Federal Trade Commission recommends Email Authentication to prevent Phishing

Want to stop phishers? Use email authentication.

Phishing emails can harm businesses whose identities are spoofed. Don’t want that to happen to your business? Read the new Staff Perspective from our Office of Technology, Businesses Can Help Stop Phishing and Protect their Brands Using Email Authentication.

The best way to keep customers from falling for phishing scams is to keep those emails from ever showing up in customers’ inboxes. There are technical solutions that your business can use to protect your reputation and prevent phishing emails from getting through to your customers. These include:

  • Sender Policy Framework (SPF) – allows you to designate authorized senders
  • DomainKeys Identified Mail (DKIM) – allows you to use digital signatures to verify authenticity of messages
  • Domain Message Authentication Reporting & Conformance (DMARC) – allows you to receive intelligence on potential spoofing attempts; verify the “From” address end users see; and tell receiving email servers what to do with unauthenticated messages that claim to be from your business’ domain. You can even set DMARC to automatically reject unauthorized messages.

The Staff Perspective found that most U.S. businesses use SPF but not DMARC. In fact, less than 10% of the top online U.S. businesses use DMARC’s “reject” policy – the strongest available tool –  to automatically block unauthenticated email. The study concludes that businesses who want to stop phishing and better protect their brands should implement DMARC.

For a full analysis of the Staff Perspective’s findings, and to learn about its methodology, read the entire Staff Perspective or watch the video at https://www.ftc.gov/news-events/blogs/business-blog/2017/03/want-stop-phishers-use-email-authentication?utm_source=govdelivery