Today Return Path is announcing the launch of a new product aimed at fighting phishing emails. Domain Assurance includes an audit and a registry to help brands properly authenticate all of the email and allow ISPs to confidently block unauthenticated email. The service leverages Return Path’s relationships with more than 130 of top ISPs around the world and will launch with the participation of Yahoo!, Comcast, Cloudmark and Tucows.
Phishing messages are extremely dangerous, as they often contain links that lead to malware and viruses that can access private accounts and steal valuable personal data. These emails have a corrosive effect on brands as consumers become wary of any email from often-spoofed domains.
And phishing scams are on the rise. In December 2009, 46,190 phishing web sites were detected and hundreds of brands were hijacked by phishing scams, according to the Phishing Activity Trends Report 4th Quarter 2009 issued by the Anti-Phishing Working Group (APWG).
Email authentication protocols were created, in part, to combat the problem of phishing and spoofing by giving businesses a way to identify their email and giving mailbox providers a means to block malicious email that purported to be from a well-known brand when it was not.
Unfortunately, many companies have struggled to implement the standards correctly or consistently. In fact, Online Trust Alliance (OTA) data shows just how widespread the problem is. While retailers seem to get it (email authentication has been adopted by 76% of the Internet Retailer 100 and 54% of the IR 500), only 50% of leading businesses overall have adopted SPF/SIDF or DKIM or both. More troubling, OTA found that only 51% of leading financial institutions had adopted email authentication. And adoption of email authentication by “consumer facing” government sites (for example, .gov and .mil) is abysmal at just 32%.
Because of inconsistent adoption, ISPs and other mailbox providers have been unable to unilaterally block unauthenticated email for fear that consumers would not receive wanted email.
Domain Assurance solves both of these problems by first auditing a company’s email streams to be sure authentication has been properly implemented. Then, the company’s domains are added to a registry. Participating ISPs can check the registry and block any unauthenticated emails coming from the domains found there. Return Path provides on-going checks for authentication accuracy and alerts participating companies any time their brand is phished or spoofed.
“At Cloudmark, we are fully committed to the fight against messaging abuse through innovative product development and strategic alliances,” said Jamie de Guerre, CTO, Cloudmark. “With Domain Assurance, top brand marketers and publishers can now more easily join that fight and protect their customers and their brands from the harm that comes from phishing attacks. We are pleased to partner with Return Path to make email authentication more effective.”
This service extends the mission of Return Path to make the email inbox a clean and well-lighted place. We work with top mailbox providers to collect and score email reputation data to help them identify and prevent messaging abuse. And we work with top-brand marketers and publishers to make inbox standards transparent so they can get their messages delivered to the customers who want them and increase their success with email.
Read our press release to see what the folks at Yahoo, Comcast, Tucows and Publishers Clearing House have to say about Domain Assurance.
If your company is interested in joining the beta for this product, email domainassurance [at] returnpath [dot] net to see if you qualify.