- Security TWENTY
- Women in Security
To mark the third anniversary of the Domain-based Message Authentication, Reporting and Conformance (DMARC) standard, introduced in 2012, the company Return Path launched its DMARC Intelligence Report to measure adoption rate. DMARC combats email fraud, specifically the increasingly prevalent global threats from phishing and spoofing. The report found that of the 1000 brands surveyed, 22 percent of them had already adopted DMARC.
The report also uncovered differing pace of DMARC uptake across verticals. For example banks and retailers were behind the curve despite being two of the most prolifically phished industries, while social media network companies lead the way with a 51 percent adoption rate. These early adopters of DMARC have typically implemented a policy of ‘monitor’ while there is a much slower uptake on the stringent email operations required to fully block malicious emails with a ‘reject’ policy.
Since DMARC launched initially with Yahoo, Google, Microsoft, AOL and Comcast, recognition has increased to encompass 142 mailbox providers protecting more than 2.3 billion inboxes worldwide. Return Path’s 2015 report found more advanced adoption in key global markets such as the US (85pc of inboxes) and the UK (75pc of inboxes), indicating the commitment from major mailbox providers in ensuring their users are protected from fraudulent mail attacks, and that legitimate emails are delivered correctly to the inbox. The firm adds that some mailbox providers have discussed making DMARC authentication part of their inbox placement decision making, meaning a lot more senders could see their emails being blocked or delivered to the spam folder. However, even without this threat, it is incumbent upon senders to protect their email subscribers and take actionable steps to prevent their brands from being phished, according to the company.
Rob Holmes, General Manger, Email Fraud Protection, Return Path said: “After the early adoption by big name brands, this is now the perfect opportunity for the next wave of adopters who have seen the success of DMARC and want to implement the same level of protection to their brand. As proud founding members of DMARC, we are pleased to be part of such an industry-changing technology and this latest research further strengthens our mission to be at the forefront of innovation, helping companies systematically protect themselves, their employees and their customers.”
“Simply put, the DMARC standard works”, said Edward Tucker, Head of Cyber Security for Her Majesty’s Revenue & Customs. “In a blended approach to fight email fraud, DMARC represents the cornerstone of technical controls that commercial senders can implement today to rebuild trust and retake the email channel for legitimate brands and consumers.”
The complete study can be downloaded here.