Feds lead in DMARC use
- By Stephanie Kanowitz
- Mar 22, 2021
The federal government is the leading user of DMARC, an authentication protocol used to protect email against spoofing, which enables phishing and other e-mail based attacks or scams.
Domain-based Message Authentication, Reporting and Conformance, a vendor-neutral authentication protocol, allows email domain owners to protect their domain from unauthorized use, or spoofing.
Seventy-eight percent of all federal domains have published a DMARC record, and 74% of those records have an enforcement policy, meaning that 74% of federal domains are now protected from spoofing. Those numbers come from the “Email Fraud Landscape: Spring 2021” report that Valimail, a maker of zero-trust, identity-based anti-phishing solutions, released today.
“This high rate of deployment and enforcement is a direct result of a 2017 directive from the Department of Homeland Security, BOD 18-01, which mandated DMARC enforcement for all executive branch domains, except for intelligence- and defense-related ones,” the report states. It credits the detailed documentation and enabling tools that DHS provided with the order for the high level of compliance.
For comparison, the category with the second highest use of DMARC is Fortune 500 businesses at 77%, but only 27% of those domains are actually protected. Global media companies have the lowest deployment rate at 57%, and U.S. health-care companies have the lowest protection rate at 13%.
More than half the world’s population uses email, with use rate growing at 3% per year, according to estimates from the Radicati Group. It also said that worldwide email traffic exceeded 300 billion per day as of late 2020 -- little surprise given the increase in remote work because of the COVID-19 pandemic.
Email is the leading vector for cyber crime and is implicated in more than 90% of all cyberattacks, according to Valimail’s report. It found that in 2020, about 1% of all messages originated from suspicious and likely fraudulent senders -- about the same rate it found in the second half of 2019. Domain spoofing has declined greatly since 2017, when it was at about 5%.
Email receivers are consistently using DMARC, checking inbound mail for the majority of the world’s 7 billion active email inboxes, according to the report. At the same time, the number of domains using DMARC on the sending side has risen to 1.28 million -- a nearly four-fold increase over the past three years. The catch is that they need a DMARC enforcement policy, which directs receivers to quarantine or reject non-authenticated email.
“The best practice is to start in monitor mode (a policy of ‘none,’ also known as ‘monitoring mode’), which allows you to collect detailed, daily reports from mail servers about exactly which senders are authenticating and which ones are not,” the report states. “Once you have collected sufficient data, you can then configure [a Sender Policy Framework] and/or [the DomainKeys Identified Mail standard] to specify which senders are allowed to send ‘as’ you. Then, when ready, you can move to an enforcement policy.”
In general, the study found that 43.4% of the 7,000 domains for large for-profit and government organizations with DMARC were at enforcement, which is 2 percentage points higher than in early 2020 and 3.5 percentage points higher than in early 2019.
“This indicates that DMARC enforcement is being taken more seriously among large organizations, and that they are proceeding, slowly but surely, to lock down even more of their domains with DMARC enforcement,” the report states.
Read the full report here.
Stephanie Kanowitz is a freelance writer based in northern Virginia.