It may be hard to believe. But a study of DMARC enforcement in three U.S. cities – Boston, Washington, DC and New York – shows that the locale with the strongest security is
New York. The Big Town.
A study of 99 of the largest organizations in the city shows that 72.7% have reached the highest DMARC (Domain-based Message Authentication, Reporting, and
Conformance) level. But gaps persist, the report says. Another 15.2% have the lesser p+quarantine standing and 12.1% have no effective DMARC protection.
Who’s second? Washington,
DC, which is counter-intuitive since Washington has many government agencies (where DMARC is required) and should have influenced companies to adopt it.
This is a critical issue because
DMARC helps companies block spoofed email.
This is happening as Google, Microsoft and Yahoo reject non-compliant bulk email at the SMTP layer. DMARC is an essential security control
– and a deliverability requirement Red Sift argues.
advertisement
advertisement
At the same time, business email compromise attacks caused $2.77 billion in losses in 2024, Red Sift continues.
Third is Boston. There, 50.5% of the biggest companies have DMARC enforcement at the p+reject level. Another 27.3% remain at p+quarantine, and 22.2% lack effective DMARC protection
entirely.
Here’s one key point: brands deploying quarantine have done some of the necessary work, but spoofed emails can still reach people through spam folders.
Of course,
all of these cities are on the Amtrak Northeast corridor. Red Sift should now look at Mid-Western cities – say, Chicago, Milwaukee, Omaha.