{{ searchResult.published_at | date:'d MMMM yyyy' }}

Loading ...
Loading ...

Enter a search term such as “mobile analytics” or browse our content using the filters above.


That’s not only a poor Scrabble score but we also couldn’t find any results matching “”.
Check your spelling or try broadening your search.


Sorry about this, there is a problem with our search at the moment.
Please try again later.

The depths to which people will sink to make an easy buck through internet scams never ceases to amaze me, and we have seen phishing scams which have used the recent earthquakes in Japan and New Zealand. 

For example, in the aftermath of the New Zealand earthquake, disgraceful opportunists took advantage of this natural disaster by launching a scam, posing as the Red Cross to take advantage of the world’s sense of charity.

This serves as a grim reminder of the uncomfortable truth that we are never truly protected, especially when brands and ISPs are not doing everything possible to prevent phishing and spoofing scams.

Phishing has become an increasingly widespread and hazardous danger in the online world. Recently the UK’s National Fraud Authority set up a dedicated email address encouraging users to forward suspicious emails so that the perpetrators can be prosecuted.

Although providing a valuable role in educating the public on cautionary email use, this fails to address the paramount issue of trust in brands. Even if the user recognises the malevolent nature of the email and passes it on to the authorities, their trust in the associated company name has been compromised – and trust is not only extremely hard to earn but even more difficult to win back.

BBC Breakfast recently focused on a case study of a woman who was a victim of an online scam. It communicated the UK fraud authorities’ message that it’s important for people to shrug off embarrassment and come forward to law enforcement when they’ve been affected, and to take appropriate action to protect oneself from threats.

My own company, Return Path, was recently the target of an email scam as fraudsters attempted to weaken the integrity of our good name as one of the leading combatants against criminal email.

The two compromises we found were dealt with immediately by suspending the IPs and immediately releasing updated lists to our servers – collaborating right away with the affected clients to find the best way forward and ensure the damage was limited as much as possible.

Even though it was Thanksgiving weekend and most of Return Path’s team were on holiday, our staff rushed back into work to deal with the attempted fraud and within hours every target of the scam was contacted by phone and email.

The attack shows that phishing and spoofing isn’t just a big consumer brand issue – every company, B2C, B2B, government and not for profit is vulnerable.

One defence against phishing and spoofing is email authentication. This allows ISPs to verify the IP that sends an email, ensuring only authenticated emails reach the user’s inbox. But even now two thirds of companies fail authentication tests because they are not taking every necessary step in the fight against fraud.

A more robust industry wide form of defence is needed to protect against fraudsters. The potential threat is huge and has disastrous implications for brand identity, which is why big hitters like Google and Yahoo! have partnered with email security scheme Domain Assurance to help to protect email senders from the perils of phishing and spoofing.

It enables ISPs to automatically block all potentially malicious unauthenticated emails purporting to be from a brand’s domain, bringing greater security to the customer’s inbox and maintaining the integrity of email marketers’ brands.

Fraudsters must not be given the opportunity to jeopardise a hard won brand identity. To prevent the success of phishing scams email authentication must be adopted on a massive scale. The petty gains achieved by abhorrent opportunists in the wake of the New Zealand earthquake disaster only shows the importance of preventing these schemes taking advantage of our names, our brands and our charity.

Margaret Farmakis

Published 25 March, 2011 by Margaret Farmakis

Margaret Farmakis is Senior Director of Strategy Consulting at Return Path and a contributor to Econsultancy. 

9 more posts from this author

Comments (2)


Simon West

I am at a complete loss to understand why companies don't put email verification in place for every single one of their outbound emails. Both individually produced by their staff and all their marketing emails.

It's not difficult, it's not expensive but it can kill your business!

over 5 years ago


Tom Atkinson

I've been trying to get the company I work for setup with SPF domain records. Working well and the job will be done soon. But how can I easily test my email configuration? Like my sending an email to a auditing email server would be great, and it could show what I need to do to get SPF records setup on my domain.

over 5 years ago

Save or Cancel

Enjoying this article?

Get more just like this, delivered to your inbox.

Keep up to date with the latest analysis, inspiration and learning from the Econsultancy blog with our free Daily Pulse newsletter. Each weekday, you ll receive a hand-picked digest of the latest and greatest articles, as well as snippets of new market data, best practice guides and trends research.