As colleges and universities prepare for the fall semester, email protections against surging threats like BEC and phishing are lagging.
Adoption of the email security protocol DMARC has continued to tick upwards, with the number of domains deploying DMARC records surpassing 1 million in the last two years — a 2.5 times greater total than in 2018.
That’s according to Valimail’s Email Fraud Landscape 2020 report, which also found that even with the increased uptake, the use of the strongest version of the email protection standard is still lagging.
A separate report from Tessian meanwhile shows lagging adoption is particularly true when it comes to higher education – an issue that’s in the spotlight as colleges and universities prepare for the fall semester and getting kids back into the classroom, either with remote learning or in-person.
DMARC (which stands for Domain-based Message Authentication, Reporting and Conformance) is an industry standard that ensures that emails are authenticated before they reach users’ mailboxes and confirms that they have been sent from legitimate sources. If configured correctly, potential phishing emails can be stopped at the gateway, or redirected to the junk folder – and it prevents address-spoofing.
DMARC policies are designed to be incremental, starting with a simple reporting-only system where companies receive daily aggregate reporting from ISPs detailing a number of items, such as the number of messages they’ve seen using their domains, how many messages passed or failed authentication and the authentication results of the mail. The next step is the quarantine phase, where any mail failing authentication be routed to the spam/bulk/junk folder. And for the most secure set-up under DMARC, organizations can choose to use a reject policy, to stop mail that fails authentication from even being accepted by the receiving mail systems.
Valimail found that while DMARC is widely supported, with 80 percent of all inboxes worldwide doing DMARC checks and enforcing domain owners’ policies on inbound messages —only 13.9 percent of all DMARC records are configured with enforcement policies that reject or quarantine non-authenticating email.
#cloud security #most recent threatlists #adoption #fraud #cloud
