Recommended
More Related Content
Viewers also liked
Viewers also liked (14)
Similar to Email Auth - Chertoff - Final
Similar to Email Auth - Chertoff - Final (20)
Email Auth - Chertoff - Final
- 1. © Copyright 2015 ValiMail. All rights reserved. Confidential and Proprietary. Bringing Trust To EmailTM! Email: I need you, but I don’t trust you
- 2. © Copyright 2015 ValiMail. All rights reserved. Confidential and Proprietary. Bringing Trust To EmailTM! Email is Everywhere… Sources: http://www.radicati.com/wp/wp-content/uploads/2013/04/Email-Statistics-Report-2013-2017-Executive-Summary.pdf http://blog.getvero.com/email-marketing-statistics/ Email Is Effective! • 82% of consumers open marketing email ! • 66% of consumers buy online due to email! • Email marketing has an ROI of 4300%! Email is massive • 200 Bn emails/day! • 91% of consumers check email daily! • 4.1 Bn active email boxes growing to 5.2 Bn by 2018! Email is effective
- 3. © Copyright 2015 ValiMail. All rights reserved. Confidential and Proprietary. Bringing Trust To EmailTM! Phishing is a Primary Attack Vector 100M phish/day Phish = #1 attack vector 84% of all email is spam/phish !
- 4. © Copyright 2015 ValiMail. All rights reserved. Confidential and Proprietary. Bringing Trust To EmailTM! ? Why Does Phishing Work? Exploits trust:! • Email’s original sin: no authentication! • No way to know whether to trust the source ! .gov .com Facebook Boeing Senate NASA ? ? ? ?
- 5. © Copyright 2015 ValiMail. All rights reserved. Confidential and Proprietary. Bringing Trust To EmailTM! .gov .com Senate NASA Attack Phishing at the Root ✔ ︎ ✔ ︎ ✔ ︎ ✔ ︎ Trust = Email Authentication:! • Fixes email’s original sin! • Authenticate the sender = Trust the source ✔ ︎ Boeing Facebook
- 6. © Copyright 2015 ValiMail. All rights reserved. Confidential and Proprietary. Bringing Trust To EmailTM! “We Are Moving To No Auth, No Entry” - Google Internet-Scale Email Authentification! • An open standard (RFC 7489)! • Eliminates domain phishing impersonation! • 2.5+Bn consumer mailboxes (80%+ US consumers) protected! Introducing DMARC Enterprise Adoption ISP Adoption
- 7. © Copyright 2015 ValiMail. All rights reserved. Confidential and Proprietary. Bringing Trust To EmailTM! Sources: ! Agari blog, DMARC.org! DMARC is Effective 70% drop! in suspicious! emails! ! 25M phish! blocked ! over 2 months ! period! 5000% drop ! in phish ! once DMARC- enabled! Immediately ! blocked ! 100M phish/day!
- 8. © Copyright 2015 ValiMail. All rights reserved. Confidential and Proprietary. Bringing Trust To EmailTM! Google uses the carrot and stick approach to drive consumer and ! corporate adoption of email authentication! Major ISPs Insist on Email Authentication No Authentication = No Logo
- 9. © Copyright 2015 ValiMail. All rights reserved. Confidential and Proprietary. Bringing Trust To EmailTM! Sources: OTA, ValiMail! Vertical! 2013! 2014! 2015! FDIC 100! 13%! 21%! 24%! eRetailer 500! 3%! 6%! 7%! Agency! SPF! DKIM! DMARC! DHS.gov! Poor None! None! Whitehouse.gov! Fail None! None! NASA.gov! Average! None! None! Healthcare.gov! None! Excellent! None! FannieMae.com! None! None! None! FDIC.com! Average! Average! None! US Government Entities are mostly open to phishing attacks.! But Adoption is Still Nascent… None! None! None! None! None! None! None! None! None! None! None! None!
- 10. © Copyright 2015 ValiMail. All rights reserved. Confidential and Proprietary. Bringing Trust To EmailTM! • Anthem alone has 10+ state AGs warning the public re: email phishing scams! • “Just be careful, but you’re on your own”! …and Fed & State Responses Don’t Include DMARC No mention of DMARC!
- 11. © Copyright 2015 ValiMail. All rights reserved. Confidential and Proprietary. Bringing Trust To EmailTM! Why Isn’t DMARC Used More Widely? 1. Awareness is low 2. Difficult to set up 3. Difficult to maintain Vendors are working to address these issues Threat Data & Reporting Automated SaaS/On-Premise DIYMail Deliverability
- 12. © Copyright 2015 ValiMail. All rights reserved. Confidential and Proprietary. Bringing Trust To EmailTM! Start Authenticating Now! • Insist on authentication! • Learn more: DMARC.org! • Contact me: alex@garcia-tobar.com. I will connect you to the right vendor/solution ! “We authenticate credit cards, why don’t we authenticate email?”!