• by Ray Schultz , May 18, 2018

Most health organizations are vulnerable to spoofing of their email domains, according to a study released on Friday by Valimail.

Of  928 health domains analyzed, only 13% are using DMARC (Domain-based Message Authentication, Reporting and Conformance).

Less than 15% of those companies are achieving enforcement, the DMARC setting that protects domains against impersonation attacks, Valimail says. The result is a 1.7% enforcement rate in global healthcare.

But almost 60% are using Sender Policy Framework (SPF).

Companies with higher revenues—up to $8.4 billion—are more likely to utilize DMARC, as are firms in Australia, India, and France 

"With 80% failure rates, successful deployment of DMARC — known as enforcement —  is clearly a challenge for all companies using manual authentication approaches, not just those in health care,” states Valimail CEO and co-founder Alexander García-Tobar.

He adds, “The data furthermore supports our view that full automation is the most efficient and reliable approach to attain and maintain enforcement."

Valimail analyzed the primary domains of hospitals, medical equipment and supply makers, pharmaceutical manufacturers, pharmacies, and physicians/health practitioners with annual revenues of at least $300 million.