Articles about DMARC

New research from EasyDMARC reveals that just 7.7 percent of the world's top 1.8 million email domains are fully protected against phishing and spoofing, having implemented the most stringent DMARC policy.

While this configuration, known as 'p=reject', actively blocks malicious emails from reaching inboxes, many businesses have only adopted the passive monitoring setting known as 'p=none', which passively monitors inboxes for threats without intercepting them. This means it doesn't block fraudulent emails or provide full visibility into authentication failures.

Continue reading →

I’ve got some bad news for you, email administrators -- your Monday may be getting a lot worse. You see, starting today, Microsoft has officially begun rejecting high-volume emails that don’t meet its new authentication rules.

Here’s the deal. If you send more than 5,000 messages per day to Outlook.com addresses (including hotmail.com and live.com) and you’re not properly set up with SPF, DKIM, and DMARC, your emails may never arrive. Yikes.

Continue reading →

Malicious actors are increasingly exploiting email to impersonate brands, launch phishing campaigns, and spread false information -- often using sophisticated methods made simpler by emerging technologies.

A new report from Valimail shows that email continues to be the most exploited attack vector for cybercriminals and disinformation campaigns, with artificial intelligence dramatically increasing the sophistication of these threats.

Continue reading →

Inconsistent adoption of DMARC standards is leaving 60 percent of US healthcare organizations that have already reported breaches exposed to a second attack.

The study from Red Sift looks at breaches reported to the US Department of Health and Human Services (HHS) during 2023-2024 shows that of 101 companies analyzed, 61 percent remain unprotected, with 33 having no DMARC policy and 28 lacking any data on DMARC.

Continue reading →

A year on from Google and Yahoo implementing stricter requirements for bulk email senders, the rate of DMARC adoption has more than doubled.

A new study from Red Sift, based on the tracking of 72.85 million apex domains, shows the number of organizations adopting DMARC is up 2.32 million as of 18 December 2024.

Continue reading →

Malicious actors have been quick to exploit AI, but often security teams are under-equipped with AI solutions to ensure adequate defense.

Red Sift is launching an upskilled LLM assistant that identifies and diagnoses misconfigurations and exposures across email, domains, and internet-facing assets, supporting security teams to prevent incidents before they happen.

Continue reading →

Phishing remains a significant threat to organizations. A new report from Darktrace shows 17.8 million phishing emails detected across its customer fleet between December 21, 2023, and July 5, 2024. Alarmingly, 62 percent of these emails successfully bypassed DMARC checks.

Cybercriminals are embracing more sophisticated tactics, techniques and procedures designed to evade traditional security parameters.

Continue reading →

New email rules from major providers mean that businesses need to adopt the DMARC standard in order to ensure that their emails get delivered.

But while the new rules have received a good deal of publicity there hasn't been much attention paid to those not running their own mail server and relying on a third-party mail services.

Continue reading →

Only 61 percent of manufacturing businesses have adopted DMARC, with 19 percent of the total manufacturers analyzed having adopted the most stringent 'p=reject' DMARC policy.

New research from email security provider EasyDMARC, which surveyed almost 5,000 global manufacturing companies, finds 43 percent of those with DMARC use a low-security DMARC policy that allows suspicious emails to reach inboxes but enables reporting on such activity.

Continue reading →

Despite them being widely publicized, Google and Yahoo's new email rules still risk catching out many businesses.

New research from EasyDMARC finds that, despite the email providers warning customers that failure to implement the DMARC security standard could lead to diminishing email deliverability, only 37 percent of IT decision-makers have rolled out the security measure.

Continue reading →

New research from email security provider EasyDMARC finds that 25 percent of e-commerce retailers expect to see a notable drop in email deliverability following Yahoo and Google's email authentication policy changes.

Both Google's sender guidelines and Yahoo's sender requirements and recommendations have stated that failure to comply with the new sending standards could negatively impact email delivery. For e-commerce providers that rely on email as a marketing and customer communications channel, these measures could negatively impact customer engagement and sales.

Continue reading →

Back in October 2023, Google and Yahoo jointly announced new email sender requirements for inbound mail to their domains that they would be putting in place early in 2024, requirements that, for now, are focused on bulk senders. 

This announcement and its subsequent updates have rightly gotten the full attention of the email industry. However, there was one other item buried in Google’s announcement that we don’t think people are talking about enough. One of the bullet items in Gmail’s guidelines reads as follows:

Continue reading →

New research from cyber resilience company Red Sift shows that 33 percent of publicly traded companies worldwide are not protected by the DMARC email standard, though this is down from 70.5 percent in 2022.

However, in light of Google and Yahoo's new rules for bulk senders -- those sending over 5,000 emails daily -- which come into force on February 1st and are aimed at reducing spam, not using DMARC is a problem.

Continue reading →

As students at schools and colleges in the UK begin to return after the summer break, new research shows that 96 percent of the top 50 state secondary schools, 92 percent of the top 50 sixth-form colleges and 80 percent of the top 50 universities in the UK are lagging behind on basic cybersecurity measures, leaving students, staff and partners at risk of email-based impersonation attacks.

The research from cybersecurity company Proofpoint is based on an analysis of DMARC adoption and reveals that 70 percent of UK schools are currently taking no steps to protect themselves from domain impersonation by having no published DMARC record.

Continue reading →

Many organizations around the world are opting to pay ransoms to cybercriminals in order to buy back ownership of their data. But this can leave them open to further risk of attack.

Gerasim Hovhannisyan, CEO and co-founder of EasyDMARC, believes it's wrong to pay up and that it's better to establish good defenses. We spoke to him to find out why.

Continue reading →