Even though phishing emails are used in 91% of all cyberattacks, the vast majority of websites have not implemented basic measures to prevent threat actors from spoofing their domain as part of phishing campaigns, research by 250ok shows.

In particular, companies are falling short when it comes to the implementation of DMARC (Domain-based Message Authentication, Reporting & Conformance), the industry standard for email authentication. A staggering 80% of websites lack DMARC policies. Matthew Vernhout of 250ok stated that “given the information available on the risks associated with leaving your domain unprotected, it’s shocking the number of brands that still don’t understand the importance of DMARC.”

Read more: Phishing alert: 80% of companies lack DMARC policies to protect against spoofing