DOCSLIB.ORG

Technical Volume 2: Cybersecurity Practices for Medium and Large Health Care Organizations

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Technical Volume 2: Cybersecurity Practices for Medium and Large Health Care Organizations Technical Volume 2: Cybersecurity Practices for Medium and Large Health Care Organizations Table of Contents Introduction ............................................................................................................................................... 3 Cybersecurity Practices at Medium-Sized Health Care Organizations ...................................................... 4 Cybersecurity Practices at Large Health Care Organizations .................................................................... 7 Document Guide: Cybersecurity Practices ................................................................................................ 9 Cybersecurity Practice #1: E-mail Protection Systems ............................................................................ 14 Cybersecurity Practice #2: Endpoint Protection Systems ....................................................................... 24 Cybersecurity Practice #3: Identity and Access Management ................................................................ 31 Cybersecurity Practice #4: Data Protection and Loss Prevention ........................................................... 42 Cybersecurity Practice #5: IT Asset Management ................................................................................... 52 Cybersecurity Practice #6: Network Management ................................................................................. 57 Cybersecurity Practice #7: Vulnerability Management ........................................................................... 65 Cybersecurity Practice #8: Security Operations Center and Incident Response ..................................... 73 Cybersecurity Practice #9: Medical Device Security ................................................................................ 87 Cybersecurity Practice #10: Cybersecurity Policies ................................................................................. 98 Appendix A: Acronyms and Abbreviations ............................................................................................ 101 Appendix B: References ......................................................................................................................... 105 List of Tables Table 1. E-mail Protection Controls ........................................................................................................ 15 Table 2. Basic Endpoint Controls to Mitigate Risk at Endpoints ............................................................. 25 Table 3. Example of a Data Classification Schema .................................................................................. 43 Table 4. Suggested Procedures for Data Disclosure ............................................................................... 44 Table 5. Security Methods to Protect Data ............................................................................................ 45 Table 6. Data Channels for Enforcing Data Policies ................................................................................ 48 Table 7. Expanding DLP to Other Data Channels .................................................................................... 49 Table 8. Recommended Timeframes for Mitigating IT Vulnerabilities ................................................... 68 Table 9. Factors for Consideration in Penetration Test Planning ............................................................ 69 Table 10. Example Incident Response Plays for IR Playbooks ................................................................ 75 Table 11. Roles and Responsibilities for an Organizational CIRT ............................................................ 79 Table 12. Timeframes for Resolving Medical Device Vulnerabilities ...................................................... 92 Table 13. Incident Response Plays for Attacks Against Medical Devices ............................................... 93 Table 14. Example Cybersecurity Policies for Consideration .................................................................. 97 Table 15. Acronyms and Abbreviations ................................................................................................. 100 2 Introduction This volume will help answer the question, “How do I mitigate the five threats that were outlined in the Main document?” The practices outlined in this volume are most appropriate for medium-sized and large organizations. This volume is for the technical practitioner; it contains technical details for implementing cybersecurity practices. It provides an overview of cybersecurity practices that have been outlined by the industry as highly effective at mitigating risks to the health care industry. This volume is an index of existing industry practices, with guidance on how to start your journey implementing these practices. Details and explanations of the cybersecurity practices are included for additional context where needed. Please consider these simple instructions when reading this volume: 1) If you are a medium-sized organization, start with the sub-practices labeled with the heading “Sub-Practices for Medium-Sized Organizations.” Feel free to consider the additional sub- practices as well. 2) If you are a large organization, consider implementing all the sub-practices listed in the document, including both those under the heading “Sub-Practices for Medium-Sized Organizations” and those labeled “Sub-Practices for Large Organizations.” 3 Cybersecurity Practices at Medium- Sized Health Care Organizations Medium-sized health care organizations perform critical functions for the health care and public health (HPH) sector. These organizations include critical access hospitals in rural areas, practice management organizations that support physician practices, revenue cycle or billing organizations, mid-sized device manufacturers, and group practices. Medium-sized health care organizations generally employ hundreds of personnel, maintain between hundreds and a few thousand information technology (IT) assets, and may be primary partners with and liaisons between small and large health care organizations. It is typical for a medium-sized organization to have several critical systems that are interconnected to enable work activities in support of the organization’s mission/ These organizations tend to have a diverse inventory of assets that support multiple revenue streams. They also tend to have narrow profit margins, limited resources, and limited flexibility to implement robust cybersecurity practices. For example, it is rare for a medium-sized organization to have its own dedicated 24x7x365 security operations center (SOC) Medium-sized organizations tend to focus on preventing cybersecurity events, implementing rigid security policies, with few exceptions permitted. This rigidity is often due to insufficient resources to support more open and flexible cybersecurity models, such as those larger organizations can often afford. Medium-sized organizations usually struggle to obtain cybersecurity funding that is distinct from their standard IT budgets. The top security professional in an organization of this size might often feel overwhelmed by compliance and cybersecurity duties, wear multiple hats, and experience constraints around execution plans. Medium-sized organizations operate in complex legal and regulatory environments that include but are not limited to the following: The Office of the National Coordinator for Health Information Technology (ONC) regulations for interoperability of Certified Electronic Health Information Technology The Medicare Access and hildren’s Health Insurance Program Reauthorization Act of 2015 (MACRA)/Meaningful Use Multiple enforcement obligations under the Food and Drug Administration (FDA) The Joint Commission accreditation processes The Health Insurance Portability and Accountability Act (HIPAA)/Health Information Technology Economic and Clinical Health Act (HITECH) requirements The Payment Card Industry Data Security Standard (PCI-DSS) Substance Abuse and Mental Health Services Administration (SAMHSA) requirements The Gramm-Leach-Bliley Act for financial processing The Stark Law as it relates to providing services to affiliated organizations The Family Educational Rights and Privacy Act (FERPA) for those institutions participating within Higher Education 4 The Genetic Information Nondiscrimination Act (GINA) The new General Data Protection Regulation (GDPR) in the European Union IT Assets Used by Medium-Sized Organizations Medium-sized organizations may have up to a few thousand IT assets, with a mix of dozens to a hundred information systems. All assets may have cybersecurity vulnerabilities and are susceptible to cyber threats. There are three important factors in securing assets: (1) understanding their relationship within the organization’s IT ecosystem; (2) understanding how the workforce leverages and uses the assets; and (3) understanding the data that are generated, stored, and processed within those assets. Not all assets are equally important; some are mission critical and must always be fully operational, while others are less critical, and might even be offline for days or weeks without harming the organization’s mission. Some assets have large repositories of sensitive data that represent significant risk, but are not as critical to the enterprise’s business. In all cases, the organization uses IT assets for business reasons and should protect those assets with proper cyber hygiene controls. Examples of assets
Load more

Recommended publications
  • Interpreting the CBCT Data Volume Part I
    MilesCE_Supp_Layout 1 7/8/11 12:59 PM Page FC1 Educational Supplement 2 ADA CERP CE Credits Orthotown is pleased to offer you continuing education. You can read the following CE article, take the post-test and claim your CE credits. See instructions on page 6. This CE course is supported by an unre- Farran Media, LLC, is an ADA CERP Recognized provider. ADA CERP is a service of the American Dental Association to assist dental professionals in identifying quality providers of continuing dental education. ADA CERP does not approve or endorse stricted grant from Cybermed, Inc. This individual courses or instructors, nor does it imply acceptance of credit hours by boards of dentistry. course offers two ADA CERP CE Credits. For more information, please visit http://www.towniecentral.com/orthotown/onlineCE.aspx MilesCE_Supp_Layout 1 7/7/11 12:26 PM Page 1 Part 1: Interpreting the CBCT Data Volume in Orthodontic Cases: You Should See What You May Be Missing! by Dale A. Miles, DDS, MS, FRCD(C) This is a two-part article designed to help clinicians The Skull and Its Contents understand the more common findings they will encounter in Most commonly there are physiologic calcifications seen the anatomic regions they capture in larger field-of-view within the skull on large field-of-view CBCT machines. (FOV) CBCT machines. Many of these findings will also be These include the more common calcifications of the pineal seen in smaller FOV machines when the volume capture is gland, choroid plexuses and falx cerebri. Although calcifica- moved around to view things like the temporomandibular tion of the falx cerebri is seen in the nevoid basal cell carci- joint or third molar regions.
    [Show full text]
  • Comparison of Two Software Programs in Voxel-Based Superimposition of CBCT Images
    @2019 JCO, Inc. May not be distributed without permission. www.jco-online.com Comparison of Two Software Programs in Voxel-Based Superimposition of CBCT Images TAREK ELSHEBINY, BDS, MSD SHERIF ELBARNASHAWY, BDS EHAB BENNASIR, BDS, MSD MOHAMED ADEL NADIM, BDS, MSD, PhD JUAN MARTIN PALOMO, DDS, MSD hile introducing the cephalometer in 1931, Broadbent proposed a tech- nique for superimposing successive cephalometric films as a way to Wstudy the physical changes caused by facial growth over time.1 This approach eventually became a standard component of orthodontic records. Since Broadbent, various authors have developed other methods of super- imposing serial cephalograms in the horizontal and vertical dimensions.2,3 An overall superimposition is usually performed on the cranial base to eval- uate growth and treatment outcomes by indicating changes in the maxillary and mandibular arches; regional superimpositions of the maxilla or mandible show dentoalveolar changes. A third dimension has always been lacking The resolution of a CBCT image is deter- in traditional cephalometric analysis and superim- mined by the individual volume elements (voxels) position, even though its importance in orthodon- produced from the volumetric dataset.5 A voxel is tic and surgical planning has been emphasized for the three-dimensional equivalent of the pixel in decades. Several attempts have been made to vi- two-dimensional images. The size of a voxel is sualize this third dimension,3-5 but it was the ad- defined by its height, width, and depth; the voxels vent of cone-beam computed tomography (CBCT) in CBCT scans are usually isotropic.6 The mono- and related software that enabled the assessment chromatic gray color of a voxel represents its den- of all three dimensions in clinical practice.
    [Show full text]
  • Electrode Position and the Clinical Outcome After Bilateral Subthalamic Nucleus Stimulation
    ORIGINAL ARTICLE Neuroscience http://dx.doi.org/10.3346/jkms.2011.26.10.1344 • J Korean Med Sci 2011; 26: 1344-1355 Electrode Position and the Clinical Outcome after Bilateral Subthalamic Nucleus Stimulation Sun Ha Paek1,2,5,6,7, Jee-Young Lee1,3, We compared the surgical outcome with electrode positions after bilateral subthalamic Han-Joon Kim1,3, Daehee Kang4, nucleus (STN) stimulation surgery for Parkinson’s disease. Fifty-seven patients treated with Yong Hoon Lim1, Mi Ryoung Kim1, bilateral STN stimulations were included in this study. Electrode positions were determined Cheolyoung Kim8, Beom Seok Jeon1,3,5 in the fused images of preoperative MRI and postoperative CT taken at six months after 1,2 and Dong Gyu Kim surgery. The patients were divided into three groups: group I, both electrodes in the STN; group II, only one electrode in the STN; group III, neither electrode in the STN. Unified 1Movement Disorder Center and Clinical Research Institute, Seoul National University Hospital, Seoul; Parkinson’s Disease Rating Scale (UPDRS), Hoehn and Yahr stage, and activities of daily Departments of 2Neurosurgery and 3Neurology, living scores significantly improved at 6 and 12 months after STN stimulation in both group Seoul National University Hospital, Seoul; I and II. The off-time UPDRS III speech subscore significantly improved (1.6 ± 0.7 at 4 Department of Preventive Medicine, Seoul National baseline vs 1.3 ± 0.8 at 6 and 12 months, P < 0.01) with least L-dopa equivalent daily University College of Medicine, Seoul; 5Neuroscience Research Institute, 6Ischemia dose (LEDD) (844.6 ± 364.1 mg/day at baseline; 279.4 ± 274.6 mg/day at 6 months; and Hypoxia Disease Institute and 7Cancer Research 276.0 ± 301.6 mg/day at 12 months, P < 0.001) at 6 and 12 months after STN deep brain Institute, Seoul National University College of stimulation (DBS) in the group I.
    [Show full text]
  • Delivering Results to the Inbox Sailthru’S 2020 Playbook on Deliverability, Why It’S Imperative and How It Drives Business Results Introduction to Deliverability
    Delivering Results to the Inbox Sailthru’s 2020 Playbook on Deliverability, Why It’s Imperative and How It Drives Business Results Introduction to Deliverability Every day, people receive more than 293 billion Deliverability is the unsung hero of email marketing, emails, a staggering number that only represents ultimately ensuring a company’s emails reach their the tip of the iceberg. Why? The actual number intended recipients. It’s determined by a host of of emails sent is closer to 5.9 quadrillion, with the factors, including the engagement of your subscribers overwhelming majority blocked outright or delivered and the quality of your lists. All together, these factors to the spam folder. result in your sender reputation score, which is used to determine how the ISPs treat your email stream. Something many people don’t realize is that to the Deliverability is also a background player, so far in the major Internet Service Providers (ISPs) — Gmail, shadows that many people don’t think about it, until Yahoo!, Hotmail, Comcast and AOL — “spam” there’s a major issue. doesn’t refer to marketing messages people may find annoying, but rather malicious email filled with That’s why Sailthru’s deliverability team created this scams and viruses. In order to protect their networks guide. Read on to learn more about how deliverability and their customers, the ISPs cast a wide net. If a works on the back-end and how it impacts revenue, message is deemed to be spam by the ISP’s filters, it’s your sender reputation and how to maintain a good dead on arrival, never to see the light of the inbox, as one, and best practices for list management, email protecting users’ inboxes is the top priority of any ISP.
    [Show full text]
  • Spam, Spammers, and Spam Control a White Paper by Ferris Research March 2009
    Spam, Spammers, and Spam Control A White Paper by Ferris Research March 2009. Report #810 Ferris Research, Inc. One San Antonio Place San Francisco, Calif. 94133, USA Phone: +1 (650) 452-6215 Fax: +1 (408) 228-8067 www.ferris.com Table of Contents Spam, Spammers, and Spam Control................................................3 Defining Spam.................................................................................3 Spammer Tactics .............................................................................3 Sending Mechanisms.................................................................4 Spammer Tricks.........................................................................4 Techniques for Identifying Spam ....................................................5 Connection Analysis..................................................................5 Behavioral Analysis...................................................................6 Content Scanning.......................................................................6 Controlling Spam: How and Where ................................................7 The Key Role of Reputation Services .......................................7 Conclusion: An Arms Race.............................................................8 Trend Micro Interview........................................................................9 Ferris Analyzer Information Service. Report #810. March 2009. © 2009 Ferris Research, Inc. All rights reserved. This document may be copied or freely reproduced provided you
    [Show full text]
  • Periodontal Measurement on Digital Images Reveals Risk of Overestimation in Clinical Periodontal Probing in Periodontitis Patients
    Periodontal Measurement on Digital Images Reveals Risk of Overestimation in Clinical Periodontal Probing in Periodontitis Patients Hye-Min Chung Yonsei University College of Dentistry Jin-Young Park Yonsei University College of Dentistry Kyung-A Ko Yonsei University College of Dentistry Seong-Ho Choi Yonsei University College of Dentistry Jung-Seok Lee ( [email protected] ) Yonsei University College of Dentistry Research Article Keywords: Periodontitis, gingivitis, imaging, diagnosis Posted Date: June 30th, 2021 DOI: https://doi.org/10.21203/rs.3.rs-654031/v1 License: This work is licensed under a Creative Commons Attribution 4.0 International License. Read Full License Page 1/11 Abstract Aim: To compare the supra-alveolar gingival dimension (GD) and the clinical pocket probing depth (PD) by combining data from an intraoral scanner (IOS) and cone-beam computed tomography (CBCT), and identify the clinical features affecting the clinical PD. Materials and Methods: 1,071 sites from 11 patients were selected for whom CBCT, IOS images, and periodontal charts were recorded at the same visit. CBCT and IOS data were superimposed. GD was measured on cross-sectional images of the probed sites. The level of agreement and correlation between GD and PD were assessed for the entire population and also within groups (treated vs untreated, bleeding on probing [BOP] vs no BOP, and PDs of 0–3 mm vs 4–5 mm vs ≥6 mm). Results: The difference between GD and PD was 0.82±0.69 mm (mean±standard deviation), and they were positively correlated (r=0.790, p<0.001). The mean difference was smaller for sites with PD ≥4 mm than for those with a PD of 0–3 mm.
    [Show full text]
  • The Effect of Amniotic Chorion Membrane on Tissue Biotype, Wound Healing and Periodontal Regeneration
    IOSR Journal of Dental and Medical Sciences (IOSR - JDMS) e - ISSN: 2279 - 0853, p - ISSN: 2279 - 0861.Volume 17, Issue 12 Ver. 4 (December. 2018), PP 61 - 69 www.iosrjournals.org The Effect of Amniotic Chorion Membrane on Tissue Biotype, Wound Healing and Periodontal Regeneration Maha R. Taala b 1 , Raneem M. Gamal 2 1,2 Oral Medicine, Periodontology, Oral Diagnosis and Radiology Department, Faculty of Dentistry, Alexandria University, Alexandria, Egypt. Corresponding Author: Maha R. Taalab A bstract : Amniotic chorion membrane is considered to be a promising treatment modalities for furcation involvement . The aim of this study was to evaluate clinically and radiographically the effect of using Amniotic chorion membrane (ACM) in conjunction to alloplast bone graft in the management of grade II furcation involvement and to assess its effect on tissue biotype an d healing at the furcation area. This study was conducted on fourteen patients with fourteen furcation defects grade II. Patients were divided into two equal groups: Test group: were treated by alloplast bone graft and amnion chorion membrane, and control group: were treated with alloplast bone graft and collagen membrane. Soft tissue examination and hard tissue measurements with cone - beam computed tomography were performed. Test group has shown better healing, more gain in clinical attachment loss, impro ve tissue biotype and enhanced bone formation when compared to the control group. It was concluded that, ACM can promote periodontal regeneration, improve tissue biotype and enhance healing of periodontal wounds. ------------------------------------------- -------------------------------------------------------------------------- ------------- ----- Date of Submission: 27 - 11 - 2018 Date of accep tance: 10 - 12 - 2018 -------------------------- --------------------------------------------------------------------------------------------- ------------- --- I. Introduction Tissue biotype is a critical factor that determines the result of dental treatment.
    [Show full text]
  • Tca Ballot 06 REVISED.Qxd
    Ballot Anesthesiology LumaCool Whitening System & LumaWhite Plus – LumaLite, Inc. LUMIBrite Chairside Whitening – Den-Mat Holdings LLC Anesthetics – Local (Injected) Meta – Remedent Inc. Astra Zeneca Niveous – Shofu Dental Corporation COOK-WAITE – Carestream Dental Opalescence Boost – Ultradent Products, Inc. Septocaine – Septodont Perfect Bleach Office – VOCO America, Inc. Xylocaine, Polocaine, Citanest – DENTSPLY Professional Perfection White – Premier Dental Pola Office Plus – SDI (North America) Inc. Anesthetics – Technique System ProphyWhite – Life-Like Cosmetic Solutions Comfort Control – DENTSPLY Professional Rapid Rx In Office Teeth Whitening – Nu Radiance, Inc. DentalVibe Injection Comfort System – DentalVibe Rembrandt Products – Johnson & Johnson Healthcare Products Onset – Precision Buffering of Local Anesthetics – Onpharma Inc. Venus White Max – Heraeus STA System – Milestone Scientific Visible White Chairside – Colgate-Palmolive Co. X-Tip Intraosseus Anesthetic Delivery System – ZOOM! – Philips Consumer Lifestyle DENTSPLY Maillefer Cosmetic Bleaching – Take-Home system Anesthetics – Topicals AcquaBrite Nightime – Acquamed Technologies, Inc. Behzocaine Oral Anesthetic Gel – DENTSPLY Professional Dr. Collins All White Bleaching System – CaineTips – J. Morita USA, Inc. Dr. Collins Dental Products Denti-Care Denti-Freeze Topical Anesthetic Gel – Medicom Fluorescent Whitening System – Vista Dental Products EMLA – Astra Zeneca GC TiON – GC America Inc. GumNumb – Crosstex International KoR Whitening Deep Bleaching System – Hurricane
    [Show full text]
  • The Use of Cone-Beam Computed Tomography in Furcation Defects Diagnosis
    10.1515/bjdm-2016-0023 Y T E I C O S L BALKAN JOURNAL OF DENTAL MEDICINE A ISSN 2335-0245 IC G LO TO STOMA The Use of Cone-Beam Computed Tomography in Furcation Defects Diagnosis SUMMARY M. Cimbaljevic, J. Misic, S. Jankovic, Background: The use of cone-beam computed tomography (CBCT), as N. Nikolic-Jakoba an additional diagnostic tool in daily dental practice, has expanded rapidly School of Dental Medicine in recent years. Since CBCT allows assessment of dento-maxillofacial Department of Periodontology structures in three-dimensional manner, its use may be very tempting in University of Belgrade alveolar bone furcation defects (FDs) diagnosis. Belgrade, Serbia Aim: The aim of this study was to determine the impact of clinical experience and experience with CBCT on FD detection in patients with periodontitis. Material and Methods: Fifteen patients with chronic generalized severe periodontitis were included in the study. In total, 168 furcation sites were analyzed on CBCT images by a previously trained senior year undergraduate student (O1) and a PhD student with three years of CBCT experience (O2), and compared to clinical findings (probing). CBCT images were analyzed on two separate occasions, within a 7-day interval. FDs were assessed both clinically and on CBCT images, using a dichotomous scale (present/absent). Intraobserver agreement for each observer was calculated by using Kappa coefficient (k). Interobserver agreement and agreement between CBCT and clinical findings for both observers were calculated. Results: Kappa coefficient value for both observers indicated a high intraobserver agreement (k1=0.75; k2=0.94). Interobserver agreement of CBCT image analyses was present in 72.6% (73.0% in maxilla, 71.7% in mandible).
    [Show full text]
  • NOV 2 3 2005 H 3
    NOV 2 3 2005 h 3 510(k) Submission - Vimplant 510(k) Summary This summary of 51 0(k) safety and effectiveness information is being submitted in accordance with requirements of 21 CFR Part 807.92. Date: Aua 29. 2005 1. Company and Correspondent making the submission: Name - CyberMed, Inc. Address - #504 SJ Technoville- Gasan-dong 60-19, Geumcheon-gu, Seoul, 153-710, Korea Telephone - +82-2-3397-3970 Fax - +82-2-3397-3971 Contact - Mr. Song Nak Choi/ Manager Internet - http://www.cybermed.co.kr 2. Device: Trade/proprietary name :Vimplant Common Name :Dental implant simulation software Classification Name :Picture archiving and communications system 3. Predicate Devices : Manufacturer :MATERIALISE N.V. Device :SimPlant System 510(k) Number :K033849 (Decision Date - 05/25/2004) Manufacturer: CyberMed, Inc. Device: V-workSTM 510(k) Number: K01 3878 (Decision Date - 12/07/2001) 4. Classifications Names & Citations: 21CFR 820.2050, LLZ, Picture archiving and communications system, Class2 5. Description: 1) General Description Cyber~ed, Inc. 01)011(12 510O(k) Submission - Vimplant Vlmplant TM is a dental implant simulation software for dentists and implantologists. By use of VlmplantTm, dental practicians can plan and practice their surgery in advance so they can reduce some risks which can happen during their real surgery. Vlmplan tTM provides very useful and needful functions. it contains functions of implant simulation, manipulation with 2D and 3D mode, nerve identification, and evaluation of bone density. By using Vimplant TM, dental practicians can quickly and easily simulate implant surgery on their desktop PCs. This enables them to conduct implant surgery more effectively by isolating the exact implant position site and angle and to assist in deciding the proper implant diameter, length, etc.
    [Show full text]
  • Email Authentication Faqs V3
    Email Authentication GUIDE Frequently Asked QUES T ION S T OGETHER STRONGER EMAIL AUTHENTICATION Marketers that use email for communication and transactional purposes should adopt and use identification and authentication protocols.” This document will explain what authentication is – includ- ing some recommendations on what you should do as an email marketer to implement these guidelines within your organization. * This Guide should not be considered as legal advice. It is being provided for informational purposes only. Please review your email program with your legal counsel to ensure that your program is meeting appropriate legal requirements. THIS COMPLIANCE GUIDE COVERS: Basics of Email Authentication Technologies Basic FAQs on the DMA’s Email Authentication Guidelines Implementation: Complementary Types of Email Authentication Systems Beyond Authentication: Email Reputation Email Authentication Resources for Marketers 1. What Do the DMA’s Email Authentication Guidelines Require? The DMA’s guidelines require marketers to choose and implement authentication technolo- gies in their email systems. It is up to your company to decide what kind of authentication protocol to use, though all are recommended based on current-day trends. The DMA does not require nor endorse the use of any specific protocol, as there are several interoperable, inexpensive, and easy to implement solutions available today. 2. Why does the DMA Require Members to Authenticate Their Email Systems? The DMA requires its members to authenticate their email systems primarily because mailbox providers (aka ISPs, MSPs or receivers) are increasingly requiring authentication. This strongly aligns with a growing trend in the email deliverability industry that’s leaning more towards domain-based reputation (as opposed to IP-based reputation a couple of years ago).
    [Show full text]
  • WHITE PAPER Email Deliverability Review
    WHITE PAPER Email DELIVeraBility REView dmawe are the White Paper Email Deliverability Review Published by Deliverability Hub of the Email Marketing Council Sponsored by 1 COPYRIGHT: THE DIRECT MARKETING ASSOCIATION (UK) LTD 2012 WHITE PAPER Email DELIVeraBility REView Contents About this document ...............................................................................................................................3 About the authors ...................................................................................................................................4 Sponsor’s perspective .............................................................................................................................5 Executive summary .................................................................................................................................6 1. Major factors that impact on deliverability ..............................................................................................7 1.1 Sender reputation .............................................................................................................................7 1.2 Spam filtering ...................................................................................................................................7 1.3 Blacklist operators ............................................................................................................................8 1.4 Smart Inboxes ..................................................................................................................................9
    [Show full text]