Based on Agari research of public DNS records, 92 percent of all Fortune 500 companies have left their customers and business partners unprotected from phishing and other forms of email attacks that impersonate their corporate email domain. A similar pattern has emerged around the world with the FTSE 100 and the ASX 100.

Key findings of the report include:

  • 67% of the Fortune 500 have no DMARC record;
  • Business Services sector comes out on top for DMARC adoption; and
  • Number of phishing sites has increased by 1000% in last two years.

Download this white paper to learn more.

 

Executive Summary

Based on Agari research of public DNS records, 92 percent of all Fortune 500 companies have left their customers and business partners unprotected from phishing and other forms of email attacks that impersonate their corporate email domain. A similar pattern has emerged around the world with the FTSE 100 and the ASX 100. Cybercriminals exploit this vulnerability by sending billions of emails per year claiming to be from these companies.


Phishing emails trick users into clicking on websites that steal their passwords, install ransomware or con unsuspecting victims into sending money. This type of fraud represents billions of dollars in losses per year and is completely preventable if organizations adopt

an open standard called DMARC (Domain-based Message Authentication, Reporting & Conformance).

When a company implements DMARC, there are three levels of policies that can be applied to their domains:

  • None — Unauthenticated messages are identified but still delivered to the inbox
  • Quarantine — Unauthenticated messages are moved to the “Spam” or “Junk” folders
  • Reject —Unauthenticated messages are blocked and not delivered to any folder

Shockingly, the largest corporations around the world have by-and-large not implemented the DMARC standard, leaving their customers, business partners and brand vulnerable to identity deception and the losses associated with email fraud:

Fortune 500

DMARC adoption — Two-thirds (67 percent) of the Fortune 500 have not published any DMARC policy. Only four Fortune 500 industry sectors have a majority DMARC adoption rate: business services (60 percent), financials (57 percent), technology (55 percent) and transportation (53 percent).

Quarantine Policy – Only three percent have implemented a Quarantine policy (Spam folder).

Reject Policy – Only five percent have implemented a Reject policy (Blocked).

FTSE 100

DMARC adoption – Two-thirds (67 percent) of the Financial Times Stock Exchange 100 have not published any DMARC policy.

Quarantine Policy – Only one percent have implemented a Quarantine policy (Spam folder).

Reject Policy – Only six percent have implemented a Reject policy (Blocked).

ASX 100

DMARC adoption – Almost three-quarters (73 percent) of the Australian Securities Exchange (ASX 100) have not published any DMARC policy.

Quarantine Policy – Only one percent have implemented a Quarantine policy (Spam folder).

Reject Policy – Only three percent have implemented a Reject policy (Blocked).

DMARC Adoption Analysis

Phishing has become a pervasive threat in the United States and around the world.
The impact of these threats has been felt by both businesses and governments, alike. If organizations implement DMARC, they could protect against these attacks; yet more than two-thirds have not implemented any DMARC policy and more than 90 percent remain vulnerable to impersonation of their corporate email domains. The cybercriminals have responded by ramping up phishing activity to take advantage of this vulnerability. Between October 2014 and June 2016, the number of new, unique phishing sites has increased by more than 1000 percent.

123
Mail Letter

Would you like the confidence to trust your inbox?