Welcome!

News Feed Item

Online Trust Alliance Finds Businesses and Government Failing Fight Against Spear Phishing and Deceptive Emails

91.7 Percent Fail to Provide Adequate Email Security

SEATTLE, WA -- (Marketwired) -- 08/06/14 -- The Online Trust Alliance (OTA), the non-profit with the mission to enhance online trust, announced today the results of its 2014 Email Integrity Audit report, including its Email Trust Scorecard. Out of emails from nearly 800 top consumer websites evaluated, OTA found only 8.3 percent passed and thus 91.7 percent failed.

OTA's report revealed the overwhelming majority of businesses and government agencies are not following adequate steps to help ensure consumers and business partners can discern if emails coming from their domain are genuine or forged. The Scorecard measures the adoption of three critical email authentication protocols: Sender Policy Framework (SPF), DomainKeys Identified Mail (DKIM) and Domain-based Message Authentication, Reporting and Conformance (DMARC).

"When organizations implement specific protocols, the results are increased consumer protection from malicious and fraudulent email and strengthened brand reputation," said OTA Executive Director and President Craig Spiezle. "Despite the obvious benefits, the majority of organizations have yet to adopt practices comprehensively, putting consumers and their brands at risk."

The scorecard found emails purportedly to be from social media companies to be most trustworthy and federal agencies to be least, with all sectors failing significantly to adopt email security best practices.

Specifically, the percentage of companies passing the OTA Email Trust Scorecard broke down as follows:

  • 28 percent of the top 50 social media companies
  • 17 percent of the top 100 financial services companies
  • 14 percent of the top 100 Internet retail companies
  • 6 percent of the top 50 news companies
  • 6 percent of the top 500 Internet retailers
  • 4 percent of the top 50 U.S. government agencies

A complete list of organizations passing the scorecard can be found at https://otalliance.org/emailaudit.

OTA Recommendations
By utilizing email authentication, organizations can help protect their brands and consumers from receiving forged email. Both DKIM and SPF are email authentication protocols designed to detect email spoofing by providing a mechanism to allow receiving mail servers to confirm the authenticity of the email. Building on SPF and DKIM protocols, DMARC adds a policy assertion providing receiving networks (ISPs and corporate networks) direction on how to handle messages that may fail authentication. Equally as important, DMARC provides a reporting mechanism back to the brand/domain owner.

"DMARC allowed us to dramatically reduce the number of emails forged to our users," said Josh Aberant, Postmaster at Twitter. "That was a direct benefit to our users by blocking these impersonations."

"Over 400 million Microsoft users worldwide are realizing the benefits of SPF, DKIM and DMARC. As email threats and spear phishing grow, every business should make email authentication a priority to help protect their consumers, their employees and their brands," said John Scarrow, General Manager Safety Services, Microsoft Corporation.

"Implementing DMARC stopped nearly 25 million attempted attacks on our customers. Not only is DMARC shutting down spoofed domain attacks, but it has also cut the overall volume of daily attacks in half since 2012," added Trent Adams, Senior Advisor on Email Security for PayPal and eBay Inc.

In addition to implementing SPF, DKIM and DMARC, OTA recommends adopting Transport Layer Security (TLS) technology and clear unsubscribe policies in order to enhance consumer trust. TLS is a protocol that encrypts and delivers mail securely thus helping prevent eavesdropping on and spoofing emails. For a complete rundown of email and related best practices visit https://otalliance.org/best-practices.

The 2014 Email Integrity Audit is supported by a broad group of companies and organizations. Additional supporting quotes can be found at https://otalliance.org/news-events/press-releases/industry-support-email-integrity-best-practices.

OTA will host a webinar on Wednesday, August 13 from 9-10 a.m. PDT, reviewing the data and research. Registration information is at https://otalliance.org/Email-Integrity-Audit.

About The Online Trust Alliance (OTA): The Online Trust Alliance (OTA) is a 501c3 non-profit with the mission to enhance online trust and user empowerment while promoting innovation and the vitality of the Internet. OTA's goal is to help educate businesses, policy makers and stakeholders while developing and advancing best practices and tools to enhance the protection of users' security, privacy and identity. OTA supports collaborative public-private partnerships, benchmark reporting, meaningful self-regulation and data stewardship. https://otallliance.org

Contact:
Andrew Goss
VOXUS Inc. (for OTA)
253.444.5446
Email Contact

More Stories By Marketwired .

Copyright © 2009 Marketwired. All rights reserved. All the news releases provided by Marketwired are copyrighted. Any forms of copying other than an individual user's personal reference without express written permission is prohibited. Further distribution of these materials is strictly forbidden, including but not limited to, posting, emailing, faxing, archiving in a public database, redistributing via a computer network or in a printed form.

Latest Stories
All organizations that did not originate this moment have a pre-existing culture as well as legacy technology and processes that can be more or less amenable to DevOps implementation. That organizational culture is influenced by the personalities and management styles of Executive Management, the wider culture in which the organization is situated, and the personalities of key team members at all levels of the organization. This culture and entrenched interests usually throw a wrench in the work...
The now mainstream platform changes stemming from the first Internet boom brought many changes but didn’t really change the basic relationship between servers and the applications running on them. In fact, that was sort of the point. In his session at 18th Cloud Expo, Gordon Haff, senior cloud strategy marketing and evangelism manager at Red Hat, will discuss how today’s workloads require a new model and a new platform for development and execution. The platform must handle a wide range of rec...
"We view the cloud not as a specific technology but as a way of doing business and that way of doing business is transforming the way software, infrastructure and services are being delivered to business," explained Matthew Rosen, CEO and Director at Fusion, in this SYS-CON.tv interview at 18th Cloud Expo (http://www.CloudComputingExpo.com), held June 7-9 at the Javits Center in New York City, NY.
DXWorldEXPO LLC announced today that the upcoming DXWorldEXPO | CloudEXPO New York event will feature 10 companies from Poland to participate at the "Poland Digital Transformation Pavilion" on November 12-13, 2018.
The current age of digital transformation means that IT organizations must adapt their toolset to cover all digital experiences, beyond just the end users’. Today’s businesses can no longer focus solely on the digital interactions they manage with employees or customers; they must now contend with non-traditional factors. Whether it's the power of brand to make or break a company, the need to monitor across all locations 24/7, or the ability to proactively resolve issues, companies must adapt to...
In his Opening Keynote at 21st Cloud Expo, John Considine, General Manager of IBM Cloud Infrastructure, led attendees through the exciting evolution of the cloud. He looked at this major disruption from the perspective of technology, business models, and what this means for enterprises of all sizes. John Considine is General Manager of Cloud Infrastructure Services at IBM. In that role he is responsible for leading IBM’s public cloud infrastructure including strategy, development, and offering m...
Without lifecycle traceability and visibility across the tool chain, stakeholders from Planning-to-Ops have limited insight and answers to who, what, when, why and how across the DevOps lifecycle. This impacts the ability to deliver high quality software at the needed velocity to drive positive business outcomes. In his general session at @DevOpsSummit at 19th Cloud Expo, Eric Robertson, General Manager at CollabNet, will discuss how customers are able to achieve a level of transparency that e...
As data explodes in quantity, importance and from new sources, the need for managing and protecting data residing across physical, virtual, and cloud environments grow with it. Managing data includes protecting it, indexing and classifying it for true, long-term management, compliance and E-Discovery. Commvault can ensure this with a single pane of glass solution – whether in a private cloud, a Service Provider delivered public cloud or a hybrid cloud environment – across the heterogeneous enter...
We all know that end users experience the internet primarily with mobile devices. From an app development perspective, we know that successfully responding to the needs of mobile customers depends on rapid DevOps – failing fast, in short, until the right solution evolves in your customers' relationship to your business. Whether you’re decomposing an SOA monolith, or developing a new application cloud natively, it’s not a question of using microservices - not doing so will be a path to eventual ...
"DivvyCloud as a company set out to help customers automate solutions to the most common cloud problems," noted Jeremy Snyder, VP of Business Development at DivvyCloud, in this SYS-CON.tv interview at 20th Cloud Expo, held June 6-8, 2017, at the Javits Center in New York City, NY.
More and more brands have jumped on the IoT bandwagon. We have an excess of wearables – activity trackers, smartwatches, smart glasses and sneakers, and more that track seemingly endless datapoints. However, most consumers have no idea what “IoT” means. Creating more wearables that track data shouldn't be the aim of brands; delivering meaningful, tangible relevance to their users should be. We're in a period in which the IoT pendulum is still swinging. Initially, it swung toward "smart for smart...
DXWorldEXPO LLC announced today that ICC-USA, a computer systems integrator and server manufacturing company focused on developing products and product appliances, will exhibit at the 22nd International CloudEXPO | DXWorldEXPO. DXWordEXPO New York 2018, colocated with CloudEXPO New York 2018 will be held November 11-13, 2018, in New York City. ICC is a computer systems integrator and server manufacturing company focused on developing products and product appliances to meet a wide range of ...
We all know that end users experience the Internet primarily with mobile devices. From an app development perspective, we know that successfully responding to the needs of mobile customers depends on rapid DevOps – failing fast, in short, until the right solution evolves in your customers' relationship to your business. Whether you’re decomposing an SOA monolith, or developing a new application cloud natively, it’s not a question of using microservices – not doing so will be a path to eventual b...
Major trends and emerging technologies – from virtual reality and IoT, to Big Data and algorithms – are helping organizations innovate in the digital era. However, to create real business value, IT must think beyond the ‘what’ of digital transformation to the ‘how’ to harness emerging trends, innovation and disruption. Architecture is the key that underpins and ties all these efforts together. In the digital age, it’s important to invest in architecture, extend the enterprise footprint to the cl...
Sanjeev Sharma Joins November 11-13, 2018 @DevOpsSummit at @CloudEXPO New York Faculty. Sanjeev Sharma is an internationally known DevOps and Cloud Transformation thought leader, technology executive, and author. Sanjeev's industry experience includes tenures as CTO, Technical Sales leader, and Cloud Architect leader. As an IBM Distinguished Engineer, Sanjeev is recognized at the highest levels of IBM's core of technical leaders.