As awareness about DMARC grows, the number of domains that implement DMARC continue to rise. However, it might not be time to be satisfied just yet. Despite the wider outreach of DMARC implementation for domain protection, 3 billion spoofed messages per day still make it to unsuspecting people’s inbox, under the cover of a valid, authentic sender. Adding fire to the flame is the growing reliance on email as the primary mode of communication.

Until we analyze the trends and study concrete figures, we can’t really understand the deepening need for better domain protection.

Why look at DMARC as means of domain protection?

DMARC (Domain-based Message Authentication Reporting and Compliance) is an email authentication standard that works with two underlying protocols of SPF and DKIM to determine the validity of an email. Using identity alignment and DMARC policies, DMARC SPF and DKIM together contribute towards protecting an organization from having their email domains misused by attackers for sending fraud emails.

Protecting your email domain becomes a graver issue

The techniques and tricks may vary, but email still remains the number one attack vector for cybercriminals.

Over 90% of all cyberattacks are carried out through email. The new methods of remote working and offsite logins do nothing to put a dent in these trends. Several employees are working on their personal machines, with lesser security than they are used to at the work quarters. The psychological factor of working from home in a more lenient atmosphere definitely lends a helping hand to hackers who’re just waiting for people to let down their guard.

Moreover, since the onset of the COVID-19 pandemic, email security providers have observed a steep hike in phishing attacks that are geared towards inducing fear and panic over public health.

Phishers are launching attack after attack, the average phishing campaign lasting for as little as 12 minutes, according to Google. Also declared by Google is the fact that they are actively blocking 100 million phishing emails per day.

Key Figures on Domain Protection and DMARC

1. Three billion messages per day spoof the email ID in an email’s “From” fields.

2. Domains without DMARC implementation are 4.75 times more likely to fall prey to domain spoofing attacks.

3. 80% of all email inbox providers perform DMARC checks on incoming email.

4. Around 1.28 million domain owners globally have configured DMARC for their domains. Only 14% of those are actually protected from spoofing because of airtight DMARC policies in place.

5. Among large organizations, 43.4% of domains have set a DMARC policy.

6. The U.S. federal government is at the forefront of overall DMARC statistics. 74% of the federal government’s domain protection is handled by DMARC.

7. Global media companies and American healthcare providers have the lowest rates of DMARC implementation and domain protection.

Some of these stats are encouraging while others are disheartening. However, we foresee a big change on the horizon: DMARC is soon going to be mandatory. Several corporations in the US and Europe have already mandated DMARC implementation, automatically protecting themselves from spoofing attacks and brand tarnishing.

Why wait till laws are put in place to implement DMARC? Take a look at the features of our DMARC Monitor. We have a step-by-step plan for you, helping you towards maximum domain protection.