Amlot notes

Marketing is security

My bank recently sent me two identical messages with the following content:

From: noreply@mybankname <noreply@mybankname>
Subject: A new code has been created for the banking app

Dear customer,

a code has been created for the [the name of my banking app].

If this wasn’t you, please call us at ### #### ####.

Best wishes

Internet-Banking Team

I’ve translated it from German, but I haven’t changed anything. That’s the entire message. No header or footer.

I hadn’t asked for a code, but I had had a problem with my account, and this message was sent automatically as a result of the problem.

When I told the bank it looked like spam, they said “Ah yes, but it’s sent automatically”.

Transactional, automated emails are part of how we engage with websites, services and products. But they’re also an opportunity to engage with your audience, to reassure and inform them.

There is a way of doing this elegantly and efficiently. Here’s one suggestion that might not have worried me so much:

From: MyBankName notifications <noreply@mybankname>
Subject: A new code has been created for the banking app

This is an automated message created by our system

A new code has been created for your banking app. This can be for one of the following reasons:

You asked for a new code
A staff member created this code for you.
It was created in error

If you have any questions, or if you’re not expecting a new code, please call ### #### #### and we’ll be happy to help.

This message was sent by [bank name, department, contact number].

To show this message really is from us, here are the last three numbers of your account number and the first three letters of your street address.


For further information, please call ### #### ####.

Bank name, address, legal info.

And that’s it. The “Dear customer” and “Best wishes” are irrelevant tropes (also called robot texts) that are pointless throwbacks to personal letters. Adding them to an automated code generator is silly (or at least do it properly).

When your bank warns you about phishing attacks and then sends you emails that look like phishing emails, something needs to change.

Marketing is security!

An Amlot note by Jonathan Irons

This Amlot note was published on

August 11, 2021