Research Confirms 56 Percent of .gov and 45 Percent of Leading eCommerce Sites Not Taking Appropriate Email and Domain Security Measures
SEATTLE, WA--(Marketwire - April 14, 2009) - The Online Trust Alliance (OTA) today gave leading government agencies and online retailers a failing grade in preventing deceptive email and phishing scams based on its newly released analysis of email authentication adoption. While adoption has grown over the past year, OTA found approximately 56 percent of the top .gov sites -- including Whitehouse.gov, FBI.gov, Treasury.gov and DHS.gov -- still are not protecting U.S. citizens through the use of email authentication. At the same time, progress has been made by other government agencies including the Census Bureau, CIA, FDIC, VA and FTC.
The organization also found that among the top online retailers 45 percent have not adopted email authentication -- leaving brands, domains, and most importantly consumers exposed to security and privacy threats. While OTA recognizes many leading brands including Amazon, Dell, Office Depot, Apple, Costco and Staples have adopted increased online security measures, many others including Sears, Victoria's Secret, Gap and Nordstrom are failing to adequately protect their brands and customers through email authentication.
OTA will also release similar data on The Fortune 500 at the upcoming OTA Online Trust Town Hall Meeting on April 23 in San Francisco. At the forum, OTA will present best practices including data governance, privacy and behavioral targeting with the goal of increasing the adoption of best practices to protect consumers.
Many of the organizations and businesses that have failed to use some form of these email authentication standards, including SPF/Sender ID or DomainKeys Identified Email (DKIM), have become victims of forged email and online exploits. Email authentication has been widely heralded as a best practice to help curb deceptive email and phishing exploits, which are some of the leading tactics for identity theft.
"It is incomprehensible that in this period of escalating online scams and diminishing consumer confidence these agencies and businesses continue to sit on the sidelines," said Craig Spiezle, OTA Chairman and Founder. "Best practices not only need to be adopted by business, but also by governmental agencies. OTA members reiterate their willingness to provide resources and assistance to these organizations."
With the tax deadline tomorrow, OTA recognizes the U.S. Internal Revenue Service (irs.gov) for their adoption of best practices and commitment to curb online abuse. Recognizing the increasing levels of phishing and scams targeting U.S. citizens, the IRS adopted many best practices including Extended Validation SSL certificates, email authentication, and other security and privacy protection measures.
OTA will release a list of recommended best practices for online behavior and email authentication at the upcoming OTA Email Authentication Workshop and Online Trust Town Hall Meeting, both of which are being held on April 23rd at the Palace Hotel in San Francisco.
The email authentication workshop will be a roundtable discussion of email authentication adoption at the corporate domain level, by ISPs and domain hosts. The town hall meeting will highlight safe, secure and strategic ways companies can conduct business online while enhancing consumer trust. Town Hall speakers include executives from or formerly with Facebook, PayPal, Bank of America, Microsoft, Publishers Clearing House, American Greetings, the White House, the FTC, and the Center for Democracy & Technology. To register for the email workshop or town hall meeting, visit https://www.otalliance.org/InternetTownHall.html.
Methodology -- Analysis was completed during the period of April 3 and April 13, 2009, based on examining the public DNS records of the brands and governmental agencies, as well as examining over 20 million emails sent to consumers purporting to come from the legitimate brand and domain. Data was provided in part by Microsoft Corporation, IronPort Systems, MX Logic and Return Path Inc. Ranking of ecommerce brands is based on data published by the Internet Retailer. Criteria for top U.S. government sites includes one or more of the following; past incidence of spoofing and phishing, site traffic, and risk of potential exploit for financial data and/or disseminating misleading consumer information.
For the complete list and other OTA email authentication resources, go to https://www.otalliance.org/resources/authentication/index.html.
About The Online Trust Alliance (OTA) https://otalliance.org/
The mission of OTA is to create a trusted global online ecosystem and foster the elimination of email and Internet fraud, abuse and cybercrime; thereby enhancing trust, confidence, and the protection of businesses and consumers. Through its member companies and organization affiliates, OTA represents over one million businesses and 500 million users worldwide with regional chapters in Asia Pacific, Canada and Europe. OTA is a 501c6 IRS-approved non-profit, governed by a Board and Steering Committee including Bank of America, BoxSentry, Datran Media, Epsilon, Goodmail Systems, Iconix, Internet Identity, IronPort (a division of Cisco Systems), MarkMonitor, Message Systems, Microsoft Corporation, MX Logic, Return Path, Symantec Corporation and VeriSign.