Most enterprise attempts at email authentication fail
A new study shows that 75 percent of large businesses attempting implementation of the DMARC email authentication standard are not presently capable of using it to block unauthorized email.
This means that enterprises are putting their own security, compliance, and brand protection at risk. Automated mail authentication specialist ValiMail looked at email authentication policies for more than a million business domain names, including those of Fortune 1000, NASDAQ 100, and FTSE 100 businesses.
"Our investigation showed that using email authentication to monitor and control unauthorized email is extremely difficult for the majority of global companies," says ValiMail's CEO Alexander García-Tobar. "You might expect larger businesses with more resources to do a better job of governing the email going out under their names, but we found that most of them still miss the mark".
Among the report's findings are that of companies attempting to implement email authentication, nearly 75 percent have not proceeded all the way to enforcement. The percentage of sites attempting email authentication varies directly with size. NASDAQ 100 companies leads the way with 43 percent attempting authentication, but smaller companies are decreasingly likely to do so.
However, the likelihood of failure is remarkably consistent across all measured groups, regardless of size. The failure rate ranges from 62 percent to 80 percent, with most indexes clustering around 75 percent.
"These results illustrate the difficulty in implementing email authentication correctly," says García-Tobar. "Though the DMARC, SPF, and DKIM standards that enable email authentication are highly effective when done right, they’re poorly understood, counter intuitive, and syntactically exacting. That leaves industry with the very high failure rate measured in our research".
ValiMail is offering a free domain check tool that can show whether a domain is authenticating properly and how exposed it is to phishing attacks and other misuse.
Image Credit: ktsdesign / Shutterstock