SECURITY
SECURITY
SECURITY
Research reveals a third of public companies aren’t prepared for new bulk email security rules
New research published today by cloud email security and brand protection startup Redsift Ltd. has found that 33% of publicly listed companies are not ready for new bulk email sending requirements that come into place in February.
The new requirements, announced by Google LLC and Yahoo Inc. in October, require any company sending more than 5,000 email messages through Google and Yahoo to use Domain-based Message Authentication Reporting and Conformance technology. DMARC is an email validation system designed to protect email domains from being used in email spoofing, phishing scams and other cybercrimes by verifying a sender’s authenticity.
There are requirements for DMARC compliance — the ability to authenticate the domains emails are sent from, the ability to make it easy for people to stop receiving emails and the requirement that the emails are not spam.
In the words of the Red Sift researchers, the requirements sound easy enough, but a problem is arising with the domain authentication requirement. To comply, a company must set up a Sender Policy Framework and DMIK, or DomainKeys Identified Mail, an email authentication method that adds a digital signature to emails.
The researchers checked 70 million domains globally and found that more than 91% of email-sending domains have no DMARC record and would therefore fail the new Google and Yahoo requirements. Among publicly listed companies, 33% were found to have no DMARC record.
The lack of DMARC records among publicly listed companies varies depending on where. In the U.S., the figure was 6.5%, in Australia 10.8% and in the U.K. 14.6% versus Japan and South Korea, where the figure was 50%.
In terms of total compliance with DMARC, only 40% of global enterprises were found to likely pass the new requirements. As with the DMARC records, the number varied, with 75% of companies in the U.S. found to be likely to pass new requirements versus 2% in South Korea.
The researchers warn that businesses that send 5,000 or more emails a day need to ensure not only that they have a DMARC record in place but that they have SPF and DKIM in place as well.
“At Red Sift, we foresee these requirements from Google and Yahoo to be just the first step in ensuring that domains are fully authenticated,” the researchers write. “We foresee DMARC enforcement being the next logical step to the February 2024 requirements as those that meet the new requirements are essentially ready for DMARC enforcement.”
Image: DALL-E 3
A message from John Furrier, co-founder of SiliconANGLE:
Support our mission to keep content open and free by engaging with theCUBE community. Join theCUBE’s Alumni Trust Network, where technology leaders connect, share intelligence and create opportunities.
- 15M+ viewers of theCUBE videos, powering conversations across AI, cloud, cybersecurity and more
- 11.4k+ theCUBE alumni — Connect with more than 11,400 tech and business leaders shaping the future through a unique trusted-based network.
About SiliconANGLE Media
SiliconANGLE Media is a recognized leader in digital media innovation, uniting breakthrough technology, strategic insights and real-time audience engagement. As the parent company of SiliconANGLE, theCUBE Network, theCUBE Research, CUBE365, theCUBE AI and theCUBE SuperStudios — with flagship locations in Silicon Valley and the New York Stock Exchange — SiliconANGLE Media operates at the intersection of media, technology and AI.
Founded by tech visionaries John Furrier and Dave Vellante, SiliconANGLE Media has built a dynamic ecosystem of industry-leading digital media brands that reach 15+ million elite tech professionals. Our new proprietary theCUBE AI Video Cloud is breaking ground in audience interaction, leveraging theCUBEai.com neural network to help technology companies make data-driven decisions and stay at the forefront of industry conversations.
