About Us Membership Resources OTA Members Login

PRESS RELEASE

U.S. Government Agencies and Internet Retailers Receive Failing Grade in
Preventing Deceptive Email and Phishing Scams

Research confirms 56% of .gov and 45%of eCommerce sites not taking appropriate security measures

SEATTLE, WA – April 14, 2009 – The Online Trust Alliance (OTA) today gave leading government agencies and online retailers a failing grade in preventing deceptive email and phishing scams based on its newly released analysis of email authentication adoption. OTA found approximately 56 percent of the top .gov sites – including Whitehouse.gov, Senate.gov, FBI.gov, Treasury.gov and DHS.gov – are not protecting U.S. citizens through the use of email authentication. The organization also found that among the Internet Retailer 300, 45 percent of these top eCommerce sites have not adopted email authentication – leaving brands, domains, and most importantly consumers exposed to security and privacy threats.  Top brands failing include Sears, Victoria’s Secret, the Gap and Nordstrom.
 
OTA will also release similar data on Fortune 500 email authentication adoption at the upcoming OTA Online Trust Town Hall Meeting on April 23 in San Francisco. At the forum, OTA will present best practices including data governance, privacy and behavioral targeting with the goal of increasing the adoption of best practices to protect consumers.
 
Many of the organizations and businesses that have failed to use some form of these email authentication standards include SPF/Sender ID or DomainKeys Identified Email (DKIM) have become victims of forged email and online exploits.  Email authentication has been widely heralded as a best practice to help curb deceptive email and phishing exploits, which are some of the leading tactics for identity theft.
 
“It is incomprehensible that in this period of escalating online scams and diminishing consumer confidence these agencies and businesses continue to sit on the sidelines,” said Craig Spiezle, OTA Chairman and Founder.  “Best practices not only need to be adopted by business, but also by governmental agencies.  OTA members reiterate their willingness to provide resources and assistance to these organizations”.
 
With the tax deadline tomorrow, OTA recognizes the US Internal Revenue Service (irs.gov) for their adoption of best practices and commitment to curb online abuse.  Recognizing the increasing levels of phishing and scams targeting US citizens, the IRS adopted many best practices including Extended Validation SSL certificates, email authentication, and other security and privacy protection measures.
 
OTA will release a list of recommended best practices for online behavior and email authentication at the upcoming OTA Email Authentication Workshop and Online Trust Town Hall Meeting, both of which are being held on April 23rd at the Palace Hotel in San Francisco.
 
The email authentication workshop will be a roundtable discussion of email authentication adoption at the corporate domain level, by ISPs and by domain hosts. The town hall meeting will highlight safe, secure and strategic ways companies can conduct business online while enhancing consumer trust.  Town Hall speakers include executives from or formerly with Facebook, PayPal, Bank of America, Microsoft, Publishers Clearing House, American Greetings, the White House, the Federal Trade Commission (FTC), and the Center for Democracy & Technology.  To register for the email workshop of Town Hall, visit https://otalliance.org/InternetTownHall.html
 
Methodology – Analysis was completed during the period of April 3 and April 13, 2009, based on examining the public DNS records of the brands and governmental agencies, as well as examining over 20 million emails sent to consumers purporting to come from the legitimate brand and domain. Data was provided in part by Microsoft Corporation, IronPort Systems, MX Logic and Return Path Inc.  Ranking of ecommerce brands is based on data published by the Internet Retailer.  Criteria for top U.S. government sites includes one or more of the following; past incidence of spoofing and phishing, site traffic, and risk of potential exploit for financial data and/or disseminating misleading consumer information.
 
OTA Email Authentication Resources https://otalliance.org/resources/authentication/index.html

About The Online Trust Alliance (AOTA) https://www.aotalliance.org/
The mission of OTA is to create a trusted global online ecosystem and foster the elimination of email and Internet fraud, abuse and cybercrime; thereby enhancing trust, confidence and the protection of businesses and consumers.  Through its member companies and organization affiliates, OTA represents over one million businesses and 500 million users worldwide with regional chapters in Asia Pacific, Canada and Europe. OTA is a 501c6 IRS-approved non-profit, governed by a Board and Steering Committee including Bank of America, BoxSentry, Datran Media, Epsilon, Goodmail Systems, Iconix, Internet Identity, IronPort (a division of Cisco Systems), MarkMonitor, Message Systems, Microsoft Corporation, MX Logic, Return Path, Symantec Corporation and VeriSign.