E-mail isn’t what it used to be. What was once a fast, convenient way to communicate with customers has been hijacked by phishers.
As it stands today, phishers appear to be winning the battle of the inbox and users don’t seem to care. According to a study conducted last summer by Iconix, a majority of consumers don’t perceive phishing to be a problem. They assume all marketing e-mail is tainted and thus ignore the good with the bad.
If consumers aren’t feeling the pinch, online businesses are. A recent study released by Gartner indicates that online retailers have lost $2 billion in revenue last year due to declining consumer trust.
Despite the discouraging numbers, online retailers have tactics at their disposal to fight back and reconnect with customers. Restoring trust in e-mail can be accomplished by implementing e-mail authentication – using identification services to ensure sender legitimacy and providing a visual display for users to identify legitimate messages.
There are two main approaches used today for e-mail authentication, each with their own set of tradeoffs. The first is Sender ID. In this approach, senders publish a list of their authorized e-mail domains/addresses for recipients to verify as they receive the message.
It is simple to implement and the most widely used method today. However, since it only verifies the final path from sender to receiver, it does not work when messages are forwarded, which limits its usefulness.
Then, there are DomainKeys. In this approach, the message is cryptographically signed and a public key is published to allow recipients to verify the original sender and that the message has not been altered in transit. However, implementation requires specific software at the sending e-mail server, which has slowed its adoption.
Even if e-mail authentication worked perfectly and was universally adopted, there are still ways to spoof the system. Because of this, there is a need for an additional layer on top of e-mail authentication to verify who owns the domain being authenticated and that they are legitimate.
Services exist that provide this additional identification layer, but in this case senders subscribe to ensure that their domains and e-mail addresses are accurately verified.
The final step is to display the result of the authentication and identification checks once the e-mail is verified. This display should be through a simple and intuitive visual icon or logo. This allows the user to easily identify authentic messages. With this authentication solution in place, online retailers can regain trust and win the battle of the inbox.
