Email domains without DMARC enforcement spoofed nearly 4X as often

2020-03-05 05:00

As of January 2020, nearly 1 million domains have published DMARC records - an increase of 70% compared to last year, and more than 180% growth in the last two years.

Just 13% of all DMARC records are configured with enforcement policies, demonstrating that interest in DMARC is increasing but DMARC expertise is not keeping pace.

"There's an additional downside to not getting to enforcement: Our research demonstrates that domains without DMARC policies at enforcement are spoofed nearly four times more often compared to domains with DMARC at enforcement. This is because fraudsters give up trying to spoof a domain once they realize it doesn't work, and move on to easier targets."

79% of US federal domains have DMARC records and 93% of those are at enforcement, a tribute to the the success of a 2017 directive from the Department of Homeland Security, BOD 18-01.

23% of billion-dollar companies' domains are at DMARC enforcement.

News URL

http://feedproxy.google.com/~r/HelpNetSecurity/~3/AaphLQ2fCYQ/

#email #dmarc

News URL

Related news