250ok, an Indianapolis-based email intelligence platform, today released their report, Global DMARC Adoption 2019, revealing 79.7% of all domains analyzed have no DMARC policy in place. By implementing DMARC, brands lower the odds of their domains being spoofed and used for phishing attacks on recipients. The result of a domain not implementing any form of DMARC policy is exposing its recipients to possible phishing attacks and, unsurprisingly, 91% of all cyber attacks begin with a phishing email.
Phishing and spoofing attacks against consumers are likely to occur when companies do not have published Sender Policy Framework (SPF), DomainKeys Identified Mail (DKIM), and Domain-based Message Authentication, Reporting and Conformance (DMARC) policies in place. DMARC is considered the industry standard for email authentication to prevent attacks in which malicious third parties send harmful email using a counterfeit address.
“Given the information available on the risks associated with leaving your domain unprotected, it’s shocking the number of brands that still don’t understand the importance of DMARC,” said Matthew Vernhout, director of privacy at 250ok. “Until we reach a place where email receivers require proper authentication on all emails, including DMARC implementation, the onus is on brand leaders to keep their customers and employees safe from phishing.”
250ok’s Global DMARC Adoption 2019 report analyzed domains across multiple sectors including education, e-commerce, Fortune 500, US government (Executive, Legislative and Judicial), the China Hot 100, the top 100 law firms, international nonprofits, the SaaS 1000, financial services, and travel. The report looks into whether the organization or parent domain, excluding any subdomains, implement any level of DMARC policy from none (good), quarantine (better), reject (best) or if they had no policies whatsoever.
Key takeaways from select sectors include:
- For the second year in a row, Chinese companies are the least likely to adopt any DMARC policy, with 93.5% of domains having no policy in place.
- Non-profit organizations are largely failing to adopt DMARC (91.4% have no policy in place) while they continue to hold a significant amount of personal data.
- Only 23% of companies in the Fortune 500 have some form of DMARC policy despite being the largest US companies by revenue.
- The SaaS 1000 is the best non-public vertical surveyed, with only 54% without a policy in place.
- The travel industry is well behind overall averages with 86% of all domains having no policy in place and only 1% having a reject policy.
- The Executive branch of the government leads all verticals with 81.5% of all their domains enacting a reject policy.
- Law firms have the greatest increase in overall adoption from 2018 to 2019, with a 19% increase. European and U.S. retailers had the second and third greatest increases with 14.8% and 12.5% overall adoption respectively.
- The sectors with the smallest increase of overall DMARC adoption from 2018 to 2019 include the China Hot 100 with only a 1.9% increase, and U.S. nonprofits with a 2.8% increase.
A 2018 study from the Anti-Phishing Working Group reported a decline in reported phishing attacks during Q4 2018. However, this is not due to fewer attacks, but instead the growing complexity of phishing attacks. Thanks to new tactics like multiple redirects and valid security certificates, phishing is harder to detect than ever before. In fact, there was a 29.8% increase in phishing scams targeting SaaS companies in an attempt to get data and credentials.
To view the full report, visit 250ok.com. To learn more about 250ok DMARC, backed by expert customer support and designed to simplify the management of your own policy, please visit 250ok.com/tour/dmarc/.
250ok is a SaaS platform bringing marketers advanced insights into email deliverability, design, sender reputation, fraud protection, and consumer engagement—the ultimate email intelligence add-on to any ESP. Headquartered in Indianapolis, Indiana, 250ok’s platform provides email data and insights for a large and growing number of businesses in categories ranging from travel, publishing, tech, and retail—including three of the top six US retail eCommerce companies by sales share in 2018.