[ insider_reports_insider ]
Fortune 500 Lacking In Email Validation
David Utter
Staff Writer
2008-07-08
 Insider Reports RSS Feed
One vendor claimed some 60 percent of the Fortune 500 do not use methods of qualifying outgoing email, which could leave them open to being spoofed by forgers.
 | | Fortune 500 Lacking In Email Validation |  |
If you could configure an email server to safeguard your domain's email from forgery, and do so in under a half-hour, you'd likely do so. As a security pro, anything that mitigates threat means one less thing to worry about at a given moment.
Security vendor Secure Computing said on their TrustedSource blog only 202 of the Fortune 500 bother with either SPF (Sender Policy Framework) or DKIM (DomainKeys Identified Mail) for their domains. Both frameworks serve to validate outgoing messages as authentic.
Secure Computing said they put together a list of all 500 primary domains used by the Fortune 500 and queried them to see if they use SPF, DKIM, or both. "Most of the well known Fortune 500s who touch the technology world were using forgery countermeasures of some sort," they noted.
Most of the financial institutions and credit card companies observed in the testing already used SPF for their email. But disturbingly enough, Secure Computing said some well-known names in the banking industry, ones that have been the focus of multiple phishing attacks, did not have SPF or DKIM in place.
The persistent threat of phishing, coupled with its profit potential for criminals, ought to be enough for big companies to implement an outbound verification scheme for their email. It's the customers who really suffer from the risk of not having this in place.
View All Articles by David Utter
About the Author:
David Utter is a business and technology writer for SecurityProNews and WebProNews.
More insider_reports_insider Articles
Insider Reports RSS Feed
|
|
