Social media companies have a significantly higher Domain-based Message Authentication, Reporting and Conformance (DMARC) adoption rate when compared with other industries, according to a recent report by Return Path.
DMARC is an email authentication tool that helps prevent email-based phishing and spoofing attacks, typical tactics of cybercriminals.
DMARC adoption rates have steadily increased since it was first introduces in 2012, and 29% of global companies now have some DMARC security measure in place according to Return Path’s study. DMARC adoption rose year-over-year from 22% in 2015.
The data and email solutions provider analyzed the published DMARC record of over 1,000 global brands, across 31 different countries, to investigate DMARC adoption rates by region and industry.
Social media companies lead the pack in DMARC adoption by vertical, with over half of the companies analyzed by Return Path incorporating some level of protections against email fraud. A bit more than half of social media companies reported DMARC adoption, followed by 41% of logistics companies and 35% of travel companies.
On the opposite side of the spectrum, only 8% of healthcare companies have adopted DMARC.
“In less than three years, the DMARC standard has reshaped the email fraud landscape, disrupted longstanding phishing strategies, and forced cybercriminals to abandon preferred targets,” states Robert Holmes, general manager of email fraud protection at Return Path. “Today, DMARC is still the best remedy in the fight against phishing and spoofing. As its implementation continues to spread outward from its early adopters, it has the potential to nullify an entire class of fraud within the next few years.”
As DMARC adoption rates continue to rise, it will become increasingly important for email marketers to incorporate the DMARC authentication process into their email marketing campaigns.
Marketers who implement DMARC see higher deliverability rates overall because their messages are considered safe by email providers due to the systems in place to detect spoofing.
By June, Gmail will reject any email message that doesn’t pass DMARC authentication checks. In addition, Yahoo, Hotmail and AOL have all implemented some level of DMARC authentication systems into their email servers as well.
You say "Gmail will reject any email message that doesn’t pass DMARC authentication checks."
This statement does not appear to be accurate.
DMARC defines what action should be taken if a message fails authentication. This policy is set by the owner of the sending domain not the receiving domain. In addition I find it very hard to believe gmail is going to reject all email from domains without a DMARC policy.
So what does the statement mean?
+1 to Dereks comments. Gmail is stating it will move to p=reject fr its own domain gmail.com
This means from June they will be advising *other* receivers to reject email purporting to be from Gmail but failing DMARC authentication. That is a world of difference to them rejecting inbound email that is not authenticated (or failing authentication but not explicitly requesting rejection in the Domains DMARC policy).
Further it is not accurate to say that over half of social media companies have a level of protection in place, not from how I raed the report in any case. Less than 25% have any protection (publishing a DMARC policy in monitor mode offers no protection at all).
The report did make things more difficult to read than necessary (take the same colour in the colour charts being used for Reject and Policy in Place as one example).
However as I read it, the facts were:
Therefore 24% of Total number Social Media companies are implementing some level of protection,
Further confusion introduced by the original report as a result of several sectors having a total that adds up to 101%.
I do not wish to beat a dead horse here, but all the calculations are wrong in this article. The report clearly stated that 22% of those surveyed had a policy in place currently, where did the figure of 29% come from?
Andrew and Derek,
The comment about Gmail I believe is in regard to their move to p=reject DMARC policy, I do agree however that it was rather confusing.
Kent
"Confusing" is to indicate there may be some additional complexity added and thereby making something harder to understand than needed.
This is simply not the case. The headline is bad and the article is fundamentally incorrect in many areas.
I would have expected a representative of Return Path to have been forthright in their comments, less confusing and far clearer when commenting on an article that continues to be shared despite being incorrect and quoting Return Path inaccurately as its source.
29% of global companies do not have DMARC in place likewise most if not all the numbers that follow are incorrect
"DMARC Adoption Is Critical For Email Deliverability"
>> There is no basis for this assertion. DMARC has plenty of qualities and benefits, there is no need to overstate its case or misinform.
By June, Gmail will reject any email message that doesn’t pass DMARC authentication checks.
>> Is simply untrue
Marketers who implement DMARC see higher deliverability rates overall because their messages are considered safe
>> Untrue, DMARC keeps the obviously bad stuff out, but says nothing to your reputation or likelihood of inbox placement
My humble apologies to Jess Nelson.
Having reviewed everything yet again, the 29% is accurate according to Return Path.
I had been provided an outdated copy of the report when I downloaded from Return Path at https://returnpath.com/downloads/dmarc-intelligence-report/.
Much of my other comments remain valid, however the figures seem to be accurate
Hi Jess,
Irrespective to what others have commented on your blog, I thoroughly agree with every point in your blog; especially about the importance of DMARC in email marketing. Honestly, we have experienced some great results with the alignment of DMARC record in our email marketing strategy. I thoroughly enjoyed reading your blog. Superb tips and very necessary for the email marketers to follow. Similarly, I have found yet another blog that is exquisite as well. I would like to share the blog with you and would suggest you go through it. Thank you. https://easysendy.com/blog/create-dmarc-record/