SecurityBrief New Zealand - Technology news for CISOs & cybersecurity decision-makers
New Zealand
Guides
#
cloud security
#
cybersecurity
#
endpoint protection
#
firewalls
#
ransomware
Search
Story image
#
Advanced Persistent Threat Protection
#
Cybersecurity
#
Email Security

DMARC adoption among .org domains doubles but remains low

Tue, 21st May 2024
Author image
By Kaleah Salmon, Journalist

A new study has indicated a significant increase in the adoption of the DMARC (Domain-based Message Authentication, Reporting, and Conformance) security standard among .org email domains over the past year. According to research conducted by EasyDMARC, the usage of DMARC has more than doubled among charities, rising from 3.98% to 7.78% between March 2023 and March 2024.

Despite this growth, the research highlighted that less than one in ten charity domains currently employ basic protections against phishing and spoofing. This leaves many organisations vulnerable to email-based cyber threats. The study analysed a data set of 9,935,024 verified .org domains, shedding light on the current state of email security among non-profits.

DMARC plays a crucial role in detecting and preventing email spoofing, a common method used in phishing attacks. Effective implementation of DMARC can significantly reduce the risk of such attacks by either preventing the delivery of unauthenticated emails or diverting them to the junk folder. While the protocol has been available for over a decade, the study suggests that the majority of non-profits have yet to fully utilise its potential.

There has been notable progress towards implementing more stringent policies among organisations that have adopted DMARC. The percentage of those employing rejection (p=reject) or quarantine (p=quarantine) policies increased from 45% to over 50% within the study period, reflecting a growing commitment to better email security.

The research also pointed out that over half of the domains with DMARC configurations lack RUA (Reporting URI of Aggregate Reports) tags, which are essential for monitoring and reporting purposes. This finding implies that the rise in DMARC adoption may be largely attributed to the recent email authentication regulations imposed by Google and Yahoo rather than a proactive cybersecurity stance from the organisations.

Gerasim Hovhannisyan, CEO and Co-Founder of EasyDMARC, commented on the substantial growth in DMARC adoption among non-profits. He noted that non-profits, which predominantly use the .org domain, are now compelled to implement DMARC to ensure their emails are delivered to recipients' inboxes in compliance with the new Google and Yahoo policies.

While the progress in adopting DMARC and more secure policies is encouraging, Hovhannisyan emphasised that much work remains, as 92% of .org domains still lack basic DMARC protections. The ongoing adjustments in email security protocols highlight the need for non-profits to stay vigilant and proactive in fortifying their defences against phishing and spoofing attacks.

Follow us on:
Follow us on LinkedIn Follow us on X
Share on:
Share on LinkedIn Share on X
Related stories
Gartner report criticises SOAR systems, Acora defends approach
Cequence Security announces strategic partnership with Netskope
HackerOne launches PartnerOne to expand global cybersecurity access
Veeam launches enhanced backup solution for Microsoft 365
Custocy partners with Enea to enhance AI-powered security platform
Top stories
Forescout's 2024 H1 Threat Review reveals surge in cyber threats
Andre Schindler promoted to SVP at NinjaOne amid growth
Absolute Security acquires Syxsense to boost resilience platform
Navigating the evolving world of Artificial Intelligence
Cybercriminals use legitimate software for attacks increasing