• by Ray Schultz , Columnist, May 7, 2018

To hear Valimail tell it, the United States ranks fifth in the world in the use of Domain-based Message Authentication, Reporting and Conformance (DMARC) -- behind Denmark, the Netherlands, Ireland and Columbia.

But one country has an even lower ranking: China. Of the top 100 Chinese brands, 95.4% fail to employ even minimal standards of protection against phishing, including DMARC -- a protocol for authenticating email senders and preventing impersonation of their domains, according to DMARC Adoption Among Top 100 Chinese Brands, a study by 250ok.

Worse, absolutely no Chinese brands employ a DMARC reject policy (p=reject), a company’s best defense against phishing attacks, 250ok argues. In contrast 11.3% of U.S. and EU retailers use DMARC, along with 35% of the top-performing SaaS 1000 businesses, 250ok adds.

Why is this this important? Because "Chinese brands looking for revenue growth in the West will increase dependence on the email channel," states Joe Montgomery, VP of marketing at 250ok. "Getting to a DMARC reject policy is a logical first step in ramping up their marketing programs for global business."

Granted, China is not the only Asian country that is behind in this matter: Valimail reports that Indonesia, Japan, Korea, Taiwan, and China all have “sub-5 percent rates” in DMARC adoption.

Yet Chinese computer systems are second in the world for spreading infections and first for general spam volume, 250ok argues -- citing that together, the firms studied have a total brand value of $683.9 billion and fail to adhere to even the minimal standards.

The study continues: “As predominantly online Chinese businesses like Alibaba and JD.com work to expand globally, their email authentication practices, which include the use of DMARC, play a significant role in their ability to deliver both transactional (e.g., password resets, shipping receipts, customer service correspondence) and promotional (e.g., sales orders, shopping cart abandonment reminders) email messages to consumers outside China.”

Maybe this DMARC imbalance is good news for U.S. brands that do not need competition from China in the inbox. But don’t get too smug: As it is, the U.S. accounts for over 50% of the suspicious email worldwide, and is the leading source. Thailand is a distant second, with roughly 15%. Ninety percent of the bad emails come up from ten countries, and China does not rank among them.