2020 Prediction: All Unauthenticated Emails Will Be Blocked From the Inbox
Here at Return Path, we like to stay ahead of the curve when it comes to email so we can equip our customers with the best data, insights, and tools to promote and protect their brands.
That’s why we explored the future of email by making 20 predictions in our new ebook: Email 20/20: 20 Visionary Ideas to Furtureproof Your Program. In this blog post, we’ll dive deeper into one of these predictions relating to email security:
All unauthenticated emails will be blocked from the inbox.
What’s the thinking behind such a prediction? The enduring vulnerability of the email channel.
Email is under attack.
Email has become the weapon of choice for cybercriminals. More than half of internet users get a least one malicious email per day. And this threat is growing—in the first quarter of 2016, the Anti-Phishing Working Group (APWG) observed more phishing attacks than at any other time in history.
Email fraud impacts companies of all sizes and across all sectors. It costs the average large organization $3.7 million per year, exposes your organization to unprecedented risks, and puts customer retention at serious risk.
Increasing customer retention by 5 percent can lead to a 25-95 percent increase in company profits. As customer trust and retention decreases, so too will profits.
Mailbox providers are removing the guesswork.
While many companies invest in customer education to fight email fraud, users are not getting better at identifying phishing emails.
In fact, they’re getting worse. According to Verizon, 30 percent of phishing messages were opened by targeted users (up 30 percent from last year) and 12 percent went on to click malicious attachments (up nine percent since last year).
In an effort to improve user experience and mitigate risk, mailbox providers are taking matters into their own hands by cracking down on any company with an insecure email channel.
For example, as of February 2016, Google is flagging emails that fail authentication by replacing company avatars with a red question mark:
Other mailbox providers are following suit, including Microsoft, which inserts a red safety tip bar at the top of both known phishing messages and (potentially legitimate) messages that have failed authentication:
We do not expect this trend to abate. In the future, any unauthenticated legitimate email sent by your company (or by third parties sending on your behalf) will likely be treated as phishing and could be rejected from the inbox entirely.
How your company can prepare.
To avoid making headlines and position your company for the future, you will need to prioritize securing the email channel.
The best way to do it is to implement the right email authentication technology: SPF (Sender Policy Framework), DKIM (DomainKeys Identified Mail) and DMARC (Domain-based Message Authentication Reporting and Conformance).
These protocols will empower you to get visibility into who is sending email on your behalf, lock down your email channel, and instruct ISPs to block any unauthenticated mail from reaching the inbox.
Want to learn more about our email security predictions? Download the full ebook here.
About Amy Gorrell
Amy Gorrell is a Strategic Project Manager for Return Path's Email Fraud Protection team. Amy works with some of our top-tier clients to help eliminate the impact of email fraud. When she's not fighting cyber crime you can find her enjoying the many outdoor activities Colorado has to offer. You can connect with Amy on LinkedIn @Amy Gorrell or follow her on Twitter @amy_gorrell.