Collective Action Needed On DMARC Adoption To Protect New Zealand Email Domains And Digital Assets - SMX

SMX, the New Zealand cyber secure email specialist, has published its third annual survey tracking the adoption of DMARC email authentication among New Zealand and Australian Government agencies and listed companies.

DMARC (Domain-based Message Authentication, Reporting and Conformance) is an email authentication protocol used to protect an organisation’s email channel from spoofs, phishing scams and other email-borne attacks.

In New Zealand, more than half of 291 government agencies now have a valid DMARC record in place, an increase from 33% in 2021 and 16% in 2020. However the bulk of these DMARC certifications are in reporting mode, with just 21% of domains in active enforcement mode.

Domain owners typically test the standard in reporting-only mode, and introduce an active enforcement mode to quarantine or reject spoofed emails, after confirming their DMARC record isn’t causing issues for legitimate senders.

Among New Zealand’s largest 100 companies by number of employees, almost 60% now have a valid DMARC record, up from 45% in 2021 and 29% in 2020. Of these, 32.2% are now in enforcement mode, actively protecting their domains from email spoofing and forgery attacks such as whaling, phishing and payment redirection scams.

“Progress in adopting DMARC is promising but can still improve. Organisations who choose not to implement DMARC risk becoming a vulnerability for their customers and business partners. Acting together, we have a chance to close the door on email forgery and other email-borne security threats in New Zealand and Australia, “ says Thom Hooker, Co-Founder and Email Security Evangelist at SMX.

By comparison, almost three quarters (74%) of 175 Australian Federal Government agency domains surveyed now have a valid DMARC in place, an increase from 66% in 2021 and 53% in 2020. Today 62% of agencies are using DMARC for enforcement, compared to 21% two years ago.

SMX also analysed 1772 domains belonging to companies listed on the ASX, and found that just 30% have deployed DMARC. This is an increase from 21.5% in 2021, the baseline year. Of the ASX-listed companies holding a valid DMARC certification, 45% are now using it in enforcement mode, an increase from 34% in 2021.

“Email is a 40 year old technology and DMARC is the most important security upgrade since the RFCs were released in August 1982. SMX aims to raise awareness of this critical email security standard among the organisations whose email communications are relied upon by large numbers of people and businesses everyday,” he says.