Release received from the OTA:

SEATTLE, WA – April 14, 2009 – The Online Trust Alliance (OTA) today gave leading government agencies and online retailers a failing grade in preventing deceptive email and phishing scams based on its newly released analysis of email authentication adoption. While adoption has grown over the past year, OTA found approximately 56 percent of the top .gov sites – including,, and – still are not protecting U.S. citizens through the use of email authentication. At the same time, progress has been made by other government agencies including the Census Bureau, CIA, FDIC, VA and FTC.

The organization also found that among the top online retailers 45 percent have not adopted email authentication – leaving brands, domains, and most importantly consumers exposed to security and privacy threats. While OTA recognizes many leading brands including Amazon, Dell, Office Depot, Apple, Costco and Staples have adopted increased online security measures, many others including Sears, Victoria’s Secret, Gap and Nordstrom are failing to adequately protect their brands and customers through email authentication.

OTA will also release similar data on The Fortune 500 at the upcoming OTA Online Trust Town Hall Meeting on April 23 in San Francisco. At the forum, OTA will present best practices including data governance, privacy and behavioral targeting with the goal of increasing the adoption of best practices to protect consumers.

“It is incomprehensible that in this period of escalating online scams and diminishing consumer confidence these agencies and businesses continue to sit on the sidelines,” said Craig Spiezle, OTA Chairman and Founder. “Best practices not only need to be adopted by business, but also by governmental agencies. OTA members reiterate their willingness to provide resources and assistance to these organizations.”

With the tax deadline tomorrow, OTA recognizes the U.S. Internal Revenue Service ( for their adoption of best practices and commitment to curb online abuse. Recognizing the increasing levels of phishing and scams targeting US citizens, the IRS adopted many best practices including Extended Validation SSL certificates, email authentication and other security and privacy protection measures.

Need help getting Authenticated? Read my prior post on Email Authentication