I attended the Authentication and Online Trust Alliance (AOTA) Summit in Seattle last week. The Alliance, spearheaded by Craig Spiezle at Microsoft, is focused on improving trust in the e-mail and e-commerce ecosystems, and in pursuing technologies and best practices focused on fighting the ill effects of online fraud. The event was well attended and provided a great deal of useful information and networking.

The mission of the AOTA really can’t be underestimated. For example, according to Goodmail’s research, 55% of e-mail users have definitely received phishing attempts and another 41% may have received them; 87% of e-mail users are concerned about phishing attempts and online identity theft, while 61% are nervous or reluctant about opening e-mails. According to TRUSTe, 75% of e-mail and Internet users don’t like giving out their credit card numbers or personal information online. According to Symantec, there were 25,000 phishing sites as of December 2007, representing a tenfold increase in less than three years. Hundreds of millions have been lost to fake foreign lotteries and to Nigerian scams (Compare Messaging Security products).

There is good news, however. More than 50% of the world’s e-mail is now sent using an authentication system like DomainKeys Identified Mail (DKIM) or Sender ID Framework (SIDF). The adoption of authentication technologies by the Fortune 500 was 39% as of April 2008; up from only 7% in July 2005 – for the Internet Retailer 500, the use of authentication is now at 60%.

The good news is that while spammers, phishers, vishers and others are ratcheting up their exploits, the industry is responding and security is improving, at least in some circles (Compare antispam products).