Welcome!

News Feed Item

Online Trust Alliance Finds Businesses and Government Failing Fight Against Spear Phishing and Deceptive Emails

91.7 Percent Fail to Provide Adequate Email Security

SEATTLE, WA -- (Marketwired) -- 08/06/14 -- The Online Trust Alliance (OTA), the non-profit with the mission to enhance online trust, announced today the results of its 2014 Email Integrity Audit report, including its Email Trust Scorecard. Out of emails from nearly 800 top consumer websites evaluated, OTA found only 8.3 percent passed and thus 91.7 percent failed.

OTA's report revealed the overwhelming majority of businesses and government agencies are not following adequate steps to help ensure consumers and business partners can discern if emails coming from their domain are genuine or forged. The Scorecard measures the adoption of three critical email authentication protocols: Sender Policy Framework (SPF), DomainKeys Identified Mail (DKIM) and Domain-based Message Authentication, Reporting and Conformance (DMARC).

"When organizations implement specific protocols, the results are increased consumer protection from malicious and fraudulent email and strengthened brand reputation," said OTA Executive Director and President Craig Spiezle. "Despite the obvious benefits, the majority of organizations have yet to adopt practices comprehensively, putting consumers and their brands at risk."

The scorecard found emails purportedly to be from social media companies to be most trustworthy and federal agencies to be least, with all sectors failing significantly to adopt email security best practices.

Specifically, the percentage of companies passing the OTA Email Trust Scorecard broke down as follows:

  • 28 percent of the top 50 social media companies
  • 17 percent of the top 100 financial services companies
  • 14 percent of the top 100 Internet retail companies
  • 6 percent of the top 50 news companies
  • 6 percent of the top 500 Internet retailers
  • 4 percent of the top 50 U.S. government agencies

A complete list of organizations passing the scorecard can be found at https://otalliance.org/emailaudit.

OTA Recommendations
By utilizing email authentication, organizations can help protect their brands and consumers from receiving forged email. Both DKIM and SPF are email authentication protocols designed to detect email spoofing by providing a mechanism to allow receiving mail servers to confirm the authenticity of the email. Building on SPF and DKIM protocols, DMARC adds a policy assertion providing receiving networks (ISPs and corporate networks) direction on how to handle messages that may fail authentication. Equally as important, DMARC provides a reporting mechanism back to the brand/domain owner.

"DMARC allowed us to dramatically reduce the number of emails forged to our users," said Josh Aberant, Postmaster at Twitter. "That was a direct benefit to our users by blocking these impersonations."

"Over 400 million Microsoft users worldwide are realizing the benefits of SPF, DKIM and DMARC. As email threats and spear phishing grow, every business should make email authentication a priority to help protect their consumers, their employees and their brands," said John Scarrow, General Manager Safety Services, Microsoft Corporation.

"Implementing DMARC stopped nearly 25 million attempted attacks on our customers. Not only is DMARC shutting down spoofed domain attacks, but it has also cut the overall volume of daily attacks in half since 2012," added Trent Adams, Senior Advisor on Email Security for PayPal and eBay Inc.

In addition to implementing SPF, DKIM and DMARC, OTA recommends adopting Transport Layer Security (TLS) technology and clear unsubscribe policies in order to enhance consumer trust. TLS is a protocol that encrypts and delivers mail securely thus helping prevent eavesdropping on and spoofing emails. For a complete rundown of email and related best practices visit https://otalliance.org/best-practices.

The 2014 Email Integrity Audit is supported by a broad group of companies and organizations. Additional supporting quotes can be found at https://otalliance.org/news-events/press-releases/industry-support-email-integrity-best-practices.

OTA will host a webinar on Wednesday, August 13 from 9-10 a.m. PDT, reviewing the data and research. Registration information is at https://otalliance.org/Email-Integrity-Audit.

About The Online Trust Alliance (OTA): The Online Trust Alliance (OTA) is a 501c3 non-profit with the mission to enhance online trust and user empowerment while promoting innovation and the vitality of the Internet. OTA's goal is to help educate businesses, policy makers and stakeholders while developing and advancing best practices and tools to enhance the protection of users' security, privacy and identity. OTA supports collaborative public-private partnerships, benchmark reporting, meaningful self-regulation and data stewardship. https://otallliance.org

Contact:
Andrew Goss
VOXUS Inc. (for OTA)
253.444.5446
Email Contact

More Stories By Marketwired .

Copyright © 2009 Marketwired. All rights reserved. All the news releases provided by Marketwired are copyrighted. Any forms of copying other than an individual user's personal reference without express written permission is prohibited. Further distribution of these materials is strictly forbidden, including but not limited to, posting, emailing, faxing, archiving in a public database, redistributing via a computer network or in a printed form.

Latest Stories
What is the best strategy for selecting the right offshore company for your business? In his session at 21st Cloud Expo, Alan Winters, U.S. Head of Business Development at MobiDev, will discuss the things to look for - positive and negative - in evaluating your options. He will also discuss how to maximize productivity with your offshore developers. Before you start your search, clearly understand your business needs and how that impacts software choices.
SYS-CON Events announced today that SIGMA Corporation will exhibit at the Japan External Trade Organization (JETRO) Pavilion at SYS-CON's 21st International Cloud Expo®, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. uLaser flow inspection device from the Japanese top share to Global Standard! Then, make the best use of data to flip to next page. For more information, visit http://www.sigma-k.co.jp/en/.
SYS-CON Events announced today that NetApp has been named “Bronze Sponsor” of SYS-CON's 21st International Cloud Expo®, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. NetApp is the data authority for hybrid cloud. NetApp provides a full range of hybrid cloud data services that simplify management of applications and data across cloud and on-premises environments to accelerate digital transformation. Together with their partners, NetApp em...
Agile has finally jumped the technology shark, expanding outside the software world. Enterprises are now increasingly adopting Agile practices across their organizations in order to successfully navigate the disruptive waters that threaten to drown them. In our quest for establishing change as a core competency in our organizations, this business-centric notion of Agile is an essential component of Agile Digital Transformation. In the years since the publication of the Agile Manifesto, the conn...
There is huge complexity in implementing a successful digital business that requires efficient on-premise and cloud back-end infrastructure, IT and Internet of Things (IoT) data, analytics, Machine Learning, Artificial Intelligence (AI) and Digital Applications. In the data center alone, there are physical and virtual infrastructures, multiple operating systems, multiple applications and new and emerging business and technological paradigms such as cloud computing and XaaS. And then there are pe...
Real IoT production deployments running at scale are collecting sensor data from hundreds / thousands / millions of devices. The goal is to take business-critical actions on the real-time data and find insights from stored datasets. In his session at @ThingsExpo, John Walicki, Watson IoT Developer Advocate at IBM Cloud, will provide a fast-paced developer journey that follows the IoT sensor data from generation, to edge gateway, to edge analytics, to encryption, to the IBM Bluemix cloud, to Wa...
SYS-CON Events announced today that MIRAI Inc. will exhibit at the Japan External Trade Organization (JETRO) Pavilion at SYS-CON's 21st International Cloud Expo®, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. MIRAI Inc. are IT consultants from the public sector whose mission is to solve social issues by technology and innovation and to create a meaningful future for people.
While some developers care passionately about how data centers and clouds are architected, for most, it is only the end result that matters. To the majority of companies, technology exists to solve a business problem, and only delivers value when it is solving that problem. 2017 brings the mainstream adoption of containers for production workloads. In his session at 21st Cloud Expo, Ben McCormack, VP of Operations at Evernote, will discuss how data centers of the future will be managed, how th...
SYS-CON Events announced today that Keisoku Research Consultant Co. will exhibit at the Japan External Trade Organization (JETRO) Pavilion at SYS-CON's 21st International Cloud Expo®, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. Keisoku Research Consultant, Co. offers research and consulting in a wide range of civil engineering-related fields from information construction to preservation of cultural properties. For more information, vi...
You know you need the cloud, but you’re hesitant to simply dump everything at Amazon since you know that not all workloads are suitable for cloud. You know that you want the kind of ease of use and scalability that you get with public cloud, but your applications are architected in a way that makes the public cloud a non-starter. You’re looking at private cloud solutions based on hyperconverged infrastructure, but you’re concerned with the limits inherent in those technologies.
Most of the time there is a lot of work involved to move to the cloud, and most of that isn't really related to AWS or Azure or Google Cloud. Before we talk about public cloud vendors and DevOps tools, there are usually several technical and non-technical challenges that are connected to it and that every company needs to solve to move to the cloud. In his session at 21st Cloud Expo, Stefano Bellasio, CEO and founder of Cloud Academy Inc., will discuss what the tools, disciplines, and cultural...
SYS-CON Events announced today that Fusic will exhibit at the Japan External Trade Organization (JETRO) Pavilion at SYS-CON's 21st International Cloud Expo®, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. Fusic Co. provides mocks as virtual IoT devices. You can customize mocks, and get any amount of data at any time in your test. For more information, visit https://fusic.co.jp/english/.
SYS-CON Events announced today that Mobile Create USA will exhibit at the Japan External Trade Organization (JETRO) Pavilion at SYS-CON's 21st International Cloud Expo®, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. Mobile Create USA Inc. is an MVNO-based business model that uses portable communication devices and cellular-based infrastructure in the development, sales, operation and mobile communications systems incorporating GPS capabi...
With the rise of DevOps, containers are at the brink of becoming a pervasive technology in Enterprise IT to accelerate application delivery for the business. When it comes to adopting containers in the enterprise, security is the highest adoption barrier. Is your organization ready to address the security risks with containers for your DevOps environment? In his session at @DevOpsSummit at 21st Cloud Expo, Chris Van Tuin, Chief Technologist, NA West at Red Hat, will discuss: The top security r...
SYS-CON Events announced today that Enroute Lab will exhibit at the Japan External Trade Organization (JETRO) Pavilion at SYS-CON's 21st International Cloud Expo®, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. Enroute Lab is an industrial design, research and development company of unmanned robotic vehicle system. For more information, please visit http://elab.co.jp/.