Valimail said in a report issued Friday that use of the Domain Message Authentication Reporting and Conformance protocol (DMARC) is growing in both the public and private sectors, likely helped by the Department of Homeland Security (DHS) mandating its adoption across Federal agencies. DMARC is an email authentication protocol that verifies the authenticity of an email’s sender in order to prevent spoofing and phishing.
“Fake email is at the heart of cybersecurity risk–yet many companies are still not using open standards-based technologies that could protect themselves from these fakes,” Valimail noted in its report. “[Fake emails are] the technique used in as much as two-thirds of all phishing attacks–and phishing is involved in over 90 percent of all cyberattacks. Fake email is not just a nuisance–it’s a critical threat.”
In its third annual report, Valimail found encouraging results, for both the public and private sectors:
- The majority (80 percent) of Federal domains have published a DMARC record–up from 50 percent in last year’s report–an increase that Valimail called both dramatic and unprecedented.
- Of the Federal domains that deployed DMARC, 87 percent have successfully configured it to enforcement. Valimail called this a “standout success rate.”
- At least 50 percent of Fortune 500 and large U.S. tech companies have adopted DMARC.
- In the healthcare sector, nearly 30 percent of companies are using DMARC.
In less than encouraging results, Valimail found that global media entities, NASDAQ-listed companies, and global billion-dollar public companies rank the lowest in DMARC enforcement among the 11 categories surveyed. Additionally, outside of the public sector, on average only 20 percent of domains that deploy DMARC succeed at getting it to an enforcement policy–compared to the Federal government’s 87 percent.
To create its report, Valimail used “proprietary data” from its analysis of billions of email message authentication requests, as well as its analysis of nearly 17 million publicly accessible DMARC and Sender Policy Framework (another email authentication protocol) records.