HomeResourcesEmail Authentication & DMARC

Email Authentication & DMARC

Authentication   Email Practices  |  Marketing & Unsubscribe  |  Email Integrity Audit 

OTA recognizes the critical role email plays in today's online ecosystem, and publishes a set of recommendations that prescribe the adoption of freely available and standards-based email authentication technologies as an effective response to rampant abuse of the email channel. 

Email security, authentication and related marketing best practices are the foundation of OTA's efforts including promoting the integrity of email and standards to counter email fraud and phishing.  Through the combined use of three email authentication standards including Sender Policy Framework (SPF), DomainKeys Identified Mail (DKIM) and Domain-based Message Authentication, Reporting & Conformance (DMARC), they form one of the major components of the annual Online Trust Audit. The Figure below outlines how email authentication provides the ability for ISPs and receiving networks to detect and block spoofed and forged email. (See related overview and recommendation of TLS for email to help protect the privacy of email in transit). To view current adoption practices of leading banks, commerce sites, government agencies and consumer services click here.

OTA recognizes the critical role email plays in today's online ecosystem, and publishes the following recommendations:

  1. Deploy email authentication across all outbound email. This allows email receivers to easily identify legitimate email, which is the necessary first step towards protecting consumers from fraudulent email.
  2. Check email authentication on all inbound email. Inbound checking allows companies to reduce the risk of spear-phishing and resulting data-loss by rejecting email from the outside world that is pretending to be from the company.
  3. Require partners to adopt email authentication — deploy outbound and check inbound. When ready, apply controls to reject partner email that fails authentication. Ask business partners to do the same. Doing this allows companies to reduce the risk of being spear-phished and to begin attaching trust to partner communications.

Email Authentication Resources >


 

OTA Research Shows Increasing Government Agency Adoption of Practices to Help Curb Email and Website Fraud or Abuse

Thu, Nov 9, 2017

Reston, VA – The Online Trust Alliance (OTA), an Internet Society initiative, today released analysis that shows top government agencies are increasingly adopting the best practices to help prevent their emails and websites from being spoofed or impersonated following a recent U.S. Department of Homeland Security (DHS) directive. However, 62 percent have not implemented key email protection, Domain-based Message and Reporting Conformance (DMARC), placing US citizens at risk.

Online Trust Alliance Responds to FTC Feedback Request with Suggested CAN-SPAM Act Modifications

Wed, Aug 30, 2017

Reston, VA – The Online Trust Alliance (OTA), an Internet Society (ISOC) initiative with the mission to enhance online trust, today announced it has submitted its response to the U.S. Federal Trade Commission’s (FTC) request for comments about the CAN-SPAM Act. While OTA believes the U.S.

Marketing & Unsubscribe Best Practices

Consumers often react negatively to email which they feel is irrelevant to their interests or which may be sent to their inboxes too frequently. Today ISPs are placing added weight on user engagement to make a determination on the placement of email into the user’s inbox, junk or spam folder. With these considerations, it is in any marketer’s best interest to create a trustworthy unsubscribe mechanism for their recipients. The opt-out function should be easily discoverable and useable. OTA encourages mailers to move past the minimum compliance requirements outlined in the U.S. CAN-SPAM Act and the recently passed Canadian Anti-Spam Legislation (CASL). More >

Jun 20, 2017
KOMO TV News

Banks and government agencies always push us to do business online, but many of them get a failing grade when it comes to website security.  The latest online security audit by the Online Trust Alliance shows mixed reviews for websites that collect your your private information.  Healthcare.gov scored high for both tight security and strong privacy. The U.S.

OTA Finds Retailers Honoring Email Unsubscribe Requests Faster than Ever

Wed, Nov 2, 2016

Bellevue, Wash.  – Today global non-profit think tank the Online Trust Alliance (OTA) released its 2016 Email Marketing & Unsubscribe Audit report. Now in its third year, the Audit analyzes the newsletters and promotional emails for end-to-end user experience from signup through unsubscribe for the world’s largest 200 e-commerce websites as define

Nov 2, 2016
MarketingLand

After analyzing email marketing unsubscribe practices of the top 200 e-commerce sites based on revenue (per Internet Retailer Magazine), the OTA found 81 percent of online retailers were using “clear and conspicuous” unsub links in emails – compared to 97 percent in 2015. On a brighter note, 85.6 percent of the online retailers analyzed stopped sending emails immediately after receiving unsubscribe requests – an improvement over

Nov 2, 2016
MediaPost

The Online Trust Alliance (OTA) released its third annual Email Marketing & Unsubscribe Audit report on Wednesday, revealing that nearly 6% of retailers are violating anti-spam laws in the United States and Canada by failing to honor unsubscribe requests. The nonprofit think tank registered to receive the email marketing messages and newsletters of the top 200 global retail brands to analyze ten key best-practice areas for email

Transport Layered Security (TLS) for Email

Today email is effectively a plaintext communication sent from email clients to receiving email servers or from one server to another.  This design limitation leaves the content of a message in transit open for anyone to eavesdrop; from a wireless hotspot at the airport or coffee shop to your ISP and internet backbone providers that carry your messages throughout the world.

Subscribe to Email Authentication & DMARC