While deployment of DMARC email domain protection is growing fast in New Zealand, the bulk of certifications are only in reporting mode, a new study found.
More than half of 291 government agencies now have a valid DMARC record in place, an increase from 33 per cent in 2021 and 16 per cent in 2020.
However, just 21 per cent of domains were in active enforcement mode, the third annual DMARC survey by New Zealand email cyber security specialist SMX found.
DMARC (domain-based message authentication, reporting and conformance) is an email authentication protocol used to protect an organisation’s email channel from spoofs, phishing scams and other email-borne attacks.
Domain owners typically test the standard in reporting-only mode and introduce an active enforcement mode to quarantine or reject spoofed emails after confirming their DMARC record isn’t causing issues for legitimate senders.
The results indicate New Zealand government is lagging. By comparison, 74 per cent of 175 Australian Federal Government agency domains surveyed now have a valid DMARC in place, an increase from 66 per cent in 2021 and 53 per cent in 2020.
Sixty-two per cent of Australian agencies were using DMARC for enforcement, compared to 21 per cent two years ago.
Among New Zealand’s largest 100 companies by number of employees, almost 60 per cent now had a valid DMARC record, up from 45 per cent in 2021 and 29 per cent in 2020.
Of these, 32.2 per cent were in enforcement mode, actively protecting their domains from email spoofing and forgery attacks.
“Progress in adopting DMARC is promising but can still improve,” said Thom Hooker, co-founder and email security evangelist at SMX.
“Organisations who choose not to implement DMARC risk becoming a vulnerability for their customers and business partners. Acting together, we have a chance to close the door on email forgery and other email-borne security threats in New Zealand and Australia.“
SMX’s survey of 1772 domains belonging to companies listed on the ASX found that just 30 per cent had deployed DMARC. This was an increase from 21.5 per cent in 2021.
Of the ASX-listed companies holding a valid DMARC certification, 45 per cent were using it in enforcement mode, an increase from 34 per cent in 2021.
“Email is a 40 year old technology and DMARC is the most important security upgrade since the RFCs were released in August 1982,” Hooker said.
SMX aimed to raise awareness of this critical email security standard among the organisations whose email communications are relied upon by large numbers of people and businesses, he said.
Join the newsletter!
Error: Please check your email address.