Want to stop phishers? Use email authentication.

Share This Page

Phishing emails can harm businesses whose identities are spoofed. Don’t want that to happen to your business? Read the new Staff Perspective from our Office of Technology, Businesses Can Help Stop Phishing and Protect their Brands Using Email Authentication.

The best way to keep customers from falling for phishing scams is to keep those emails from ever showing up in customers’ inboxes. There are technical solutions that your business can use to protect your reputation and prevent phishing emails from getting through to your customers. These include:

  • Sender Policy Framework (SPF) – allows you to designate authorized senders
  • DomainKeys Identified Mail (DKIM) – allows you to use digital signatures to verify authenticity of messages
  • Domain Message Authentication Reporting & Conformance (DMARC) – allows you to receive intelligence on potential spoofing attempts; verify the “From” address end users see; and tell receiving email servers what to do with unauthenticated messages that claim to be from your business’ domain. You can even set DMARC to automatically reject unauthorized messages.

The Staff Perspective found that most U.S. businesses use SPF but not DMARC. In fact, less than 10% of the top online U.S. businesses use DMARC’s “reject” policy – the strongest available tool –  to automatically block unauthenticated email. The study concludes that businesses who want to stop phishing and better protect their brands should implement DMARC.

For a full analysis of the Staff Perspective’s findings, and to learn about its methodology, read the entire Staff Perspective or watch this video. 

 

Comments

Great piece. THANKS

Add new comment

Comment Policy

Privacy Act Statement

It is your choice whether to submit a comment. If you do, you must create a user name, or we will not post your comment. The Federal Trade Commission Act authorizes this information collection for purposes of managing online comments. Comments and user names are part of the Federal Trade Commission’s (FTC) public records system (PDF), and user names also are part of the FTC’s computer user records system (PDF). We may routinely use these records as described in the FTC’s Privacy Act system notices. For more information on how the FTC handles information that we collect, please read our privacy policy.