OTA recognizes the critical role email plays in today's online ecosystem, and publishes the following Recommendations:
- Deploy email authentication across all outbound email. This allows email receivers to easily identify legitimate email, which is the necessary first step towards protecting consumers from fraudulent email.
- Check email authentication on all inbound email. Inbound checking allows companies to reduce the risk of spear-phishing and resulting data-loss by rejecting email from the outside world that is pretending to be from the company.
- Require partners to adopt email authentication — deploy outbound and check inbound. When ready, apply controls to reject partner email that fails authentication. Ask business partners to do the same. Doing this allows companies to reduce the risk of being spear-phished and to begin attaching trust to partner communications.