A standard email authentication to protect users from potential spoofing and phishing is being ignored. Upwards of 80 percent of company web domains are operating without DMARC. Having a DMARC is an industry standard that helps prevent malicious email coming from counterfeit addresses.
DMARC stands for Domain-based Message Authentication, Reporting & Conformance. DMARC is a protocol used for email authentication, policy, and reporting, and helps secure and protect users’ sensitive material and personal information. DMARC policies can be as permissive as to only report possible security violations, or so strict as to completely reject messages that fail authentication.
The 2019 250ok’s Global DMARC Adoption report reviewed 25,700 domains in several industries and Fortune 500 companies (including education, e-commerce, legal, financial services, SaaS, and nonprofit sectors), and found that the majority of the domains lacked DMARC. If large companies are not adequately safeguarding their email assets, it’s reasonable to assume that smaller companies are doing the same.
But DMARC is relatively simple to implement, and with the proliferation of phishing attacks, something that all businesses should do.
Law firms saw the greatest increase in overall DMARC protection from 2018 to 2019, with an increase of 19%. Enacting a DMARC policy not only protects employees, but the customers they serve as well.