The Radicati group’s Email Statistics Report of 2013-2017 shows that more than 196 billion emails are sent each day, demonstrating how this channel remains one of the most ubiquitous forms of communications that brands use.
Email continues to be one of the primary tools for exchanging information online, and the very nature of its pervasiveness means that perpetrators of cyber crime are increasingly using it to target customers – taking advantage of a brand’s trusted reputation to commit fraud and target customers with spoof emails that appear to be legitimate.
The weak spot
It is an unfortunate truth that email was created with a fundamental flaw. With no authentication built-in, anyone can send an email using someone else’s identity. Cyber-criminals use many tricks, but one of their favourites is to utilise the design defects in the basic architecture of email to send messages from what looks like a legitimate domain. This is usually a ‘.com’ return address that seems identical to those used by reputable businesses. Unfortunately, ‘spoofing’ these domains is relatively easy to do.
The danger for brands is that, after a customer has experienced a phishing threat, they are less likely to interact with the brand again, which has a direct impact on both financial performance and customer trust.
While businesses have often focused on defending their internal corporate network from phishing attacks, it’s become clear that they need to start looking at ways to protect their most important asset – their customers.
The implementation of DMARC
The good news is that open standards have been developed to prevent email from being used as an avenue of attack. DMARC (Domain-based Message Authentication, Reporting and Conformance) has rapidly emerged as the most prominent standard for checking the authenticity of email and enables organisations to introduce a monitoring policy that provides a clear picture of the email ecosystem.
DMARC was created to address some fundamental problems with existing email authentication technologies (SPF and DKIM). It provides feedback about an organisation’s email authentication implementation and gives Internet Service Providers (Google, Yahoo!, Microsoft, AOL, etc) and recipients guidance about what to do with email that is not authenticated.
Only then is it possible for organisations to get their house in order by ensuring any third party vendors are authenticated senders. It will also allow them to start identifying criminals that are spoofing domains to send spam, malware or phishing emails with malicious intent and to introduce policies that automatically reject unauthentic emails before they even reach the inbox.
Ultimately, today’s customers have high expectations about the experience that is delivered by brands in a digital age. This includes receiving safe and secure communications across all channels, especially email. As a result, all businesses now have an obligation to play a proactive role in breaking the vicious cycle of attacks that plague brands to help protect consumers across the internet.
> See also: 5 tips for keeping corporate email secure
Brand-conscious companies who are determined to secure their most frequently used communication channel are already rapidly implementing DMARC. The end result is a repeatable and scalable way for savvy brands to combat email vulnerability and remove the risk of an infected email ever reaching the intended recipient – their customers.
With eConsultancy’s Email Marketing Industry Census revealing that revenue from email has increased proportionately by 28% over the last year then those businesses that secure their email channel will reap the return on investment. By taking the responsibility seriously, organisations will benefit from greater consumer trust, fewer fraud losses, less operational overheads and a significantly reduced chance of hitting the headlines for all the wrong reasons.
Sourced from Patrick Peterson, CEO and founder, Agari