Embed Size (px)
Citation preview
© Copyright 2015 ValiMail. All rights reserved. Confidential and Proprietary.
Bringing Trust To EmailTM!
Email: I need you, but I don’t trust you
© Copyright 2015 ValiMail. All rights reserved. Confidential and Proprietary.
Bringing Trust To EmailTM!
Email is Everywhere…
Sources: http://www.radicati.com/wp/wp-content/uploads/2013/04/Email-Statistics-Report-2013-2017-Executive-Summary.pdf http://blog.getvero.com/email-marketing-statistics/
Email Is Effective!• 82% of consumers open marketing email !• 66% of consumers buy online due to email!• Email marketing has an ROI of 4300%!
Email is massive
• 200 Bn emails/day!• 91% of consumers check email daily!• 4.1 Bn active email boxes growing to 5.2 Bn by 2018!
Email is effective
© Copyright 2015 ValiMail. All rights reserved. Confidential and Proprietary.
Bringing Trust To EmailTM!
Phishing is a Primary Attack Vector
100M phish/day Phish = #1 attack vector
84% of all email is spam/phish
!
© Copyright 2015 ValiMail. All rights reserved. Confidential and Proprietary.
Bringing Trust To EmailTM!
?
Why Does Phishing Work?
Exploits trust:!• Email’s original sin: no authentication!• No way to know whether to trust the source
!
.gov .com
Boeing
Senate
NASA?
??
?
© Copyright 2015 ValiMail. All rights reserved. Confidential and Proprietary.
Bringing Trust To EmailTM!
.gov .com
Senate
NASA
Attack Phishing at the Root
✔ ︎
✔ ︎
✔ ︎
✔ ︎
Trust = Email Authentication:!• Fixes email’s original sin!• Authenticate the sender = Trust the source
✔ ︎
Boeing
© Copyright 2015 ValiMail. All rights reserved. Confidential and Proprietary.
Bringing Trust To EmailTM!
“We Are Moving To No Auth, No Entry” - Google
Internet-Scale Email Authentification!• An open standard (RFC 7489)!• Eliminates domain phishing impersonation!• 2.5+Bn consumer mailboxes (80%+ US consumers) protected!
Introducing DMARC
Enterprise Adoption
ISP Adoption
© Copyright 2015 ValiMail. All rights reserved. Confidential and Proprietary.
Bringing Trust To EmailTM!Sources: !Agari blog, DMARC.org!
DMARC is Effective
70% drop! in suspicious!
emails!!
25M phish!blocked !
over 2 months !period!
5000% drop !in phish !
once DMARC-enabled!
Immediately !blocked !
100M phish/day!
© Copyright 2015 ValiMail. All rights reserved. Confidential and Proprietary.
Bringing Trust To EmailTM!
Google uses the carrot and stick approach to drive consumer and !corporate adoption of email authentication!
Major ISPs Insist on Email Authentication
No Authentication = No Logo
© Copyright 2015 ValiMail. All rights reserved. Confidential and Proprietary.
Bringing Trust To EmailTM!
Sources: OTA, ValiMail!
Vertical! 2013! 2014! 2015!FDIC 100! 13%! 21%! 24%!
eRetailer 500! 3%! 6%! 7%!
Agency! SPF! DKIM! DMARC!
DHS.gov! Poor None! None!
Whitehouse.gov! Fail None! None!
NASA.gov! Average! None! None!
Healthcare.gov! None! Excellent! None!
FannieMae.com! None! None! None!
FDIC.com! Average! Average! None!
US Government Entities are mostly open to phishing attacks.!
But Adoption is Still Nascent…
None!
None!
None! None!
None!
None!
None!
None! None!
None!
None!
None!
© Copyright 2015 ValiMail. All rights reserved. Confidential and Proprietary.
Bringing Trust To EmailTM!
• Anthem alone has 10+ state AGs warning the public re: email phishing scams!• “Just be careful, but you’re on your own”!
…and Fed & State Responses Don’t Include DMARC
No mention of DMARC!
© Copyright 2015 ValiMail. All rights reserved. Confidential and Proprietary.
Bringing Trust To EmailTM!
Why Isn’t DMARC Used More Widely?
1. Awareness is low 2. Difficult to set up 3. Difficult to maintain
Vendors are working to address these issues
Threat Data & Reporting Automated SaaS/On-Premise
DIYMail Deliverability
© Copyright 2015 ValiMail. All rights reserved. Confidential and Proprietary.
Bringing Trust To EmailTM!
Start Authenticating Now!
• Insist on authentication!
• Learn more: DMARC.org!
• Contact me: [email protected]. I will connect you to the right vendor/solution !
“We authenticate credit cards, why don’t we authenticate email?”!
