Leading Industries Fail to Meet Email Integrity Standards

One recent study finds that more than 90 percent of all consumer-facing websites aren't taking the necessary steps to protect against email fraud, thereby compromising customer safety and trust.
Customer Experience

For email to be effective, recipients must trust the sender. Thus, if organizations fail to protect their employees and customers from the dangers of spoofing and phishing, reputations and loyalty are bound to crumble. But, by simply implementing basic security tools, companies introduce the power to stop questionable correspondence in its tracks.

The Online Trust Alliance's "2014 Email Integrity Audit" report, which serves as the companion to the "2014 Online Trust Audit and Honor Roll" report, features an Email Trust Scorecard, which measures the adoption of three critical email security protocols: Sender Policy Framework (SPF); DomainKeys Identified Mail (DKIM); and Domain-based Message Authentication, Reporting, and Conformance (DMARC). Each tool reduces the consumers' risk of receiving malicious or fraudulent emails, thereby strengthening brand reputation and enhancing deliverability. However, as the Scorecard highlights, few leading industries have successfully incorporated said measures into their daily strategies.

The study, which evaluated nearly 800 top consumer websites, revealed that only 8.3 percent passed the test, meaning 91.7 percent of those sites observed failed to meet the minimum standard of protocol adoption. Of those that did pass, the industries broke down as follows:

  • 28 percent of the top 50 social media companies
  • 17 percent of the top 100 financial services companies
  • 14 percent of the top 100 Internet retailers
  • 6 percent of the top 50 news companies
  • 6 percent of the top 500 Internet retailers
  • 4 percent of the top 50 U.S. government agencies

The following statistics demonstrate that, while implementation may be on the rise, progress remains slow and scattered, ultimately leaving employees and customers vulnerable:

  • In 2014, the Internet Retailer 100 indicated the highest level of SPF and DKIM adoption (88 percent), while the Internet Retailer 500 marked the largest year-to-year growth in adoption, climbing from 56 percent to 74 percent.
  • While the Internet Retailer 100 implemented DKIM protocols for 85 percent of its sub-domains, adoption remained minimal for top-level domains (33 percent), emphasizing that companies typically fail to integrate authentication technologies at every level.
  • The FDIC 100 and the Federal Government 50's level of adoption remains disconcertingly low considering the sensitive nature of each industry. While the financial services sector failed to reach 50 percent adoption of both SPF and DKIM, U.S. government sites failed to protect 78 percent of their domains.

Key takeaway: By implementing SPF, DKIM, and DMARC to support their email authentication efforts, companies will achieve three primary benefits across all outbound email streams:

  1. Increased protection from consumers receiving malicious and fraudulent email
  2. Improved brand reputation protection
  3. Enhanced deliverability of legitimate email into users' inboxes

Such tools enable organizations to protect both their brands and their customers from receiving forged emails, for these protocols are designed to detect email spoofing and phishing. Failing to implement such standards ultimately places employees' and consumers' privacy and security at risk. Incomplete applications also hinder progress, as this inconsistency equates to reinforcing and locking the front door to your house, while leaving your side or garage door wide open, according to the report. By neglecting to monitor and defend consumer safety at every touchpoint, organizations compromise brand integrity and consumer trust, harming their reputation and relationships in the process. Thus, these technologies are essential for long-term success, as companies must have such safeguards in place to prevent threats and reduce vulnerability in the future.