DMARC adoption grows but expertise fails to keep pace
DMARC (Domain-based Message Authentication, Reporting and Conformance) is a vendor-neutral authentication protocol that allows email domain owners to protect their domains from unauthorized use or spoofing.
A new report from anti-phishing specialist Valimail reveals that as of January 2020, nearly a million (933,973) domains have published DMARC records -- an increase of 70 percent compared to last year, and more than 180 percent growth in the last two years.
In addition, 80 percent of all inboxes worldwide now do DMARC checks and enforce domain owners' policies. However, only 13 percent of all DMARC records are configured with enforcement policies, which indicates that interest in DMARC is increasing but DMARC expertise isn’t keeping pace.
"Given DMARC’s benefits, it comes as no surprise its rate of adoption has been growing consistently," says Alexander García-Tobar, CEO and co-founder of Valimail. "But publishing a DMARC record is just the first step -- enforcement must be reached before a domain is protected, and trust can be restored to email. There's an additional downside to not getting to enforcement: our research demonstrates that domains without DMARC policies at enforcement are spoofed nearly four times more often compared to domains with DMARC at enforcement. This is because fraudsters give up trying to spoof a domain once they realize it doesn't work, and move on to easier targets."
Among other findings are that around one percent of global email volume is sent using a spoofed domain, and the United States remains the largest source of spoofed email by volume. Russia, China, Vietnam and India continue to have a proportionally high number of spoofs among email originating from these countries.
Of US federal domains 79 percent now have DMARC records and 93 percent of those are at the enforcement stage, a tribute to the success of a 2017 directive from the Department of Homeland Security. This compares well to the private sector where only 23 percent of billion-dollar companies' domains are at DMARC enforcement.
You can download the full report from the Valimail site.
Image Credit: Balefire/Shutterstock