Many Companies Don't Use DMARC to Fight Phishing
-
Many Companies Don't Use DMARC to Fight Phishing
Companies are vulnerable to domain spoofing and phishing attacks that impersonate their corporate email domains—often because they don't have DMARC policies. -
DMARC Records Are Lacking
67% of Fortune 500 companies (337) do not have a DMARC record on their corporate domain. Of the remaining third, 124 companies have only a Monitor policy. -
DMARC Deployments Are Set Wrong
92% of the DMARC deployments at the Fortune 500 companies surveyed are set to Monitor, instead of Quarantine or Reject, unauthenticated messages. -
Few Work to Prevent Digital Deception
Only 10% of the Fortune 500 companies have deployed a DMARC policy to prevent digital deception. 3% have a Quarantine policy, and 5% have a Reject policy. -
Sectors With Highest DMARC Adoption Rate
Business services: 60%, Financial services: 57%, Technology: 55%, Transportation: 53% -
Sectors With No DMARC Adoption
Chemicals: 93%, Engineering and construction: 92%, Aerospace: 92%, Household products: 92%, Energy: 91% -
FTSE Stock Exchange Index Adoption Rates
67% of companies on the Financial Times Exchange 100 Index (FTSE 100), which includes the top 100 companies on the London Stock Exchange, don't have a DMARC record in their corporate domain. -
FTSE Sectors With Highest DMARC Adoption Rate
Pharmaceuticals: 100%, Financial services: 40%, Energy and utilities: 37%, Retail: 33%
The vast majority of Fortune 500 companies are "woefully unprotected against phishing," according to a new research report, "Agari Global DMARC Adoption Report: Open Season for Phishers." Those organizations and their customers remain vulnerable to domain spoofing and phishing attacks that impersonate their corporate email domains, the study found. London's FTSE 100 and Australia's ASX 100 were also analyzed. Cyber-criminals have responded to the lack of security policies by ramping up phishing activities to take advantage of vulnerabilities. "This type of fraud represents billions of dollars in losses per year and is completely preventable if organizations adopt an open standard called DMARC (Domain-based Message Authentication, Reporting and Conformance)," according to the study. The DMARC standard enables organizations to implement three levels of policies: monitor unauthenticated messages that are still delivered; quarantine them and move them to spam or junk folders; and reject and block them. Agari used its DMARC record tool to determine if an organization's domain had deployed a DMARC record, and, if so, what policy was implemented.