Why DMARC is critical to reducing spread of malicious emails
There is a fix that can prevent a great amount of email-born attacks on consumers and businesses. Unfortunately, the vast majority of public and private organizations globally, including leading cybersecurity companies, have not deployed DMARC (Domain-based Message Authentication, Reporting & Conformance) to prevent spammers and phishers from using an organization’s name to conduct cyber attacks, according to new research from the Global Cyber Alliance (GCA).
DMARC provides insight into any attempts to spam, phish or spear-phish using an organization’s brand or name. DMARC is supported by 85 percent of consumer email inboxes in the United States (including Gmail, Yahoo, Microsoft, etc.) and more than 2.5 billion email inboxes worldwide. However, DMARC adoption rates among enterprises and government remains low.
The UK Government’s guidance for government agencies directs them to implement DMARC but as of December 2016 only five percent of UK public sector domains had done so. A mere 16 percent of the healthcare sector has adopted DMARC.
The latest research from GCA, an international cross-sector organization dedicated to confronting systemic cyber risk, finds that adoption remains low in the cybersecurity industry as well.
Only 15 percent of the 587 email domains (that were scanned) for companies exhibiting at the RSA Conference use DMARC. Of the 90 RSA exhibiting organizations that do use DMARC, more than 66 percent use the DMARC policy of “none,” which only monitors for email domains, greatly reducing the effectiveness of DMARC.
It is time for the cybersecurity industry to lead the charge and push for DMARC use across the globe. GCA strongly advocates that organizations implement DMARC and has developed a free DMARC Setup Guide to make DMARC implementation easier.
The value of correctly implementing DMARC is clear as studies have shown that organizations that use DMARC correctly receive just 23 percent of the email threats that those who do not use DMARC.
“DMARC is one of the cybersecurity protocols that can broadly reduce risk, and the more it is implemented, the more protection if offers for everyone,” said Philip Reitinger, President and CEO of GCA.
“I’m placing a stake in the ground and calling on the cybersecurity industry to lead the adoption of DMARC, with a goal that 50 percent of the companies that exhibit at the 2018 RSA Conference implement DMARC prior to the conference, and that 90 percent implement prior to the 2019 RSA Conference. Working together the cybersecurity industry can be a role model and make a difference.”