Jeff from Return Path emailed me this morning to tip me off to a new full court press by some industry heavyweights to combat spam, spoofing and phishing. According to the Online Trust Alliance, only 50% of leading retail companies overall have adopted SPF/SIDF or DKIM to authenticate their email. While eCommerce companies seem to be doing a better job at adopting this approach, we still have a long way to go. That being the case, any effort (especially a strong brand joint effort) is worthy of praise and deserves some exposure.
Here’s what Return Path has to say about this new initiative…
Return Path, announced today the launch of Domain Assurance, an audit and registry service aimed at battling phishing and spoofing by enabling the widespread use of email authentication protocols. The service leverages Return Path’s relationships with the top ISPs around the world and its reach with 2,500 brand-name clients. It is currently in beta with a commercial launch planned for Q3 2010.
Domain Assurance provides companies with an audit of all email streams to determine if they are properly authenticated. Return Path’s team of email experts can then assist companies to authenticate all of their email – corporate, transactional and marketing. The company’s domains then go onto a registry and any improperly authenticated email coming from that domain can be blocked by mailbox providers with confidence. Companies that have registered will also receive immediate notification of spoofing and phishing attacks to their brands. In turn, ISPs and other mailbox providers will be able to protect their customers from phished emails pretending to be from registered companies.
Return Path has extended its current relationships with Yahoo!, Comcast and Tucows to include the use of Domain Assurance, bringing the product’s coverage at launch to almost 400 million mailboxes worldwide. In addition, Cloudmark, which provides carrier-grade messaging infrastructure and security solutions, will make the service available to its customers who service over 1 billion users worldwide. This is in addition to Return Path’s current partnerships with more than 130 ISPs and mailbox providers covering more than 1.8 billion inboxes around the world through its Certification service.
“We are huge proponents of DKIM and its application as an extra security barrier to protect our nearly 300 million Yahoo! Mail users worldwide,” said Mark Risher, Head of Product Management and Spam Czar for Yahoo! Mail. “We look forward to working with companies like Return Path to further help spread the adoption of domain keys technology across the industry and further reduce the number of spammers and phishing threats.”
“This is an important step in protecting our customers,” said Jordan Rosenwald, Manager of Anti-Abuse Technology for Comcast. “With Return Path auditing branded senders before Comcast and other mailbox providers discard unauthenticated email, we’re protecting our customers from phishing on a level and size that’s not been done before. This is an important and exciting move for the industry as a whole.”
“Making the internet easy and safe is important to Tucows and with Return Path’s Domain Assurance, an additional level of protection against phishing and spoofing can be realized. The brand owners and Return Path have taken the onus and risk out of dropping messages that are not properly DKIM signed allowing Tucows to confidently utilize DKIM and further protect our OpenSRS Hosted email customers,” said Garrick Lau, Manager, IT Security and Compliance, Tucows Inc.
“When your brand is as well-known as ours you are going to be a target for phishing attacks,” said Sal Tripi, Senior Director of Operations and Compliance, Publishers Clearing House (PCH). “If undetected, these attacks can hurt our brand reputation, make consumers wary of email and can harm our loyal customers. There are direct costs to these attacks in the form of increased customer service and loss of revenue as a result of consumer fear. Protecting our customers and improving online trust is a key initiative for PCH.”
Email authentication held out the promise of ending phishing and spoofing by giving businesses a way to identify their email and giving mailbox providers a means to block malicious email that purported to be from a well-known brand when it was not.
Unfortunately, many companies have struggled to implement the standards correctly or consistently. In turn, ISPs and other mailbox providers have been unable to unilaterally block unauthenticated email for fear that consumers would not receive wanted email.
“We want to remove the hurdles that businesses face in implementing authentication protocols so that they can fulfill their promise to improve the health of the email ecosystem,” said George Bilbrey, President, Return Path.