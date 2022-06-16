Thom Hooker (SMX) Credit: Supplied

While deployment of DMARC (domain-based message authentication, reporting and conformance) email domain protection is on the rise in Australian businesses, the take up is lagging behind those based in New Zealand.



Out of 1772 domains belonging to companies listed on the ASX, 29.5 per cent have a valid DMARC record in place, up from 21.5 per cent in 2021, the third annual DMARC survey by New Zealand email cyber security specialist SMX found.

Of the ASX-listed companies holding a valid DMARC certification, 45 per cent were using it in enforcement mode, an increase from 34 per cent in 2021.

DMARC is an email authentication protocol used to protect an organisation’s email channel from spoofs, phishing scams and other email-borne attacks.

Domain owners typically test the standard in reporting-only mode and introduce an active enforcement mode to quarantine or reject spoofed emails after confirming their DMARC record isn’t causing issues for legitimate senders.

The results indicate Australian businesses are lagging when compared to their New Zealand peers; by comparison, among New Zealand’s largest 100 companies by number of employees, almost 60 per cent now had a valid DMARC record, up from 45 per cent in 2021.

Of those with DMARC certification, 32.2 per cent were in enforcement mode, actively protecting their domains from email spoofing and forgery attacks.

“Progress in adopting DMARC is promising but can still improve," said Thom Hooker, co-founder and email security evangelist at SMX.

"Organisations who choose not to implement DMARC risk becoming a vulnerability for their customers and business partners. Acting together, we have a chance to close the door on email forgery and other email-borne security threats in New Zealand and Australia.“

Read more: SMX and Openwave Messaging ink partnership

When looking at government agencies however, the roles are reversed —74 per cent of 175 Australian federal government agency domains surveyed now have a valid DMARC in place, an increase from 66 per cent in 2021.

Additionally, 62 per cent of Australian agencies were using DMARC for enforcement, compared to 21 per cent two years ago.

By comparison, 50.5 per cent of New Zealand government agencies have a valid DMARC record in place, an increase from 33 per cent in 2021, with 21 per cent of domains in active enforcement mode.

“Email is a 40 year old technology and DMARC is the most important security upgrade since the RFCs were released in August 1982," Hooker said.

Read more: SMX makes significant investment into Australia

SMX aimed to raise awareness of this critical email security standard among the organisations whose email communications are relied upon by large numbers of people and businesses, he added.