Proper customer email correspondence

Despite the expenditure of a great deal of effort, users are still ill-prepared for email-borne threats. Much of this is due to the mixed messages users receive. We tell users to not click on links in email to strange websites, then send them surveys from third-party companies they've never heard of and encourage them to participate. We tell users to not open attachments they're not expecting, then send out broadcast messages to many recipients with a PDF containing the information they need to read. When I say "we," I don't mean security analysts, but rather employers, service providers, vendors, etc. It's no wonder users still have no idea when they can and can't click on a link, or open an email or attachment.

I get my car insurance from Progressive. Yesterday, I received the following email. This is the type of actions that are needed to maintain user diligence and continue to leverage email as an effective communication mechanism.

======================================================================

Important changes are coming soon to your Progressive e-mails.
======================================================================

Dear MICHAEL CLOPPERT:

We're writing to let you know about some important changes to your
Progressive e-mails to ensure that you continue to receive and
recognize them.

Please note these key changes in your e-mails over the next few
months:

- E-mails will be sent from a new address:
customerservice@email.progressive.com

Please add this e-mail address to your address book or approved
senders to ensure that our e-mails reach you.

- Links in the e-mail will point to re.progressive.com instead of
re.progressivedirect.com.