Many cyberattacks begin with a phony email, a tactic known as phishing, which is most likely how 5 million Saks and Lord & Taylor customers’ personal banking information was "breached."
Online retailers are not protecting their consumers, especially as consumers’ preference for online product research and shopping continues to grow. Instead, retailers rely on the email channel to provide an optimal customer experience, and, according to
This disconnect should be very troubling to online shoppers, because
At the very least, all online retailers should use a Domain-based Message Authentication, Reporting and Conformance (DMARC) policy on all their sending domains, along with an email authentication policy like a Sender Policy Framework (SPF) record or a DomainKeys Identified Mail (DKIM) policy, but preferably both. DMARC is a sender-published policy for messages that fail email authentication tests. Deploying a DMARC policy is the first step to protecting consumers, employees, and their brands from phishing attacks.
A DMARC reject policy is considered the gold standard of email authentication, as it removes all possibilities of a recipient receiving the phishing email. This policy better ensures a malicious email never reaches the recipient, as opposed to arriving in the inbox (no policy or “none” policy), or placement in a spam or quarantine folder (quarantine policy).
After implementing a DMARC policy, some brands reported a double-digit increase in their marketing email Inbox Placement Rates (IPR), and single-digit growth in opens and clicks. If a double-digit boost is not enough of a push for retailers,
Taking the first step in properly setting up email authentication by deploying a DMARC policy, e-retailers are better prepared to protect their brand, customers and employees from phishing attacks.
