Global DMARC Adoption Report Reveals Nearly 80% of Companies Leave Consumer Data Vulnerable

Jul 18, 2019

250ok, an Indianapolis-based email intelligence platform, released their report, Global DMARC Adoption 2019, revealing 79.7% of all domains analyzed have no DMARC policy in place. By implementing DMARC, brands lower the odds of their domains being spoofed and used for phishing attacks on recipients. The result of a domain not implementing any form of DMARC policy is exposing its recipients to possible phishing attacks and, unsurprisingly, 91% of all cyber attacks begin with a phishing email.

Phishing and spoofing attacks against consumers are likely to occur when companies do not have published Sender Policy Framework (SPF), DomainKeys Identified Mail (DKIM), and Domain-based Message Authentication, Reporting and Conformance (DMARC) policies in place. DMARC is considered the industry standard for email authentication to prevent attacks in which malicious third parties send harmful email using a counterfeit address. 

250ok’s Global DMARC Adoption 2019 report analyzed domains across multiple sectors including education, e-commerce, Fortune 500, US government (Executive, Legislative and Judicial), the China Hot 100, the top 100 law firms, international nonprofits, the SaaS 1000, financial services, and travel. The report looks into whether the organization or parent domain, excluding any subdomains, implement any level of DMARC policy from none (good), quarantine (better), reject (best) or if they had no policies whatsoever.

Key takeaways from select sectors include:

  • For the second year in a row, Chinese companies are the least likely to adopt any DMARC policy, with 93.5% of domains having no policy in place.
  • Non-profit organizations are largely failing to adopt DMARC (91.4% have no policy in place) while they continue to hold a significant amount of personal data about their donors and volunteers.
  • Only 23% of companies in the Fortune 500 have some form of DMARC policy despite being the largest US companies by revenue.
  • The SaaS 1000 is the best non-public vertical surveyed. Out of 1,000 domains reviewed, only 54% do not have a policy in place.
  • The travel industry is well behind overall averages with 86% of all domains having no policy in place and only 1% having a reject policy.
  • The Executive branch of the government leads all verticals with 81.5% of all their domains enacting a reject policy.
  • Law firms saw the greatest increase in overall adoption from 2018 to 2019 with a 19% increase. European and U.S. retailers had the second and third greatest increases with 14.8% and 12.5% overall adoption respectively.
  • The sectors who saw the smallest increase of overall DMARC adoption from 2018 to 2019 include the China Hot 100 with only a 1.9% increase, and U.S. nonprofits with a 2.8% increase

Related Articles

Leading AI-driven video enhancement technology company offers new best-in-class solution allowing publishers to develop and post compelling Stories across a variety of platforms in real-time.