HomeResourcesEmail Authentication & DMARC

Email Authentication & DMARC

Authentication   Email Practices  |  Marketing & Unsubscribe  |  Email Integrity Audit 

OTA recognizes the critical role email plays in today's online ecosystem, and publishes a set of recommendations that prescribe the adoption of freely available and standards-based email authentication technologies as an effective response to rampant abuse of the email channel. 

Email security, authentication and related marketing best practices are the foundation of OTA's efforts including promoting the integrity of email and standards to counter email fraud and phishing.  Through the combined use of three email authentication standards including Sender Policy Framework (SPF), DomainKeys Identified Mail (DKIM) and Domain-based Message Authentication, Reporting & Conformance (DMARC), they form one of the major components of the annual Online Trust Audit. The Figure below outlines how email authentication provides the ability for ISPs and receiving networks to detect and block spoofed and forged email. (See related overview and recommendation of TLS for email to help protect the privacy of email in transit). To view current adoption practices of leading banks, commerce sites, government agencies and consumer services click here.

OTA recognizes the critical role email plays in today's online ecosystem, and publishes the following recommendations:

  1. Deploy email authentication across all outbound email. This allows email receivers to easily identify legitimate email, which is the necessary first step towards protecting consumers from fraudulent email.
  2. Check email authentication on all inbound email. Inbound checking allows companies to reduce the risk of spear-phishing and resulting data-loss by rejecting email from the outside world that is pretending to be from the company.
  3. Require partners to adopt email authentication — deploy outbound and check inbound. When ready, apply controls to reject partner email that fails authentication. Ask business partners to do the same. Doing this allows companies to reduce the risk of being spear-phished and to begin attaching trust to partner communications.

Email Authentication Resources >


Online Trust Alliance Responds to FTC Feedback Request with Suggested CAN-SPAM Act Modifications

Wed, Aug 30, 2017

Reston, VA – The Online Trust Alliance (OTA), an Internet Society (ISOC) initiative with the mission to enhance online trust, today announced it has submitted its response to the U.S. Federal Trade Commission’s (FTC) request for comments about the CAN-SPAM Act. While OTA believes the U.S.

Marketing & Unsubscribe Best Practices

Consumers often react negatively to email which they feel is irrelevant to their interests or which may be sent to their inboxes too frequently. Today ISPs are placing added weight on user engagement to make a determination on the placement of email into the user’s inbox, junk or spam folder. With these considerations, it is in any marketer’s best interest to create a trustworthy unsubscribe mechanism for their recipients. The opt-out function should be easily discoverable and useable. OTA encourages mailers to move past the minimum compliance requirements outlined in the U.S. CAN-SPAM Act and the recently passed Canadian Anti-Spam Legislation (CASL). More >

Jun 20, 2017

Banks and government agencies always push us to do business online, but many of them get a failing grade when it comes to website security.  The latest online security audit by the Online Trust Alliance shows mixed reviews for websites that collect your your private information.  Healthcare.gov scored high for both tight security and strong privacy. The U.S.

OTA Finds Retailers Honoring Email Unsubscribe Requests Faster than Ever

Wed, Nov 2, 2016

Bellevue, Wash.  – Today global non-profit think tank the Online Trust Alliance (OTA) released its 2016 Email Marketing & Unsubscribe Audit report. Now in its third year, the Audit analyzes the newsletters and promotional emails for end-to-end user experience from signup through unsubscribe for the world’s largest 200 e-commerce websites as define

Nov 2, 2016

After analyzing email marketing unsubscribe practices of the top 200 e-commerce sites based on revenue (per Internet Retailer Magazine), the OTA found 81 percent of online retailers were using “clear and conspicuous” unsub links in emails – compared to 97 percent in 2015. On a brighter note, 85.6 percent of the online retailers analyzed stopped sending emails immediately after receiving unsubscribe requests – an improvement over

Nov 2, 2016

The Online Trust Alliance (OTA) released its third annual Email Marketing & Unsubscribe Audit report on Wednesday, revealing that nearly 6% of retailers are violating anti-spam laws in the United States and Canada by failing to honor unsubscribe requests. The nonprofit think tank registered to receive the email marketing messages and newsletters of the top 200 global retail brands to analyze ten key best-practice areas for email

Email Retail Collection Best Practices

October 30, 2015 - As we head towards the holiday buying season, increasingly retailers are deploying email collection at point of sale.  Collection at time of purchase provides significant benefits to the retailer and done right the same for the consumer.  That said, how can a consumer understand what and how the email is being used?   What forms of notice are appropriate and is it reasonable a sales clerk can understand the nuances of data collection, transactional purposes and sharing with affiliate or unaffiliated third parties? 

Transport Layered Security (TLS) for Email

Today email is effectively a plaintext communication sent from email clients to receiving email servers or from one server to another.  This design limitation leaves the content of a message in transit open for anyone to eavesdrop; from a wireless hotspot at the airport or coffee shop to your ISP and internet backbone providers that carry your messages throughout the world.

Subscribe to Email Authentication & DMARC