HomeResourcesEmail Security & Integrity

Email Security & Integrity

Email is the dominant form of online communication for citizens, businesses, and governments. The ubiquitous and open nature of email has also provided criminals with an ideal platform to perpetuate fraud, with upwards of 90% of today's email consisting of spam, phishing, identity theft attacks, attempting to capture personal and sensitive information, spread malware, and take-over a user's device.

OTA recognizes the critical role email plays in today's online ecosystem, and publishes a set of recommendations that prescribe the adoption of freely available and standards-based email authentication technologies as an effective response to rampant abuse of the email channel.

2014 Email Integrity & Security Audit

A core focus of this effort includes providing training and prescriptive guidance promoting the adoption of leading email authentication protocols including SPF (Sender Policy Framework), DKIM (Domain Keys Identified Mail) and DMARC (Domain-based Message Authentication, Reporting & Conformance).  Figure below outlines how email authentication provides the ability for ISPs and receiving networks to detect and block spoofed and forged email.

Email Authentication

OTA recognizes the critical role email plays in today's online ecosystem, and publishes the following Recommendations:

  1. Deploy email authentication across all outbound email. This allows email receivers to easily identify legitimate email, which is the necessary first step towards protecting consumers from fraudulent email.
  2. Check email authentication on all inbound email. Inbound checking allows companies to reduce the risk of spear-phishing and resulting data-loss by rejecting email from the outside world that is pretending to be from the company.
  3. Require partners to adopt email authentication — deploy outbound and check inbound. When ready, apply controls to reject partner email that fails authentication. Ask business partners to do the same. Doing this allows companies to reduce the risk of being spear-phished and to begin attaching trust to partner communications.

 

Canadian Anti-Spam Resources

Share Your Resources - Email admin @ otalliance.org

CRTC Anti-Spam Page: http://www.crtc.gc.ca/eng/casl-lcap.htm

CRTC CASL FAQ: http://crtc.gc.ca/eng/com500/faq500.htm

CRTC Guidance on Computer Program Rules: http://www.crtc.gc.ca/eng/info_sht/i2.htm

2014 Unsub Audit Presentation

2014 Unsub Audit Report Presentation (PDF)

Unsubscribe Best Practices - Moving From Compliance To Stewardship

Consumers often react negatively to email which they feel is irrelevant to their interests or which may be sent to their inboxes too frequently. Today ISPs are placing added weight on user engagement to make a determination on the placement of email into the user’s inbox, junk or spam folder. With these considerations, it is in any marketer’s best interest to create a trustworthy unsubscribe mechanism for their recipients. The opt-out function should be easily discoverable and useable. OTA encourages mailers to move past the minimum compliance requirements outlined in the U.S. CAN-SPAM Act and the recently passed Canadian Anti-Spam Legislation (CASL). More >

OTA SPF & DMARC Resources & Tools

The value of DMARC is growing rapidly with leading MTA vendors providing inbound checking to help protect businesses and government agencies from the threat of spear phishing and malicious email.  The following is a summary of support.  Send updates to admin@otalliance.org

OTA SPF & DMARC Text Record Validator (evaluates DNS records for selected domains)

DMARC Tools & Resources

DMARC

Leading email service and technology providers and organizations including OTA support DMARC as an emerging standard for reducing the threat of deceptive emails. DMARC standardizes how email receivers perform email authentication using the well-known SPF and DKIM mechanisms.

DMARC

Leading email service and technology providers and organizations including OTA support DMARC as an emerging standard for reducing the threat of deceptive emails. DMARC standardizes how email receivers perform email authentication using the well-known SPF and DKIM mechanisms.  

SPF & DMARC Tools & Record Validator

OTA SPF & DMARC Tools & Resources - Including tools to validate SPF and DMARC records in a domain's DNS zone file

Retailers Improve Unsubscribe Practices, Allowing Consumers to Easily Opt Out of Email

Tue, Dec 15, 2015

The Online Trust Alliance (OTA), revealed today results of its second annual OTA Email Unsubscribe Audit, analyzing which leading e-commerce sites. OTA reported that 75% of the top 200 online retailers have demonstrated a commitment to user empowerment and control of their inboxes. These companies have been named to the 2015 Unsubscribe Honor Roll, recognizing excellence in marketing.

Email Retail Collection Best Practices

October 30, 2015 - As we head towards the holiday buying season, increasingly retailers are deploying email collection at point of sale.  Collection at time of purchase provides significant benefits to the retailer and done right the same for the consumer.  That said, how can a consumer understand what and how the email is being used?   What forms of notice are appropriate and is it reasonable a sales clerk can understand the nuances of data collection, transactional purposes and sharing with affiliate or unaffiliated third parties? 

Pages

Subscribe to Email Security & Integrity