Many Companies Don't Use DMARC to Fight Phishing

By Karen A. Frenkel  |  Posted 09-15-2017 Email

The vast majority of Fortune 500 companies are "woefully unprotected against phishing," according to a new research report, "Agari Global DMARC Adoption Report: Open Season for Phishers." Those organizations and their customers remain vulnerable to domain spoofing and phishing attacks that impersonate their corporate email domains, the study found. London's FTSE 100 and Australia's ASX 100 were also analyzed. Cyber-criminals have responded to the lack of security policies by ramping up phishing activities to take advantage of vulnerabilities. "This type of fraud represents billions of dollars in losses per year and is completely preventable if organizations adopt an open standard called DMARC (Domain-based Message Authentication, Reporting and Conformance)," according to the study. The DMARC standard enables organizations to implement three levels of policies: monitor unauthenticated messages that are still delivered; quarantine them and move them to spam or junk folders; and reject and block them. Agari used its DMARC record tool to determine if an organization's domain had deployed a DMARC record, and, if so, what policy was implemented.

Karen A. Frenkel writes about technology and innovation and lives in New York City.


Submit a Comment

Loading Comments...
Manage your Newsletters: Login Register