Up to a third of companies could fall foul of new bulk email rules
New research from cyber resilience company Red Sift shows that 33 percent of publicly traded companies worldwide are not protected by the DMARC email standard, though this is down from 70.5 percent in 2022.
However, in light of Google and Yahoo's new rules for bulk senders -- those sending over 5,000 emails daily -- which come into force on February 1st and are aimed at reducing spam, not using DMARC is a problem.
Under the new requirements businesses must authenticate the domains they send from, this includes:
- Publishing a DMARC policy for each domain that sends mail with at least a policy of 'none'.
- Setting up SPF and DKIM for each domain that sends mail. Note that both SPF and DKIM are required, unlike with DMARC which only requires one or the other.
- Aligning the domain in the sender's
From:header with either the SPF domain or the DKIM domain (for direct mail only). - Ensuring that sending domains or IPs have valid forward and reverse DNS records using a Forward Confirmed DNS (FcrDNS).
According to Red Sift's BIMI Radar the percentage of large enterprises likely to fail the new requirements varies around the world. In the US only 6.52 percent are likely to fail, followed by France on 10.47 percent, in the UK its 14.58 percent, while Japan and Korea come bottom of the table both with 50 percent not meeting the requirements.
The report's authors conclude, "At Red Sift, we foresee these requirements from Google and Yahoo to be just the first step in ensuring that domains are fully authenticated. We foresee DMARC enforcement being the next logical step to the February 2024 requirements as those that meet the new requirements are essentially ready for DMARC enforcement."
You can read more on the Red Sift blog.
Image credit: SIphotography/depositphotos.com