Email security, authentication and related marketing best practices are the foundation of OTA's efforts including promoting the integrity of email and standards to counter email fraud and phishing. Through the combined use of three email authentication standards including Sender Policy Framework (SPF), DomainKeys Identified Mail (DKIM) and Domain-based Message Authentication, Reporting & Conformance (DMARC), they form one of the major components of the annual Online Trust Audit. Providing a deep dive in the use of these authentication standards, OTA annually published the Email Integrity Audit. This report provides an in-depth review of the email security findings focusing on the best practices necessary to help detect and block spoofed and forged email to protect consumers and marketer's brand integrity.
2016 State of Email Authentication Reality Check Webinar (YouTube) | Presentation (PDF) - July 20, 2016
2014 Report (archived)
Email is the dominant form of online communication for citizens, businesses, and governments. The ubiquitous and open nature of email has also provided criminals with an ideal platform to perpetuate fraud, with upwards of 90% of today's email consisting of spam, phishing, identity theft attacks, attempting to capture personal and sensitive information, spread malware, and take-over a user's device.
OTA recognizes the critical role email plays in today's online ecosystem, and publishes a set of recommendations that prescribe the adoption of freely available and standards-based email authentication technologies as an effective response to rampant abuse of the email channel.
A core focus of this effort includes providing prescriptive guidance promoting the adoption of leading email authentication protocols including SPF (Sender Policy Framework), DKIM (Domain Keys Identified Mail) and DMARC (Domain-based Message Authentication, Reporting & Conformance).