Rooting out fraudulent e-mail by way of authentication

Share this article:

Despite marketers' best intentions to weed out e-mail spam, they are sometimes the victim of phishing or spoofing campaigns whereby a spammer uses their information to send fake e-mails to consumers, sullying their name and customer goodwill. The task of rooting out such spam often falls to the service providers, such as Google and Yahoo, but these services are far from fool-proof.

On Monday, Return Path rolled out a service designed to give marketers more control over this process. “Domain Assurance” is an e-mail authentication service designed to prevent phishing or spoofing e-mail from reaching the inbox. The service conducts a companywide e-mail domain audit to ensure each sender within the company – whether mailing transactional, marketing or corporate e-mail – is authenticated. These “authenticated” domain names then go into a registry that the Internet service providers (ISPs) and other e-mail inbox providers can access to determine whether the e-mail headed to your inbox is coming from the company it says it is. If anything looks remiss, i.e., the domain name is incorrect, the service provider can block the e-mail from the intended victim's inbox.

The service, which Return Path first debuted in beta last June, also provides clients with alerts about fraudulent e-mails and other e-mail intelligence on phishing and other scams related to their domain.

“We're using it to instill trust in our card holders, and if people trust our messages they're more likely to take an action,” said Nathan Fehler, e-mail marketing manger at prepaid debit card issuer NetSpend, a Domain Assurance user. “It alerts you to internal set up challenges or issues, as well as external threats.”

Financial services companies can be particularly prone to such e-mail phishing scams, noted Sam Masiello, Return Path's general manager and chief security officer who joined the company this month from McAfee. However, interest in Domain Assurance has come from a swath of industries, he said, including daily deal sites, large gaming companies and large hotel companies.

“Phishing and spoofing is a huge problem,” he said. “It can cause huge damage to a brand's reputation.”

Return Path also said Google is working with the program, in addition to Yahoo, Tucows and Cloudmark.

Fehler pointed out that the task of blocking fraudulent e-mail typically sits with the ISP, but NetSpend has additional protections in place through Domain Assurance.

“The ISPs are supposed to be doing this on their own,” he said. “They should be doing this, but a lot of it is falling through.”

Anne Mitchell, CEO and president of the Institute for Social Internet Public Policy (ISIPP), which offers e-mail accreditation services through its SuretyMail, suggested NetSpend might be in the minority when it comes to taking its e-mail marketing to this level of assurance.

“The people who care about the actual authentication of sending systems, it's not the marketers that care about that, it's the receivers,” she said. “That's because they're the ones being deluged with this incoming e-mail and they need a way to quickly differentiate, to triage, ‘Which ones should we pay attention to?'”

SuretyMail authenticates its customers' e-mail in a three-step process whereby the provider can look for the domain name and its corresponding IP address, as well as an IP address embedded in the e-mail's sending header. It works with “all the major ISPs,” according to Mitchell.

“So someone can spoof one of those things but not all three of those,” she added. “It's a system of checks and balances.”

Share this article:

Sign up to our newsletters

Follow us on Twitter @dmnews

Latest Jobs:

More in Email Marketing

Movable Ink Joins Epsilon's Agile Email Movement

Movable Ink Joins Epsilon's Agile Email Movement

Epsilon takes a partner to peg the dynamic content delivered by Agility Harmony to live information.

To Send or Not to Send More Email: That Is the Question

To Send or Not to Send More Email: ...

"It's not a matter of 'one email a day is fine, but two emails a day is too much.'"

Forrester: Keep Your Eye on the Email

Forrester: Keep Your Eye on the Email

Merging email with other channels is all well and good, but a Forrester Wave analysis holds that the email channel itself could stand improvement.