Few Of The Top 100 Retailers Are Protected By DMARC, Study Finds

Leading retailers are wide open to domain theft phishing attacks, according to Top Retailers Remain Vulnerable To Email Brand Spoofing, a study released Thursday by Valimail. 

Only 22% of the top 100 retailers listed by the National Retail Federation are protected by DMARC (Domain-based Message Authentication, Reporting and Conformance), the standard email protection tool.

Another 52% have valid DMARC but are not enforcing it, 22% have no DMARC, while 4% have invalid DMARC. 

There are consequences — of the retailers breached in 2018-19, 63% had DMARC but were not protected and 26% had no DMARC records. Only 11% of those with DMARC enforcement were breached. 

On a more positive note, 87% have valid SPF (Sender Policy Framework), whereas the remainder have invalid SPF or none. 

The most protected category is Health, Wellness and Fitness, with 33%. Second is Retail eCommerce, with 27%.

Note: These subcategories have so few firms in them that they may not be statistically projectable. However, Retail, which represents 42% of the top 100, has a 17% protection rate. 

Food & Beverages retailers have a 14% rate of protection, and restaurants have only 2%.

Firms that had 58.4 billion in revenue in 2019 are most likely to have DMARC with enforcement.

Companies with $28.7 billion in revenue for last year have DMARC without enforcement. And those with $13.7 billion have no DMARC records. 




Next story loading loading..