HomeResourcesEmail Security & Integrity

Email Security & Integrity

Email is the dominant form of online communication for citizens, businesses, and governments. The ubiquitous and open nature of email has also provided criminals with an ideal platform to perpetuate fraud, with upwards of 90% of today's email consisting of spam, phishing, identity theft attacks, attempting to capture personal and sensitive information, spread malware, and take-over a user's device.

OTA recognizes the critical role email plays in today's online ecosystem, and publishes a set of recommendations that prescribe the adoption of freely available and standards-based email authentication technologies as an effective response to rampant abuse of the email channel.

2016 Online Trust Audit - State of Email Authentication Reality Check - Recorded Webinar I  Presentation PDF - July 20, 2016

2014 Email Integrity & Security Audit

A core focus of this effort includes providing prescriptive guidance promoting the adoption of leading email authentication protocols including SPF (Sender Policy Framework), DKIM (Domain Keys Identified Mail) and DMARC (Domain-based Message Authentication, Reporting & Conformance).  Figure below outlines how email authentication provides the ability for ISPs and receiving networks to detect and block spoofed and forged email.

Email Authentication

OTA recognizes the critical role email plays in today's online ecosystem, and publishes the following Recommendations:

  1. Deploy email authentication across all outbound email. This allows email receivers to easily identify legitimate email, which is the necessary first step towards protecting consumers from fraudulent email.
  2. Check email authentication on all inbound email. Inbound checking allows companies to reduce the risk of spear-phishing and resulting data-loss by rejecting email from the outside world that is pretending to be from the company.
  3. Require partners to adopt email authentication — deploy outbound and check inbound. When ready, apply controls to reject partner email that fails authentication. Ask business partners to do the same. Doing this allows companies to reduce the risk of being spear-phished and to begin attaching trust to partner communications.


Canadian Anti-Spam Resources

Share Your Resources - Email admin @ otalliance.org

CRTC Anti-Spam Page: http://www.crtc.gc.ca/eng/casl-lcap.htm

CRTC CASL FAQ: http://crtc.gc.ca/eng/com500/faq500.htm

CRTC Guidance on Computer Program Rules: http://www.crtc.gc.ca/eng/info_sht/i2.htm

2014 Unsub Audit Presentation

2014 Unsub Audit Report Presentation (PDF)

Retailers Improve Unsubscribe Practices, Allowing Consumers to Easily Opt Out of Email

Tue, Dec 15, 2015

The Online Trust Alliance (OTA), revealed today results of its second annual OTA Email Unsubscribe Audit, analyzing which leading e-commerce sites. OTA reported that 75% of the top 200 online retailers have demonstrated a commitment to user empowerment and control of their inboxes. These companies have been named to the 2015 Unsubscribe Honor Roll, recognizing excellence in marketing.

Email Retail Collection Best Practices

October 30, 2015 - As we head towards the holiday buying season, increasingly retailers are deploying email collection at point of sale.  Collection at time of purchase provides significant benefits to the retailer and done right the same for the consumer.  That said, how can a consumer understand what and how the email is being used?   What forms of notice are appropriate and is it reasonable a sales clerk can understand the nuances of data collection, transactional purposes and sharing with affiliate or unaffiliated third parties? 

Mar 5, 2015

It's still unclear what, if any, security measures former Secretary of State Hillary Clinton deployed on the ad hoc personal email system she used for government business.

Some cyber specialists and transparency advocates are voicing outrage over the potential presidential candidate possibly flouting federal security rules with a “homebrew” server arrangement.

Sep 25, 2014

Many marketers are still struggling to adopt unsubscribe best practices in their email programs. Here is a look at three of the most important things you can do to deal with unsubscribe issues.  I haven't written about unsubscription since shortly after CAN-SPAM came into effect in the United States.

Subscribe to Email Security & Integrity