Many Companies Don't Use DMARC to Fight Phishing

 
 
By Karen A. Frenkel  |  Posted 09-15-2017 Email
 
 
 
 
 
 
 
 
 
  • Previous
    Many Companies Don't Use DMARC to Fight Phishing
    Next

    Many Companies Don't Use DMARC to Fight Phishing

    Companies are vulnerable to domain spoofing and phishing attacks that impersonate their corporate email domains—often because they don't have DMARC policies.
  • Previous
    DMARC Records Are Lacking
    Next

    DMARC Records Are Lacking

    67% of Fortune 500 companies (337) do not have a DMARC record on their corporate domain. Of the remaining third, 124 companies have only a Monitor policy.
  • Previous
    DMARC Deployments Are Set Wrong
    Next

    DMARC Deployments Are Set Wrong

    92% of the DMARC deployments at the Fortune 500 companies surveyed are set to Monitor, instead of Quarantine or Reject, unauthenticated messages.
  • Previous
    Few Work to Prevent Digital Deception
    Next

    Few Work to Prevent Digital Deception

    Only 10% of the Fortune 500 companies have deployed a DMARC policy to prevent digital deception. 3% have a Quarantine policy, and 5% have a Reject policy.
  • Previous
    Sectors With Highest DMARC Adoption Rate
    Next

    Sectors With Highest DMARC Adoption Rate

    Business services: 60%, Financial services: 57%, Technology: 55%, Transportation: 53%
  • Previous
    Sectors With No DMARC Adoption
    Next

    Sectors With No DMARC Adoption

    Chemicals: 93%, Engineering and construction: 92%, Aerospace: 92%, Household products: 92%, Energy: 91%
  • Previous
    FTSE Stock Exchange Index Adoption Rates
    Next

    FTSE Stock Exchange Index Adoption Rates

    67% of companies on the Financial Times Exchange 100 Index (FTSE 100), which includes the top 100 companies on the London Stock Exchange, don't have a DMARC record in their corporate domain.
  • Previous
    FTSE Sectors With Highest DMARC Adoption Rate
    Next

    FTSE Sectors With Highest DMARC Adoption Rate

    Pharmaceuticals: 100%, Financial services: 40%, Energy and utilities: 37%, Retail: 33%
 

The vast majority of Fortune 500 companies are "woefully unprotected against phishing," according to a new research report, "Agari Global DMARC Adoption Report: Open Season for Phishers." Those organizations and their customers remain vulnerable to domain spoofing and phishing attacks that impersonate their corporate email domains, the study found. London's FTSE 100 and Australia's ASX 100 were also analyzed. Cyber-criminals have responded to the lack of security policies by ramping up phishing activities to take advantage of vulnerabilities. "This type of fraud represents billions of dollars in losses per year and is completely preventable if organizations adopt an open standard called DMARC (Domain-based Message Authentication, Reporting and Conformance)," according to the study. The DMARC standard enables organizations to implement three levels of policies: monitor unauthenticated messages that are still delivered; quarantine them and move them to spam or junk folders; and reject and block them. Agari used its DMARC record tool to determine if an organization's domain had deployed a DMARC record, and, if so, what policy was implemented.

 
 
 
 
 
Karen A. Frenkel writes about technology and innovation and lives in New York City.

 
 
 
 
 
 

Submit a Comment

Loading Comments...
 
Manage your Newsletters: Login Register