Sergey Nivens - Fotolia
About 4.8 billion email accounts are protected by implementations of the domain-based message authentication, reporting and conformance protocol (Dmarc), according to a report by the Global Cyber Alliance and email authentication firm ValiMail.
This means Dmarc use has reached a tipping point, protecting at least 76% of the current worldwide total of 6.3 billion accounts, according to Radicati’s 2017 Email statistics report, up from covering just 62% of the 4.3 billion total in 2015.
However, the report notes that, in reality, the proportion of email accounts protected by Dmarc is higher than 76% because although the total number of email accounts includes enterprise email servers, the total number of email accounts protected by Dmarc does not, and relates only to internet service providers (ISPs).
By implementing the Dmarc protocol, ISPs can determine whether a sending organisation has a Dmarc policy in place, and enforce “quarantine” or “reject” policies, if domain owners have specified them. These ISPs will not deliver messages that fail authentication.
Alternatively, these ISPs can send reports about email messages that fail authentication without affecting delivery, if requested by the sending domain owners.
Attackers sending fake emails purporting to be from the government has been one of the biggest problems in UK cyber security, according to the National Cyber Security Centre (NCSC).
But much of it is preventable by adopting the Dmarc protocol, the NCSC said, because it helps authenticate an organisation’s communications as genuine by blocking emails pretending to be from government.
The use and support of Dmarc is a key component of the NCSC’s Active Cyber Defence programme, which, as a whole, blocks tens of millions of cyber attacks every week, according to the NCSC’s recently published first annual review.
With such widespread support, the study report said Dmarc is a potent, globally effective tool for preventing domain impersonation attacks, which are the most common and most harmful kind of phishing attacks.
According to the Verizon data breach report, phishing is now a primary vector for cyber attacks because it is used as the point of entry for 91% of reported breaches. About 61% of these phishing attacks use false information, including faked sender domain names.
Email authentication using Dmarc prevents such attacks, because every ISP that supports Dmarc will not deliver fraudulent messages that appear to come from Dmarc-protected domains.
According to the report, the recent growth in Dmarc support is largely attributable to several large Chinese ISPs, including Netease and Tencent, enabling enforcement within the past 18 months.
The list of email account providers supporting Dmarc enforcement now includes most of the major global ISPs, including BT, Gmail, Oath, Microsoft, Tencent, Mail.ru, Comcast, AT&T, Virgin Media and Italia Online.
Dmarc support is over 80% in countries such as the UK, the US, Brazil, Mexico and Canada, but lags in a few countries, such as Germany and Japan.
However, the report said the vast majority of ISPs around the world will enforce email authentication for those domains that have published a Dmarc record and set it to enforcement.