Subscribe to the InfoTech eNewsletter

infoTECH Feature

August 11, 2014

Online Trust Alliance Reveals 91.7 Percent Failed its Email Trust Scorecard

As of January 2014 there were around 861,379,000 registered host names, and while each of them doesn't represent a functioning website, the sheer number makes it very difficult to establish best practices across the board and guarantee they are being carried out. The Online Trust Alliance (OTA) is a not-for-profit organization established to empower and improve trusts among users while at the same time promoting the well-being of the Internet. The goal of the organization is to educate everyone to protect the identity, privacy, and security of users. The 2014 Email Integrity Audit report released by the OTA, which includes its Email Trust Scorecard, has revealed a very high percentage rate of failure.

This report highlighted that the vast majority of public and private organizations have not done all they can to follow the necessary steps to help consumers and business partners identify if the emails they are receiving from their website are genuine or have been forged. According to the report, its evaluation of nearly 800 top consumer websites revealed 91.7 percent failed, while only 8.3 percent passed.

The OTA arrived at this conclusion by measuring the adoption of three important email authentication protocols: Sender Policy Framework (SPF), Domain Keys Identified Mail (DKIM) and Domain-based Message Authentication, Reporting and Conformance (DMARC).

With only 8.3 percent of the organizations passing the OTA's criteria, the vast majority of the sectors failed to adopt email security best practices. Although most consumers would associate safety with federal agencies, they were found to be the least trustworthy, social media companies garnering the most trust.

The passing rates of the organizations by the OTA Email Trust Scorecard are:

  • 28 percent of the top 50 social media companies
  • 17 percent of the top 100 financial services companies
  • 14 percent of the top 100 Internet retail companies
  • 6 percent of the top 50 news companies
  • 6 percent of the top 500 Internet retailers
  • 4 percent of the top 50 U.S. government agencies

"When organizations implement specific protocols, the results are increased consumer protection from malicious and fraudulent email and strengthened brand reputation. Despite the obvious benefits, the majority of organizations have yet to adopt practices comprehensively, putting consumers and their brands at risk," said OTA executive director and president, Craig Spiezle.

In order to instill trust by the consumers they serve, the OTA recommends using email authentication solutions that are readily available to protect their brand and consumers from receiving forged emails. Besides implementing SPF, DKIM and DMARC, it also recommends Transport Layer Security (TLS) technology and clear unsubscribe policies. This is a protocol that encrypts and delivers mail securely, preventing the eavesdropping and spoofing of emails.

Edited by Adam Brandt

Subscribe to InfoTECH Spotlight eNews

InfoTECH Spotlight eNews delivers the latest news impacting technology in the IT industry each week. Sign up to receive FREE breaking news today!
FREE eNewsletter

infoTECH Whitepapers