Four times greater risk for phishing if you haven’t applied a DMARC policy

Recent studies show that DMARC has begun to be implemented to a greater extent. In January 2020, we could see that nearly one million domain names have published DMARC records*. This is an increase of 70% compared to last year and a full 180% increase compared to 2018 – something that is very positive from an online-security point of view.

"Given the benefits of DMARC, it comes as no surprise that the implementation has increased consistently," says Alexander García-Tobar, CEO and Co-Founder, Valimail.

The problem is however that as few as 13% of domain names actually have an applied policy for DMARC. As I mentioned in my previous article, "DMARC - common pitfalls in implementation”, DMARC is completely ineffective as protection against email fraud without an applied policy. The figures indicate that interest in DMARC is increasing, but the expertise regarding DMARC is lacking behind.

In their study, Valimail describes another disadvantage for the domain names that lack an applied policy; they are exposed to online phishing four times more often that the domain names that have applied a policy for DMARC. Valimail further explains that this is due to the fact that fraudsters quickly give up thei attempt to send fake emails when they discover that the domain name is protected by a DMARC policy – and instead they go on and direct their frauds on simpler targets.

It is therefore crucial to not only implement DMARC itself, but also a correct and efficient policy – so that you can avoid being the fraudsters next target!

The research from Valimail was compiled by analyzing a broad cross-section of company sizes and business revenues across eight different verticals.

* NOTE: Valimail's analysis only counts organizational domains. Valimail does not include subdomains in these totals.