RSS Alerts

Share

More services

Related Links

Related Stories

  • Year of the Hack
    Commonly referred to as the year of the hack, it is no secret what 2011 has become famous for in the information security industry. This year’s headlines, reports Fred Donovan, have been made up of data breaches, hacks, APT attacks and mergers and acquisitions
  • Biometrics: How and Now?
    Using biometric data for identity access and management can be a controversial move. Esther Shein examines the drawbacks, and looks at where and how biometrics are currently being used
  • Data Breach Spring
    Infosecurity’s Drew Amorosi examines three data breach incidents from the past few months that, by their nature, keep security vendors in business, regulators busy, and CISOs up at night. Find out why industry observers think this rash of massive breaches could lead to a ‘PCI for consumer privacy’
  • Courts, Congress enter fray on PlayStation data breach
    A PlayStation user has filed suit in a US court against Sony for its PlayStation Network hack, and one US senator wants the Japanese electronics giant to pay for credit monitoring services for the PlayStation network's over 75 million members.
  • Infosecurity Weekly Brief - April 27
    Last week, Infosecurity Magazine was at the RSA show in San Francisco. A variety of vendors launched new products.

Top 5 Stories

News

E-mail authentication needs to be taken seriously - OTA

20 April 2009

Research from the Online Trust Alliance (OTA) claims to show that companies need to take email authentication a lot more seriously than they presently do, as well as implement the technology on much more widespread basis.

In a report just released, the OTA says that 56% of US dotGOV web sites and 45% of major e-commerce portals are not using authenticated email.

The unstated conclusion, Infosecurity notes, is that a significant number of companies are open to spoofed and other forms of potentially fraudulent email.

According to the OTA, its study measured 25 US government domains, as well as the top 300 online retailers as measured by sales volume.

The research was carried out during 10 days from April 3 this year and was carried out by examining the public domain name system records of the companies and governmental agencies, as well as more than 20 million emails sent to internet users purporting to come from the legitimate brand and/or domain concerned.

Craig Speizle, the OTA's chairman and founder, says that, amongst the top online retailers, 45% have not adopted email authentication.

"It is incomprehensible that in this period of escalating online scams and diminishing consumer confidence these agencies and businesses continue to sit on the sidelines," he says.

"Best practices not only need to be adopted by business, but also by governmental agencies," he adds.

Spiezle went on to say that, whilst companies increasingly have embraced e-mail authentication over the past year, it has not been enough.

Many organisations and businesses that have failed to use some form of these e-mail authentication standards, including SPF/Sender ID or DomainKeys Identified e-mail, have become victims of forged email and online exploitation, he explained.

The OTA says it will release a list of recommended best practices for online behaviour and email authentication at the upcoming OTA Email Authentication Workshop and Online Trust Town Hall Meeting, both of which are being held on April 23 in San Francisco.

 

This article is featured in:
Compliance and Policy  • Internet and Network Security

 

Comment on this article

You must be registered and logged in to leave a comment about this article.

Terms & Conditions |Privacy |Website Design|Reed Exhibitions. All rights reserved. Copyright © 2012