|
The escalating level of threats and impact to online trust and privacy has increased the critical need for the detection and elimination of deceptive and fraudulent email. It is estimated that upwards of 10% to 80% of email from leading brands, banks, and ISPs is spoofed, with the intent to mislead recipients into visiting deceptive sites and in some cases installing malicious software.* At the same time consumer and privacy advocates are raising concerns on the lack of clear consumer consent and notice, choice and control of the email they opt in to receive.
Responding to these threats, several parallel efforts emerged in late 2003 to address spoofing and their impact on consumers, brands, ISPs, and corporate receiving networks. Two leading standards have evolved including the Sender ID Framework (SIDF), a merger of Microsoft Caller ID for email and Sender Permitted From (SPF), and DomainKeys Identified Email (DKIM), a merger of Yahoo DomainKeys and Cisco’s Identified Internet Mail protocols.
It is the view of AOTA that these technologies (DKIM and SIDF) are complementary. Each has their respective strengths and weaknesses, but when combined, and correctly implemented, they have the potential to provide value to all stakeholders. Authentication protects brands from spoofing, and reduces the incidence of deceptive emails reaching consumer inboxes. It assists receiving networks to detect spam and enhance the delivery of legitimate email when utilised in conjunction with domain and IP reputation data.
AOTA is encouraged to report that the adoption of email authentication has reached a tipping point, demonstrating business commitment to self-regulation and accountability.
While the needle has moved, more needs to be done and marketers as well as ISPs need to increase their level of commitment and accountability. AOTA’s research has uncovered key developments in email authentication:
- 58% of legitimate email volumes sent daily worldwide is authenticated
- Benefits to senders and receivers are tremendous and have been clearly articulated
- Standards to adopt are now clear (challenges for deployment are business-process related rather than cost or technical concerns, as might be expected)
- Solutions are widely available (over 100 vendors, ISPs, and service providers)
AOTA is calling on all brand owners to implement email authentication at the top level corporate domain by November to help protect consumers during the upcoming holiday season. Those brands who adopt will be taking a step forward in protecting their consumers, brands and stockholders. Those that fail will realise a competitive disadvantage and expose their brands to an unacceptable level of potential exploits.
It is incumbent upon all business, as well as governmental agencies to expedite the implementation of outbound and inbound email authentication. While email authentication is not a silver bullet, it is an effective countermeasure. Authentication is an essential ingredient in the ‘cocktail’ of solutions designed to preserve the internet, prevent data abuses and protect consumer privacy. Brand owners and stakeholders need to consider the role of reputation and accreditation solutions which build upon authentication to improve the deliverability of legitimate email while keeping spam and other threats from the inbox.
While great strides have been made, AOTA is seeking even greater adoption to protect the online trust ecosystem. This can only be achieved if ISPs make a similar commitment. Sitting on the side lines is no longer a responsible option. ISPs, consumer brands and governmental agencies committed to protecting their customers, employees and stockholders to adopt both protocols (DKIM and or SIDF) need to adopt by November 1. AOTA asserts that email authentication needs to be incorporated into all businesses and governmental data governance policies and privacy programmes today. Authentication must be treated as a high priority. While governmental agencies such as the Federal Trade Commission have been supportive and encourage adoption, non-compliant businesses and ISPs need to accelerate their support (www.ftc.gov/bcp/workshops/e-authentication/index.shtm).
Achieving a trust ecosystem can only be achieved via support from all stakeholders. Now is the time to provide consumers with the control of their inbox, while providing them notice and choice. For marketers and their brands it means aligning the consumer expectation of the frequency and relevance of email they want to receive. Combined with authentication and increased accountability, will help assure the long term vitality of the internet and the ROI of email marketing.
For information and implementation guides, visit http://aotalliance.org/resources/
Craig Spiezle
Chairman
AOTA
* A sampling over 100 million emails sent from August through December 2007.
|
