DMARC vs Phishing

30th March 2021

Domain-based Message Authentication, Reporting and Conformance (DMARC) is a tool that can be used by organisations to prevent them from falling victim to email/domain spoofing. It allows a domain owner to confirm that an email is legitimate.

Domain spoofing is a common technique with phishers where they will impersonate a victim’s email and send emails out pretending to be them. Reports have found that you are nearly 5 times more likely to fall victim to these types of attacks if your domain doesn’t have DMARC protection. In 2020 alone, around 3 billion sent emails were found to have signs of sender fraud.

However, things are on the up. In 2017 approximately 125,000 domains were using DMARC and by the end of 2020 this had risen to around 1 million. This is only 1 step, however. Enforcing policies to dictate what a recipient should do with incoming emails that don’t have the necessary authentication, would be another good idea to reduce phishing risks.

Will these steps completely cut out these types of fraud? No. Users still need to be aware what to look for when it comes to phishing. We have a fantastic guide on what the signs of phishing are. Just click the link here to check it out and if you have any further questions on how your company can avoid falling victim to phishing, please get in touch.