In a recent survey conducted by Agari, it was discovered that just half of the Fortune 500 have deployed DMARC — or domain-based message authentication, reporting, and conformance policy. DMARC is a technology advancement in preventing email and domain spoofing. It ensures that emails go through a domain based check and then sent to the recipient. It uses DKIM and SPF standards along with additional standards of its own.
Cyber criminals and hackers are always looking for ways to infiltrate your network via phishing, spoofing or any other means. Emails being widely used in any organization, it is the easiest path for them to penetrate within the network. Many recent attacks have occurred via email spoofing. Hackers enter the network by forged emails appearing to be from trusted sources.
The survey shows that 51 percent of the Fortune 500 companies are using DMARC. But only 13 percent of those companies are employing a quarantine or reject policy — which actively intercepts spoofed emails and marks them as spam or bounces them from a user’s inbox altogether.
According to Agari’s breakdown: Aetna, American Express, Bank of America, Capital One, Facebook, Fedex, Microsoft, Netflix, PayPal, UPS and Wells Fargo ranked among the companies with the strongest DMARC policy. Boeing, CBS, Discovery, Exxon Mobil, Frontier, JetBlue, NetApp, Time Warner Cable (Spectrum), Prudential, Viacom and Xerox are some of the worst contenders with no record whatsoever. Agari, which has a commercial stake in the email security business, said that having a well-configured DMARC policy “cannot be overstated.”
With DMARC into practice, spoofed emails in your domains get rejected avoiding any CEO to CFO level of fraud attacks. It is really challenging to tell apart a fake email from an authentic one. Email providers keep struggling in deciding authentic harmless emails to be delivered to users against the fake harmful emails to reject. DMARC is the solution for these problems. It helps email senders and receivers work together to better secure emails, protecting users and brands from painfully costly abuse.