DMARC is used for email security by just half of the Fortune 500 companies

When Homeland Security advised all federal government departments that they needed to implement a new email security policy to reduce incoming spam and phishing emails, three-quarters of all federal domains were compliant by the deadline given.

That is significantly more than the Fortune 500 achieved over the same time period.

According to new research, just half of the Fortune 500 have implemented DMARC—or domain-based message authentication, reporting, and conformity policy. DMARC policies are used by email systems to verify the authenticity of an email sender and ensure that it is not spoofing another domain. Depending on the DMARC settings, an email system can either monitor, quarantine, or completely reject fake emails, reducing the number of phishing emails that arrive in your business mailbox.

According to the statistics, 51% of the Fortune 500 or the world’s richest corporations are already adopting DMARC. This is an improvement from around one-third, which was the estimate a year ago, but it still lags behind the federal government’s adoption of DMARC. However, just 13% of those businesses have quarantine or reject policy in place, which actively intercepts faked emails and classifies them as spam or bounces them from a user’s inbox entirely.

According to leading research, the following organizations have the strongest DMARC policies: Aetna, American Express, Bank of America, Capital One, Facebook, FedEx, Microsoft, Netflix, PayPal, UPS, and Wells Fargo. Some of the worst competitors with no track record include Boeing, CBS, Discovery, Exxon Mobil, Frontier, JetBlue, NetApp, Time Warner Cable (Spectrum), Prudential, Viacom, and Xerox.

Scammers frequently use faked emails to deceive businesses into revealing valuable taxpayer information or other corporate secrets. The ‘W-2 phishing scam’ involves legitimate-looking emails attempting to get W-2 tax forms from employees that could enable the scammers to file fake forms during tax season in order to earn large refunds. According to the FBI, these frauds cost businesses $12 billion every year.

However, DMARC is designed to filter out the vast majority of faked emails. Multinational e-commerce corporations receive millions of impersonated emails every day, with the emails impersonating the company’s ‘from’ address to appear legitimate. The number was reduced by 99% when the business deployed its new DMARC policy to reject faked emails.

The cost of these attacks has risen to billions of dollars each year, but the actual cost is the erosion of customer faith in the digital industry. Thankfully, there is a way out.

Employ EmailAuth today for full email security services. It has tutorials on how to set up your DMARC record and tools to check your DKIM and DMARC records. EmailAuth has fully automated email authentication tools for your company’s email domain. Get DMARC today by visiting EmailAuth.