Sign in
  • Home
  • Products
    • Enforce
    • DMARC Monitor
    • Instant SPF
    • Amplify
  • Solutions
    • Anti-phishing
    • Brand protection
    • Compliance
    • Government
    • Marketing
    • Microsoft
    • Shadow IT
  • About
    • News + awards
    • Partners
    • Team
    • Careers
    • Industry leadership
    • Customer support
  • Learn
    • Resources
    • Blog
    • Customers
  • Support
Request phishing analysis
  • Products
    • Enforce
    • DMARC Monitor
    • Instant SPF
    • Amplify
  • Solutions
    • Anti-phishing
    • Brand protection
    • Compliance
    • Government
    • Marketing
    • Microsoft
    • Shadow IT
  • About
    • News + awards
    • Partners
    • Team
    • Careers
    • Industry leadership
    • Customer support
  • Learn
    • Resources
    • Blog
    • Customers
  • Get started for free
  • Support
  • Sign in
Check to see if you’re protected
☰
Check to see if you’re protected
Share this article
Related posts
  • Blog
    Research: Only 22 of the top 100 retailers are protected by DMARC
  • Blog
    DMARC authentication gets you the deliverability you deserve
  • Blog
    How vulnerable are U.S. election operations to email spoofing?
Valimail blog

Which industries are doing best at email security? (research part 2)

Author: Dylan Tweney
security concept: stock image showing lock on a keyboard

The majority of the 933,000 domains with DMARC are owned by small companies, small nonprofits, or individuals. Perhaps companies with large IT budgets can do better at deploying DMARC and getting to enforcement?

The answer: A little bit — but it depends on the industry. Among billion-dollar publicly traded companies (globally), almost 52% of these companies’ primary domains have DMARC records. But of those with DMARC, only 23% are at enforcement — significantly better than the global average of 13%, but not an order of magnitude better.

Other industries have similar or slightly better rates of success at getting to enforcement: Global banks and financial services companies 33%, Fortune 500 companies 28%, global tech companies 24%, and global media companies 22%. Somewhat lower on the scale are U.S. healthcare providers with 18% and U.S. utilities with 13%. (Note: all categories included only $1B+ revenue companies, except for media companies, which were limited to $500M+ revenues.)

The only standout category is the set of U.S. federal government domains, of which 79% have DMARC records. Of those DMARC records, 93% are at enforcement. These are remarkably high figures — a tribute to the success of a 2017 directive from the Department of Homeland Security, BOD 18-01, which mandated DMARC at enforcement for most executive branch domains by January 2018. At the time, fewer than 20% of government domains had DMARC and almost none were at enforcement. Although the mandate was unfunded, several things about it favored success: It was clearly worded, included specific guidance for agencies to follow, and was coupled with tools that agencies could use to check their status and interpret DMARC data.

Column chart showing enforcement success rates by industry category

Despite the fact that almost no industry has a better than 25% success rate in getting DMARC records to enforcement, some industries are doing better at protecting themselves, simply because they have a larger proportion of domains attempting DMARC.

For instance, 67% of Fortune 500 companies have deployed DMARC, and about a quarter of those are at enforcement. This means that almost 20% of the Fortune 500 are now protected from impersonation by DMARC at enforcement. Global tech companies have taken a similarly aggressive approach to DMARC deployment, so 15% of these domains are protected.

But global media companies lag: Only 43% of this category has a DMARC record, and with a success rate of 22%, this means that just 10% of this category’s domains are protected.

Column chart showing overall DMARC status by industry category

This post is part 2 in a 3-part series highlighting Valimail’s latest research. Download the full report for free: Winter 2020 Email Fraud Landscape: Domain spoofing declines as protective measures grow.

Back to blog
Published March 5, 2020
  • DMARC
  • Research
Author: Dylan Tweney
Dylan Tweney is the VP of research and communications for Valimail. He is the founder of Tweney Media, a content-driven communications agency, whose clients have included Samsung, Korn Ferry International, Upwork, YL Ventures, Bloomberg Beta, and Valimail. Formerly, he was the editor-in-chief of VentureBeat and a senior editor at Wired.
Resources
Top retailers remain vulnerable to email brand spoofing
Learn more
Email security with Microsoft and Valimail
Learn more
Election email security
Learn more
Email fraud landscape, Summer 2020
Learn more
Preparing for BIMI: A Marketer’s Guide
Learn more
Latest news
Trump’s refusal to concede the election is creating an opening for cy...
Learn more
2020 General Election Results to Directly Impact Tech Industry
Learn more
Why Email Is Still an Election Day Disinformation Risk
Learn more
US elections are still vulnerable to email spoofing
Learn more
Security Gaps Persist, Report Warns, After U.S. Blames Iran In Election Sch...
Learn more
Press releases
Valimail Triples Customer Base, Becomes Top Global DMARC Provider in 2020
Learn more
Valimail: 2020 election infrastructure still vulnerable to email hackers
Learn more
Valimail Announces Selection by ASG for Anti-Phishing and BEC Protection
Learn more
Valimail DMARC Monitor and Valimail Enforce Now Available in the Microsoft ...
Learn more
Valimail Research Finds More Than 1 Million Domains Using Crucial Email Aut...
Learn more
Follow us
Contact us

P: 888.354.6179
E: info@valimail.com

Headquarters

180 Montgomery Street
20th Floor
San Francisco, CA 94104

Valimail Mountain Office

1550 Larimer Street
Suite 271
Denver, CO 80202

Request a full phishing analysis
© Valimail
  • Terms of use
  • Privacy Policy
  • Website terms of use
  • Do not sell my personal information
  • Phishing Analysis
  • Domain Checker
  • Products
  • Enforce
  • DMARC Monitor
  • Instant SPF
  • Amplify
  • Solutions
  • Anti-phishing
  • Brand protection
  • Compliance
  • Government
  • Marketing
  • Microsoft
  • Shadow IT
  • About
  • News + awards
  • Partners
  • Team
  • Careers
  • Industry leadership
  • Customer support
  • Learn
  • Resources
  • Blog
  • Customers
Subscribe to our newsletter

Get exclusive content on improving email security and deliverability from the experts at Valimail.

  • *
    I understand that I may proactively manage my preferences, or opt-out of Valimail communications at any time using the unsubscribe link provided in Valimail email communication. I confirm that I am over the age of 16. The information that you provide will be used in accordance with the terms of our Privacy Policy.
  • This field is for validation purposes and should be left unchanged.