Quick Hits

Just 1% of Nonprofit Domains Have Basic DMARC Email Security Protections

DMARC blocks spam and phishing emails sent from spoofed domains, and it's vastly underutilized, a new report says.

Just 1.2% of a group of nearly 10 million verified .org domains analyzed have adopted Domain-based Message Authentication, Reporting, and Conformance (DMARC) security standards, which automatically flag and report emails suspected to be sent from an impersonated domain.

New analysis from EasyDMARC added that even while the DMARC email security standard adoption rate swelled among the top-100 US nonprofit organizations to 20%, of the overall number of domains using DMARC, 45.6% were misconfigured.

“Impersonating email domains is one of the main tools used in successful phishing, spoofing, and ransomware attacks," Gerasim Hovhannisyan, EasyDMARC CEO and co-founder said about the findings. "That's why it's so worrying to see our research indicate that only 1.2% of global nonprofits have implemented domain authentication via DMARC, which remains the best way to curb this threat."