Infosecurity Europe 2019: A-listers still failing to protect their domains

The elaborate stands have been dismantled, the armies of exhibitors have headed back to their respective offices and homes, and we can all breathe a sigh of ‘thank-goodness-it’s-over-for-another-year’ relief. But we’re left dumbfounded, yet again, that so many shining stars of the cybersec industry are stumped by DMARC implementation.

Let’s cut to the chase – last year, we decided to analyse the primary domains of the organisations exhibiting at 2018 Infosecurity Europe. This show hosts the crème de la crème of the cybersecurity industry, beacons of hope against the onslaught of data-thieving cyber attacks (bear with the hyperbole, I’m trying to make a point..) so we weren’t expecting the inadequate results that we uncovered.

In 2018, only 9% of those vendors claiming to solve your cybersecurity woes and offering the best of class protection on the market, had protected their own domains with DMARC at a level sufficient to stop phishing attacks at the gateway or sweep to the spam folder. And just to remind you, DMARC is the only surefire way to stamp out email impersonation – email impersonation which enables scammers to send you phishing emails – phishing emails that can dupe you into handing over data, money, confidential details about your SoC… just saying.

But wait, there is good news! We ran the research again this year, and can reveal an improvement – disappointingly, it was a very small increase, just 13% of 2019’s exhibitors had DMARC set at the p=quarantine or p=reject levels.

So, what does this research tell us, apart from the industry is painfully slow at responding to ratified global protocols?

  • DMARC is available to anyone – so if the industry pioneers aren’t implementing it, either hubris is setting in, or it’s proving more complicated than expected to configure it correctly
  • We shouldn’t trust security vendors because they say they’re cybersec geniuses – if they can’t protect their own, known domains, how can they protect your unknown digital infrastructure?
  • DMARC alone can’t protect your networks from intrusion or scammers exploiting vulnerabilities, but it is one of the layers of protection required to prevent phishing attacks – one of the biggest threats to any organisation in today’s age of digital comms.

If you are looking for support with DMARC deployment or simply want to find out more information about how to stop email spoofing, make sure you sign up to our OnDMARC trial for free!

PUBLISHED BY

Red Sift

12 Jun. 2019

SHARE ARTICLE:

Categories

Recent Posts

VIEW ALL
DMARC

Navigating G-Cloud 14 for DMARC solutions: A guide for former NCSC Mail…

Francesca Rünger-Field

Navigating G-Cloud 14 for DMARC solutions: A guide for former NCSC Mail Check users With the NCSC discontinuing key features of its Mail Check service, including DMARC aggregate and TLS reporting, after March 2025, UK public sector organisations must prepare for this change by transitioning to alternative email security solutions. To support this shift,…

Read more
DMARC

Mail Check is changing: What UK public sector organisations must know about…

Jack Lilley

The National Cyber Security Centre (NCSC) has suggested a change to Mail Check services starting on 24 March 2025. This change mainly involves ending DMARC aggregate reporting. This change comes as a measure to expand the services provided by Mail Check to any UK based organisation, while also limiting the cost and complexity of…

Read more
DMARC

Beyond DMARC: How Red Sift OnDMARC supports comprehensive DNS hygiene

Red Sift

Registrable domains and DNS play a crucial role in establishing online identity and trust, but their importance is often taken for granted. During new service setups, record updates are often overlooked, accumulating outdated entries. As infrastructure teams become increasingly overstretched,  services may be incorrectly shut down without proper cleanup, leaving behind a sprawl of…

Read more
DKIM

First look at DKIM2: The next generation of DKIM

Red Sift

In 2011, the original DomainKeys Identified Mail (DKIM1) standard was published. It outlined a method allowing a domain to sign emails, enabling recipients to verify that the email originated from an entity holding a private key that matches the public key published in the domain’s DNS records. Now in 2024, DKIM is ready for…

Read more