eCert Inc. on Thursday announced a partnership with the Financial Services-Information Sharing and Analysis Center and BITS, the technology policy division of the Financial Services Roundtable, that will make its email certification service available to members of those industry groups.
eCert's Email Domain eCertification Service aims to thwart email fraud and phishing by registering and monitoring domains that send email. It's based on the guidelines in the BITS
The partnership with BITS and FS-ISAC will provide their members with email traffic and fraud data to help them protect their customers against phishing attacks, said Kelly Wanser, CEO of San Francisco, Calif.-based eCert.
"Immediately out of the gate, they can have a view into their email traffic that they don't have today," she said. "They can get a handle on how much traffic they have, where it is, and whether they're authenticating it. That's the baseline you need to step forward."
Email is a core capability in the financial industry, but "from a security perspective, it's the weakest application because of its exposure to phishing and the ease with which bad actors who are looking to commit fraud can use email to do that," she said.
According to BITS, the basic "Trusted Email Registry" that will be available to members of the industry groups will allow institutions to monitor a limited number of their domains' email traffic, receive reports and have access to a TLS key contact registry. An enhanced version of the service provides monitoring of a larger number of domains, deployment services to establish DKIM and SPF, policy enforcement for DKIM and SPF, and ISP intermediation.
"eCert's approach is aligned with our industry's goals, and the partnership represents a significant advance toward increasing the safety of email and improve the confidentiality and integrity of online services," Larry Seibel, senior vice president, Huntington Bancshares and chairman of the BITS Security Steering Committee, said in a prepared statement.
eCert works with email service providers, including Google and Yahoo, which use the company's domain registry in order to verify messages and block phishing emails.