DMARC usage increases, but 3 billion messages per day are still spoofing the sender’s identity.

The trends has been analysed in the adoption of Domain-based Message Authentication, Reporting and Conformance (DMARC), a vendor-neutral authentication protocol that allows email domain owners to protect their domain from unauthorized use, or “spoofing.”

Email scents cybercrime

Email remains a leading source for cybercrime, implicated in over 90% of all cyberattacks with the pandemic providing a new vantage point for these attacks.

Phishers readily deploy attacks, with the average phishing campaign lasting only 12 minutes, according to Google, which reports blocking 100 million phishing emails per day.

“Privacy laws already exist in Europe and parts of the United States, and if a company does any business in those areas, a DMARC policy at enforcement is essential,”.

“DMARC is not going away and the best thing a company can do is understand the potential exposure without it. By having valid email authentication in place, companies protect themselves and their customers from privacy violations. Without it, emails are sent without permission, fines are issues, confidential information is obtained and reputations sink. This wave is only a starting point. Companies must step up as the risk of going without enforcement will only get worse.”

DMARC protected domains: Key findings

  • 3 billion messages per day are spoofing the sender identity used in their “From” fields.
  • Domains without DMARC enforcement are 4.75x more likely to be the target of spoofing versus domains with DMARC enforcement.
  • 80% of all email inbox providers do DMARC checks on inbound email.
  • Nearly 1.28 million domain owners worldwide have configured DMARC for their domains, but only 14% of those are protected from spoofing by an enforcement policy.
  • 43.4% of domains have a DMARC at enforcement. Two percentage points higher than it stood in early 2020 and 3.5 percentage points higher than in early 2019.
  • The U.S. federal government leads with DMARC usage, with 74% of domains protected.
  • Global media companies and U.S. healthcare companies have the lowest rates of DMARC deployment and protection