IronPort Study: Senders Adopting Authentication, But Still Being Phished

CHICAGO–While Fortune 100 companies are rapidly adopting e-mail authentication, their brands are still being phished constantly, according to a study released yesterday at the Email Authentication Summit.

Looking at the top phished brands, including eBay, PayPal and Chase Bank, IronPort Systems Inc., San Bruno, CA, found that five of the top ten most often phished brands use DomainKeys, while nine of the top 10 use Sender ID e-mail authentication technologies.

“Email authentication is a technology, it's not a solution. It's going to take more…compelling reasons for people to adopt,” said Patrick Peterson, chief technology officer for IronPort, San Bruno, CA.

The study's results are surprising, considering e-mail authentication is widely touted as a way to help reduce spam and phishing. Brian Arbogast, a corporate vice president at Microsoft, told Summit attendees, “E-mail authentication is designed for spam and phishing. Authenticate your inbound and outbound e-mail.”

Mass adoption of Domain Keys and Sender ID needs to happen before the brands will see a dent in phishing, Mr. Peterson says.

“Receivers can't put good practices into place before we get mass adoption,” Mr. Peterson said.

Still, IronPort's study found growing adoption of e-mail authentication technologies. Thirty-five percent of all the e-mails in its study are sent using Sender ID, and about 10 percent of e-mails are sent using DomainKeys.

Seventy-five percent of all Fortune 100 companies now use Sender ID for their marketing-related e-mail and 45 percent use DomainKeys.

E-mail senders that are authenticating and still not solving their phishing problems should put pressure on the ISPs, Peterson said.

“The next step is that the receiver builds authentication…[identifying] that you're a good sender,” Mr. eterson said.

Related Posts