A new Valimail report shows that while companies are increasingly adopting the Domain-based Message Authentication, Reporting and Conformance (DMARC) protocol for email authentication, which is designed to prevent email spoofing attacks, the vast majority have not configured it properly. In fact, only 17% of email domains using DMARC have an enforcement policy, even though this is necessary to block impersonation attacks.
Valimail CEO Alexander García-Tobar warns that “the identity crisis of email has never been more apparent,” adding that “the sharp rise in DMARC records worldwide is promising, but the low rate of enforcement indicates there is a long way to go in establishing real trust in one of the world’s most common forms of communication.” The study also found that losses from Business Email Compromise (BEC) scams have reached over $26 billion since 2016.
Read more: Only 1 in 5 enterprises have DMARC records set up with an enforcement policy