Companies are vulnerable to domain spoofing and phishing attacks that impersonate their corporate email domains—often because they don’t have DMARC policies.
Related: Why Enterprises Struggle to Stop Phishing Attacks
DMARC adoption statistics
- DMARC records are lacking: 67 percent of Fortune 500 companies (337) do not have a DMARC record on their corporate domain. Of the remaining third, 124 companies have only a Monitor policy.
- DMARC deployments are set wrong: 92 percent of the DMARC deployments at the Fortune 500 companies surveyed are set to Monitor—instead of Quarantine or Reject—unauthenticated messages.
- Few policies work to prevent digital deception: Only 10 percent of the Fortune 500 companies have deployed a DMARC policy to prevent digital deception. 3 percent have a Quarantine policy, and 5 percent have a Reject policy.
- Sectors with highest DMARC adoption rate:
- Business services: 60 percent
- Financial services: 57 percent
- Technology: 55 percent
- Transportation: 53 percent
- Sectors with no DMARC adoption:
- Chemicals: 93 percent
- Engineering and construction: 92 percent
- Aerospace: 92 percent
- Household products: 92 percent
- Energy: 91 percent
- FTSE Index adoption rates: 67 percent of companies on the Financial Times Exchange 100 Index (FTSE 100)—which includes the top 100 companies on the London Stock Exchange—don’t have a DMARC record in their corporate domain.
- FTSE sectors with the highest DMARC adoption rate:
- Pharmaceuticals: 100 percent
- Financial services: 40 percent
- Energy and utilities: 37 percent
- Retail: 33 percent
