Research Shows Only 1.2% of .Org Domains Have Adequate Phishing Protection
Only 1.2% of .Org domains globally have implemented measures to prevent email phishing, spoofing, and ransomware attacks. This figure rises to only 20% among the top 100 US non-profits .Org domains by traffic.
New research from email security provider EasyDMARC reviewed a dataset of 9,935,024 verified .Org email domains. EasyDMARC found that only 376,497 (3.8%) domains had implemented the Domain-based Message Authentication, Reporting and Conformance (DMARC) security standard.
The DMARC standard enables the automatic flagging and removal of receiving emails which are impersonating senders’ domains, which is a crucial way to prevent outbound phishing and spoofing attempts. Despite the standard being over a decade old, this research indicates a widespread under-adoption of the standard among non-profits.
While there is a greater degree of DMARC adoption among the 100 most popular US non-profits by traffic, one in four still has not deployed the standard. Further, only 20% of the top 100 US .org domains have both deployed DMARC and implemented a ‘reject’ policy that automatically rejected emails impersonating a legitimate domain.
The research also signals a failure by the global non-profit sector to adequately configure DMARC when implemented. Among the small minority of the global .Org domains tested that employ DMARC, 171,486 (45.6%) had incorrectly configured it. As a result, these organisations lacked visibility into any impersonating emails they received or blocked.
Globally among non-profit domains using DMARC, only 121,290 (32.2%) had implemented a ‘reject’ policy that automatically rejected emails impersonating a legitimate domain. Most domains employing DMARC had configured it to do nothing about impersonating emails, with 218,777 (58.1%) domains having no policy. 55,281 (14.7%) had configured DMARC to send impersonating emails into quarantine.
Gerasim Hovhannisyan, EasyDMARC CEO and co-founder, says: “Impersonating email domains is one of the main tools used in successful phishing, spoofing, and ransomware attacks. That’s why it’s so worrying to see our research indicate that only 1.2% of global non-profits have implemented domain authentication via DMARC, which remains the best way to curb this threat.
“With phishing and ransomware attacks rising dramatically, a widespread lack of domain authentication leaves the non-profit sector incredibly vulnerable to cyber-criminals. Without taking steps to rectify this, many charitable and philanthropic organizations are at risk of significant disruption and financial losses.”
The preceding press release was provided by a company unaffiliated with NonProfit PRO. The views expressed within do not directly reflect the thoughts or opinions of NonProfit PRO.