Welcome!

News Feed Item

Online Trust Alliance Finds Businesses and Government Failing Fight Against Spear Phishing and Deceptive Emails

91.7 Percent Fail to Provide Adequate Email Security

SEATTLE, WA -- (Marketwired) -- 08/06/14 -- The Online Trust Alliance (OTA), the non-profit with the mission to enhance online trust, announced today the results of its 2014 Email Integrity Audit report, including its Email Trust Scorecard. Out of emails from nearly 800 top consumer websites evaluated, OTA found only 8.3 percent passed and thus 91.7 percent failed.

OTA's report revealed the overwhelming majority of businesses and government agencies are not following adequate steps to help ensure consumers and business partners can discern if emails coming from their domain are genuine or forged. The Scorecard measures the adoption of three critical email authentication protocols: Sender Policy Framework (SPF), DomainKeys Identified Mail (DKIM) and Domain-based Message Authentication, Reporting and Conformance (DMARC).

"When organizations implement specific protocols, the results are increased consumer protection from malicious and fraudulent email and strengthened brand reputation," said OTA Executive Director and President Craig Spiezle. "Despite the obvious benefits, the majority of organizations have yet to adopt practices comprehensively, putting consumers and their brands at risk."

The scorecard found emails purportedly to be from social media companies to be most trustworthy and federal agencies to be least, with all sectors failing significantly to adopt email security best practices.

Specifically, the percentage of companies passing the OTA Email Trust Scorecard broke down as follows:

  • 28 percent of the top 50 social media companies
  • 17 percent of the top 100 financial services companies
  • 14 percent of the top 100 Internet retail companies
  • 6 percent of the top 50 news companies
  • 6 percent of the top 500 Internet retailers
  • 4 percent of the top 50 U.S. government agencies

A complete list of organizations passing the scorecard can be found at https://otalliance.org/emailaudit.

OTA Recommendations
By utilizing email authentication, organizations can help protect their brands and consumers from receiving forged email. Both DKIM and SPF are email authentication protocols designed to detect email spoofing by providing a mechanism to allow receiving mail servers to confirm the authenticity of the email. Building on SPF and DKIM protocols, DMARC adds a policy assertion providing receiving networks (ISPs and corporate networks) direction on how to handle messages that may fail authentication. Equally as important, DMARC provides a reporting mechanism back to the brand/domain owner.

"DMARC allowed us to dramatically reduce the number of emails forged to our users," said Josh Aberant, Postmaster at Twitter. "That was a direct benefit to our users by blocking these impersonations."

"Over 400 million Microsoft users worldwide are realizing the benefits of SPF, DKIM and DMARC. As email threats and spear phishing grow, every business should make email authentication a priority to help protect their consumers, their employees and their brands," said John Scarrow, General Manager Safety Services, Microsoft Corporation.

"Implementing DMARC stopped nearly 25 million attempted attacks on our customers. Not only is DMARC shutting down spoofed domain attacks, but it has also cut the overall volume of daily attacks in half since 2012," added Trent Adams, Senior Advisor on Email Security for PayPal and eBay Inc.

In addition to implementing SPF, DKIM and DMARC, OTA recommends adopting Transport Layer Security (TLS) technology and clear unsubscribe policies in order to enhance consumer trust. TLS is a protocol that encrypts and delivers mail securely thus helping prevent eavesdropping on and spoofing emails. For a complete rundown of email and related best practices visit https://otalliance.org/best-practices.

The 2014 Email Integrity Audit is supported by a broad group of companies and organizations. Additional supporting quotes can be found at https://otalliance.org/news-events/press-releases/industry-support-email-integrity-best-practices.

OTA will host a webinar on Wednesday, August 13 from 9-10 a.m. PDT, reviewing the data and research. Registration information is at https://otalliance.org/Email-Integrity-Audit.

About The Online Trust Alliance (OTA): The Online Trust Alliance (OTA) is a 501c3 non-profit with the mission to enhance online trust and user empowerment while promoting innovation and the vitality of the Internet. OTA's goal is to help educate businesses, policy makers and stakeholders while developing and advancing best practices and tools to enhance the protection of users' security, privacy and identity. OTA supports collaborative public-private partnerships, benchmark reporting, meaningful self-regulation and data stewardship. https://otallliance.org

Contact:
Andrew Goss
VOXUS Inc. (for OTA)
253.444.5446
Email Contact

More Stories By Marketwired .

Copyright © 2009 Marketwired. All rights reserved. All the news releases provided by Marketwired are copyrighted. Any forms of copying other than an individual user's personal reference without express written permission is prohibited. Further distribution of these materials is strictly forbidden, including but not limited to, posting, emailing, faxing, archiving in a public database, redistributing via a computer network or in a printed form.

Latest Stories
What if you could build a web application that could support true web-scale traffic without having to ever provision or manage a single server? Sounds magical, and it is! In his session at 20th Cloud Expo, Chris Munns, Senior Developer Advocate for Serverless Applications at Amazon Web Services, will show how to build a serverless website that scales automatically using services like AWS Lambda, Amazon API Gateway, and Amazon S3. We will review several frameworks that can help you build serverle...
Deep learning has been very successful in social sciences and specially areas where there is a lot of data. Trading is another field that can be viewed as social science with a lot of data. With the advent of Deep Learning and Big Data technologies for efficient computation, we are finally able to use the same methods in investment management as we would in face recognition or in making chat-bots. In his session at 20th Cloud Expo, Gaurav Chakravorty, co-founder and Head of Strategy Development ...
"Peak 10 is a national cloud data center solutions managed services provider, and part of that is disaster recovery. We see a growing trend in the industry where companies are coming to us looking for assistance in their DR strategy," stated Andrew Cole, Director of Solutions Engineering at Peak 10, in this SYS-CON.tv interview at 18th Cloud Expo, held June 7-9, 2016, at the Javits Center in New York City, NY.
The essence of cloud computing is that all consumable IT resources are delivered as services. In his session at 15th Cloud Expo, Yung Chou, Technology Evangelist at Microsoft, demonstrated the concepts and implementations of two important cloud computing deliveries: Infrastructure as a Service (IaaS) and Platform as a Service (PaaS). He discussed from business and technical viewpoints what exactly they are, why we care, how they are different and in what ways, and the strategies for IT to transi...
Culture is the most important ingredient of DevOps. The challenge for most organizations is defining and communicating a vision of beneficial DevOps culture for their organizations, and then facilitating the changes needed to achieve that. Often this comes down to an ability to provide true leadership. As a CIO, are your direct reports IT managers or are they IT leaders? The hard truth is that many IT managers have risen through the ranks based on their technical skills, not their leadership abi...
Information technology (IT) advances are transforming the way we innovate in business, thereby disrupting the old guard and their predictable status-quo. It’s creating global market turbulence. Industries are converging, and new opportunities and threats are emerging, like never before. So, how are savvy chief information officers (CIOs) leading this transition? Back in 2015, the IBM Institute for Business Value conducted a market study that included the findings from over 1,800 CIO interviews ...
SYS-CON Events announced today that CA Technologies has been named “Platinum Sponsor” of SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY, and the 21st International Cloud Expo®, which will take place October 31-November 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. CA Technologies helps customers succeed in a future where every business – from apparel to energy – is being rewritten by software. From ...
Niagara Networks exhibited at the 19th International Cloud Expo, which took place at the Santa Clara Convention Center in Santa Clara, CA, in November 2016. Niagara Networks offers the highest port-density systems, and the most complete Next-Generation Network Visibility systems including Network Packet Brokers, Bypass Switches, and Network TAPs.
Web Real-Time Communication APIs have quickly revolutionized what browsers are capable of. In addition to video and audio streams, we can now bi-directionally send arbitrary data over WebRTC's PeerConnection Data Channels. With the advent of Progressive Web Apps and new hardware APIs such as WebBluetooh and WebUSB, we can finally enable users to stitch together the Internet of Things directly from their browsers while communicating privately and securely in a decentralized way.
Extreme Computing is the ability to leverage highly performant infrastructure and software to accelerate Big Data, machine learning, HPC, and Enterprise applications. High IOPS Storage, low-latency networks, in-memory databases, GPUs and other parallel accelerators are being used to achieve faster results and help businesses make better decisions. In his session at 18th Cloud Expo, Michael O'Neill, Strategic Business Development at NVIDIA, focused on some of the unique ways extreme computing is...
SYS-CON Events announced today that HTBase will exhibit at SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY. HTBase (Gartner 2016 Cool Vendor) delivers a Composable IT infrastructure solution architected for agility and increased efficiency. It turns compute, storage, and fabric into fluid pools of resources that are easily composed and re-composed to meet each application’s needs. With HTBase, companies can quickly prov...
SYS-CON Events announced today that Outlyer, a monitoring service for DevOps and operations teams, has been named “Bronze Sponsor” of SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY. Outlyer is a monitoring service for DevOps and Operations teams running Cloud, SaaS, Microservices and IoT deployments. Designed for today's dynamic environments that need beyond cloud-scale monitoring, we make monitoring effortless so you ...
SYS-CON Events announced today that MobiDev, a client-oriented software development company, will exhibit at SYS-CON's 20th International Cloud Expo®, which will take place June 6-8, 2017, at the Javits Center in New York City, NY, and the 21st International Cloud Expo®, which will take place October 31-November 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. MobiDev is a software company that develops and delivers turn-key mobile apps, websites, web services, and complex softw...
In his General Session at 17th Cloud Expo, Bruce Swann, Senior Product Marketing Manager for Adobe Campaign, explored the key ingredients of cross-channel marketing in a digital world. Learn how the Adobe Marketing Cloud can help marketers embrace opportunities for personalized, relevant and real-time customer engagement across offline (direct mail, point of sale, call center) and digital (email, website, SMS, mobile apps, social networks, connected objects).
For organizations that have amassed large sums of software complexity, taking a microservices approach is the first step toward DevOps and continuous improvement / development. Integrating system-level analysis with microservices makes it easier to change and add functionality to applications at any time without the increase of risk. Before you start big transformation projects or a cloud migration, make sure these changes won’t take down your entire organization.