DMARC Adoption in 2021: What’s the Problem?

When it comes to cyber-attacks, 2020 has shown how unprepared organizations and businesses all over the world are. All types of companies were affected, regardless of the size and operating area, resulting in millions of dollars in financial losses. We have seen a large number of new phishing scams related to COVID-19. In April alone, Google blocked 18 million Coronavirus-related malware and phishing emails. And, as so many organizations have switched to remote work, 2021 does not predict any decrease in cyber-attacks.

Scams come in all shapes and sizes, so why do we pay so much attention to the email here? Because 94% of all malware is delivered to the computer via email. And the majority of people would not distinguish between a well-crafted phishing email and a legitimate one.

DMARC Today

DMARC, as the third layer of protection (after SPF and DKIM), has been introduced 9 years ago (back in 2012!). And yet, a large segment of organizations all over the world fail to implement it, and the majority of those who do, leave the p=none policy that only needed at the early stages of implementation and does not protect against cyber-attacks.

So what is it that stops businesses from adding DMARC protection to their arsenal?

Making Three Protocols Work Together

In theory, all you have to do is: implement SPF, DKIM, and DMARC on top of the two and make sure SPF and DKIM align during an authentication check. And voila! Sounds simple enough, right?

Read also: What is DMARC: Email Security with DMARC, SPF, and DKIM

But in reality, there are quite a few roadblocks on the way to DMARC ‘quarantine’ or ‘reject’ policy.

Read the full article on GlockApps blog.