Donate
‹ Back
Building Trust 2 October 2017

Email Authentication & DMARC

OTA recognizes the critical role email plays in today’s online ecosystem, and publishes a set of recommendations that prescribe the adoption of freely available and standards-based email authentication technologies as an effective response to rampant abuse of the email channel.

Email security, authentication and related marketing best practices are the foundation of OTA’s efforts including promoting the integrity of email and standards to counter email fraud and phishing.  Through the combined use of three email authentication standards including Sender Policy Framework (SPF), DomainKeys Identified Mail (DKIM) and Domain-based Message Authentication, Reporting & Conformance (DMARC), they form one of the major components of the annual Online Trust Audit. The Figure below outlines how email authentication provides the ability for ISPs and receiving networks to detect and block spoofed and forged email. (See related overview and recommendation of TLS for email to help protect the privacy of email in transit). To view current adoption practices of leading banks, commerce sites, government agencies and consumer services click here.

OTA recognizes the critical role email plays in today’s online ecosystem, and publishes the following recommendations:

  1. Deploy email authentication across all outbound email. This allows email receivers to easily identify legitimate email, which is the necessary first step towards protecting consumers from fraudulent email.
  2. Check email authentication on all inbound email. Inbound checking allows companies to reduce the risk of spear-phishing and resulting data-loss by rejecting email from the outside world that is pretending to be from the company.
  3. Require partners to adopt email authentication — deploy outbound and check inbound. When ready, apply controls to reject partner email that fails authentication. Ask business partners to do the same. Doing this allows companies to reduce the risk of being spear-phished and to begin attaching trust to partner communications.

Email Authentication Resources >

‹ Back

Related articles

Email Integrity Audit
Building Trust2 October 2017

Email Integrity Audit

Email security, authentication and related marketing best practices are the foundation of OTA's efforts including promoting the integrity of email and standards...

Email Security Committee
Building Trust1 October 2017

Email Security Committee

The committee works to promote adoption of email security, sending and authentication best practices for all classes of email senders...

Email Practices & Reports
Building Trust2 October 2017

Email Practices & Reports

Identifying best practices to help bolster the integrity of the email marketing channel is one of OTA’s key initiatives. By...

Join the conversation with Internet Society members around the world