According to the OTA (Online Trust Alliance) organisations must do more to protect their email subscribers from being victims of phishing scams.
Phishing scams are emails sent by a spammer which mimics a well known brand in order to get the subscriber to disclose usernames and passwords or other personal information. For instance every one of us has received an email claiming to be from our banks. Most of these are easy to spot and consequently easy to ignore but some are not. Spammers will often put in considerable effort, registering similar domains to the genuine brand, putting many hours into the site design containing the genuine brands logos etc which often makes them indistinguishable to the average internet user.
The online trust alliance released a report last month claiming that 56% of .gov Web sites and 45% of leading e-commerce sites are not taking appropriate e-mail and domain security measures.
The report measured 25 government domains, as well as the top 300 online retailers as measured by sales volume during a 10 day period last month.
Analysis was done against the DNS records of the US government and ecommerce sites which shows whether the organisation uses SPF, Domain keys or its slightly younger sister, DKIM and found that a huge percentage of these domains had not adopted one of these email authentication technologies which allows spam filters to pickup on phishing emails/spam and either block or quarantine them.
Whilst big brands and government organisations continue to fail to adopt these sorts of technologies there will always be successful phishing scams. If large organisations like these started to adopt these technologies, spam filters could become more aggressive against domains that don’t authenticate correctly which will apply pressure for smaller brands and individual companies to follow suit which would dramatically help reduce the amount of phishing and spam emails sent across the globe.
A Gartner survey of 5,000 adults in the US estimated that 24.4 million Americans have been duped by a phishing e-mail in 2006. If the larger organisations did their bit in helping IT departments block these sorts of emails it would undoubtedly save the economy millions of pounds which are lost to fraudsters every year.
Email Manual Recommendations:
* Implement SPF on your domain, initally with softfail, then switch to hardfail once you have gained confidence.
* Implement Domain Keys/DKIM on outbound email.
* Block inbound email which hardfails SPF checks.
* Block inbound email which is not Domain key/DKIM signed where the policy record for the domain indicates all mail should be signed.
Email Manual, is the one stop resource for all deliverability, IP management, email marketing news and MTA how to's and advise.
Read more on Brands are not doing enough to protect customers. More at Brands are not doing enough to protect customers.