RSS Alerts

Related Links

Related Stories

  • Leaving a trace
    IT forensics is seen by many in the industry as something of a black art. But it's actually a highly professional discipline, with professional software to assist, as Steve Gold discovers
  • Carbon credits phishing scam revealed
    Reports are coming in that a phishing scam centering on the international carbon credits scheme is causing havoc on international emissions trading exchanges.
  • Comment: Addressing identity and access management challenges in the retail sector
    John Handelaar of Passlogix knows that one password is always easier to remember than two or three, but how can an organization both streamline access management processes while maintaining identity security for its customers?
  • Comment: Securing web 2.0 in the workplace
    Simon Morris, research and development director at Pentura looks at how the adoption of web 2.0 makes the job of keeping email and the web free from attacks, malware and spam even more difficult. Yet, simply closing access to unapproved tools can be short sighted as unhappy employees drift to rival businesses with more enlightened policies
  • Spamming the socially active - spam diversifies to Twitter, IM, SMS, etc
    Once poison found only in email accounts, spam is now polluting every form of electronic communication from IM to SMS and from blogs to tweets. But how well is it doing outside its natural domain? William Knight takes a look at non-email spam

News

E-mail authentication needs to be taken seriously - OTA

20 April 2009

Research from the Online Trust Alliance (OTA) claims to show that companies need to take email authentication a lot more seriously than they presently do, as well as implement the technology on much more widespread basis.

In a report just released, the OTA says that 56% of US dotGOV web sites and 45% of major e-commerce portals are not using authenticated email.

The unstated conclusion, Infosecurity notes, is that a significant number of companies are open to spoofed and other forms of potentially fraudulent email.

According to the OTA, its study measured 25 US government domains, as well as the top 300 online retailers as measured by sales volume.

The research was carried out during 10 days from April 3 this year and was carried out by examining the public domain name system records of the companies and governmental agencies, as well as more than 20 million emails sent to internet users purporting to come from the legitimate brand and/or domain concerned.

Craig Speizle, the OTA's chairman and founder, says that, amongst the top online retailers, 45% have not adopted email authentication.

"It is incomprehensible that in this period of escalating online scams and diminishing consumer confidence these agencies and businesses continue to sit on the sidelines," he says.

"Best practices not only need to be adopted by business, but also by governmental agencies," he adds.

Spiezle went on to say that, whilst companies increasingly have embraced e-mail authentication over the past year, it has not been enough.

Many organisations and businesses that have failed to use some form of these e-mail authentication standards, including SPF/Sender ID or DomainKeys Identified e-mail, have become victims of forged email and online exploitation, he explained.

The OTA says it will release a list of recommended best practices for online behaviour and email authentication at the upcoming OTA Email Authentication Workshop and Online Trust Town Hall Meeting, both of which are being held on April 23 in San Francisco.

 

 

This article is featured in:
Compliance and Policy Internet and Network Security

 

Comment on this article

You must be registered and logged in to leave a comment about this article.

Copyright © 2010
Elsevier Ltd. All rights reserved.
Terms & Conditions | Privacy | Website Design Working with water