Security vendors claim that of the nearly 10 million .org domains in circulation, only 1.2% have fully implemented DMARC to mitigate the risk of phishing.
EasyDMARC surveyed over 9.9 million verified .org email domains and found that only 376,497 (3.8%) implemented the Domain-based Message Authentication, Reporting and Conformance (DMARC) security standard .
DMARC prevents phishing by automatically flagging and blocking incoming emails that appear to be spoofed.
However, in order for it to be effective, organizations must set their systems to a “deny” policy. This means that suspicious emails are automatically blocked before they reach the recipient’s inbox. but “p=none” lets suspicious emails through untouched.
Read more about DMARC: Hotel booking lockdown at risk due to DMARC failure.
Unfortunately, out of just 3.8% of global .org domains with DMARC deployed, 171,486 (45.6%) were misconfigured, according to EasyDMARC, giving organizations no visibility into received or blocked emails. bottom.
Additionally, more than half (58%) of those using DMARC had no policy (p=none) and 15% chose the quarantine option.
The top 100 .org domains by traffic were slightly more dominant. Three-quarters use DMARC, and about one-quarter (27%) of these have their policy set to p=reject.
EasyDMARC CEO Gerasim Hovhannisyan argues that the findings are a concern for the sector because .org is primarily used by non-profits.
“Amid a dramatic rise in phishing and ransomware attacks, the widespread lack of domain verification leaves the nonprofit sector incredibly vulnerable to cybercriminals,” he added. I was. “If we do not take steps to remedy this, many charities and charities will be at risk of significant disruption and financial loss.”
