet on Wi-Fi, you can make certain assumptions.

I would say that if you could send an email that’s, you know, no more than a couple of hundred kilobytes, that’s probably perfectly fine. Like you should be able to load that on any phone. Just recognize that some folks will set it so that they don’t autoload images. So you may not — You know, whatever you see on your screen might not show up on their screen because they are not loading images. And you also want to make sure that you’re formatting it in a way that looks good on both the computer and also on the phone. So those are some things you might want to think about. But if you can keep it to less than, you know, a couple of hundred kilobytes, I think you would be perfectly fine. Just don’t make it megabytes and megabytes because, yeah, that would be a problem.


Barbara:         Okay. So what we could take from this is that, you know, things are changing all the time. And when you’re talking about business, it’s really crucial to get a security expert in on the ground floor before you wind up with a problem because if you’re blacklisted, you know, that’s like professional death.


Gary:              Yeah. It makes it much more challenging for them to get the information that you’re trying to send out. Yes.


Barbara:         Yes. And in terms of business, you’re probably much better off outsourcing it to an expert instead of, you know, trying to do these things yourself.


Gary:              I would say so. I do think that a lot of people like to just do it on their own because it saves money. And my point is that yeah, it does save you a lot of money but you’re also probably not getting a return because people aren’t getting your emails. So I would suggest that if it is something that you want to do on your own that you just read up on marketing emails and understand all of the different aspects of what you can do like not just what you write in the content but also the technical stuff. And if you read it and your eyes glaze over, then you probably are better off outsourcing it and finding some help. But if you do read it and understand all of it and can do it, then you just need to set aside the time to actually do it. And if you don’t do any of those things, then don’t be surprised if people aren’t getting your newsletters.


Barbara:         Gary, how can our listeners reach you? I’m sure that they’re intrigued by your services and are just chomping it to bits to have you work with them.


Gary:              Well, I appreciate that. You can reach me at my website, Alfizo, A-L-F-I-Z-O, dot com. And if you just scroll to the bottom, there’s a contact form and, you know, they can reach out there and I’ll always respond.


Barbara:         Well, thank you so much for being with us today. It was really very enlightening. This has been another episode of Marketing Tips for Doctors with your host, Dr. Barbara Hales, speaking with Gary Chan. Thank you.


Gary:              Thank you.


Barbara:         Till next time.