NEW YORK, February 16, 2016 — Global adoption of the most powerful weapon to date against phishing and spoofing, the Domain-based Message Authentication, Reporting, and Conformance (DMARC) authentication protocol, has increased 24 percent in the past year, according to new research from Return Path.
Released today, the 2016 DMARC Intelligence Report finds that:
Just four years after its launch, DMARC has revolutionized the fight against phishing and domain spoofing by blocking malicious messages before they hit consumer and employees inboxes. This in turn is forcing cybercriminals to abandon preferred targets.
Steve Jones, Executive Director, DMARC.org, commented: “I’m very satisfied with the rising pace of DMARC adoption we saw globally in 2015. It reflects the clear benefits it brings to an organization when it comes to email fraud protection, as well as the recommendations of many government agencies and industry groups globally. As adoption continues to accelerate through 2016, DMARC will be seen as a prerequisite for any organization that wants to engage its customers and partners via the email channel.”
The true value of complete DMARC protection
Brands that have fully embraced DMARC have seen impressive results. Blocket, Sweden’s largest online marketplace, saw a 99 percent drop in suspicious messages in just three months after implementing DMARC, and phishing remediation costs plummeted. “After we implemented a DMARC reject policy, we saw phishing customer-service tickets drop by more than 70 percent,” said Thomas Bäcker, Head of Customer Security for Blocket.
Enterprise adoption gains momentum
DMARC has proven to be an effective defender of domain-based email threats in the consumer space. With the convergence of email filtering technology across the consumer and enterprise space (as in the case of Google and Microsoft), DMARC is expected to permeate its way into enterprise email filtering systems. There is already evidence of this; 2015 saw an increased number of enterprise messaging gateways enable DMARC on their appliances to detect and block spear-phishing emails that spoof corporate domains.
Robert Holmes, General Manager, Email Fraud Protection at Return Path commented: “As more security email gateways enable DMARC, we will see more organizations leveraging the protocol to reject emails that spoof their domains to deceive employees, a particularly effective tactic in CEO to CFO wire fraud attacks. The good news is that despite the growth in email threats, more and more companies are taking the right steps towards better defending their customers, employees, brands, and bottom line from email fraud.”
The complete DMARC Intelligence Report can be downloaded in full here.
Return Path conducted this study using a representative sample of more than 1,049 global companies across 33 countries from the following indices: Fortune 500, Inc. 5000 DJIA, NASDAQ, S&P, FTSE, and Forbes’ 2015 “Top 100 Most Recognizable Brands.” DMARC adoption data was pulled in January 2016. Percentages may not add up to 100 due to rounding.
About Return Path
Return Path analyzes the world’s largest collection of email data to show businesses how to stay connected with their audiences, strengthen their customer engagement, and protect their brands from fraud. Our data solutions help analysts understand consumer behavior and market trends. We help mailbox providers and security providers around the world deliver great user experiences and build trust in email by ensuring that wanted messages reach the inbox while spam and abuse don’t. For more information on Return Path’s Email Fraud Protection solution, visit www.returnpath.com/StopEmailFraud or follow us on Twitter @StopEmailFraud.