Government Agencies in Dire Want of E-mail Authentication System
According to OTA (Online Trust Alliance), which has just released a study report, a frightening number of government organizations and prominent retailers are failing in authenticating e-mails that are sent out from their servers, thus making their brands vulnerable to phishing attacks.
E-mail authentication system, which is generally transparent to Internet users, allows servers to confirm if the source of the e-mail they receive is indeed the sender or domain, which the message claims to arrive from. The technology also confirms if the person sending the e-mail is officially permitted to make use of that domain.
However, according to OTA's research, 56% of the leading government websites do not employ this kind of authentication. Similarly, an analysis of top business websites revealed that there was better utilization of e-mail authentication in the private commercial sector, with 55% of the businesses using it.
Says Craig Spiezle, Chairman of OTA, that it is simply unacceptable that while scams are escalating on the Internet and faith dwindling among consumers, these government agencies and enterprises keep on using alternative systems. GCN reported this on April 14, 2009.
State the security specialists, any organization carrying out financial transactions over the Internet with its clients could potentially become a target for online thieves/phishers. For, these phishers might send hoax e-mails to the clients, falsely claiming to be from the organization and trick the recipients into giving away their usernames, passwords and account numbers. Therefore e-mail authentication is absolutely essential, suggest the experts.
Moreover, since the e-mail senders' IDs can be spoofed without difficulty, such an ID of a so-called reliable source could be utilized in getting an e-mail through the anti-spam systems that could, in turn, be used to entice victims onto dangerous malware-serving websites.
The specialists also note that these kinds of assaults not only affect the victim via data theft, but also brings bad name to the government organization or enterprise, whose domain has been abused by the scammers.
Meanwhile, according to OTA, the U.S. agencies that do use e-mail authentication include the CIA, Census Bureau, FTC, IRS, Social Security Administration and the Federal Deposit Insurance Corp. On the other hand, the FBI, Homeland Security Department, White House and the Secret Service are some of the departments running without authentication system.
Related article: Government Sways in Fresh Data Breach Scandal
» SPAMfighter News - 21-04-2009