Many Companies Don't Use DMARC to Fight Phishing | CIO Insight

Many Companies Don’t Use DMARC to Fight Phishing

Sep 15, 2017
1 minute read

Companies are vulnerable to domain spoofing and phishing attacks that impersonate their corporate email domains—often because they don’t have DMARC policies.

Related: Why Enterprises Struggle to Stop Phishing Attacks

DMARC adoption statistics

  • DMARC records are lacking: 67 percent of Fortune 500 companies (337) do not have a DMARC record on their corporate domain. Of the remaining third, 124 companies have only a Monitor policy.
  • DMARC deployments are set wrong: 92 percent of the DMARC deployments at the Fortune 500 companies surveyed are set to Monitor—instead of Quarantine or Reject—unauthenticated messages.
  • Few policies work to prevent digital deception: Only 10 percent of the Fortune 500 companies have deployed a DMARC policy to prevent digital deception. 3 percent have a Quarantine policy, and 5 percent have a Reject policy.
  • Sectors with highest DMARC adoption rate:
    • Business services: 60 percent
    • Financial services: 57 percent
    • Technology: 55 percent
    • Transportation: 53 percent
  • Sectors with no DMARC adoption:
    • Chemicals: 93 percent
    • Engineering and construction: 92 percent
    • Aerospace: 92 percent
    • Household products: 92 percent
    • Energy: 91 percent
  • FTSE Index adoption rates: 67 percent of companies on the Financial Times Exchange 100 Index (FTSE 100)—which includes the top 100 companies on the London Stock Exchange—don’t have a DMARC record in their corporate domain.
  • FTSE sectors with the highest DMARC adoption rate:
    • Pharmaceuticals: 100 percent
    • Financial services: 40 percent
    • Energy and utilities: 37 percent
    • Retail: 33 percent

Read next: 2021’s Most Successful Phishing Ploys (So Far)

Karen A. Frenkel

Karen A. Frenkel is a contributor to CIO Insight. She covers cybersecurity topics such as digital transformation, vulnerabilities, phishing, malware, and information governance.

CIO Insight Logo

CIO Insight offers thought leadership and best practices in the IT security and management industry while providing expert recommendations on software solutions for IT leaders. It is the trusted resource for security professionals who need to maintain regulatory compliance for their teams and organizations. CIO Insight is an ideal website for IT decision makers, systems integrators and administrators, and IT managers to stay informed about emerging technologies, software developments and trends in the IT security and management industry.

Property of TechnologyAdvice. © 2026 TechnologyAdvice. All Rights Reserved

Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.