Infosecurity Europe 2019: A-listers still failing to protect their domains

The elaborate stands have been dismantled, the armies of exhibitors have headed back to their respective offices and homes, and we can all breathe a sigh of ‘thank-goodness-it’s-over-for-another-year’ relief. But we’re left dumbfounded, yet again, that so many shining stars of the cybersec industry are stumped by DMARC implementation.

Let’s cut to the chase – last year, we decided to analyse the primary domains of the organisations exhibiting at 2018 Infosecurity Europe. This show hosts the crème de la crème of the cybersecurity industry, beacons of hope against the onslaught of data-thieving cyber attacks (bear with the hyperbole, I’m trying to make a point..) so we weren’t expecting the inadequate results that we uncovered.

In 2018, only 9% of those vendors claiming to solve your cybersecurity woes and offering the best of class protection on the market, had protected their own domains with DMARC at a level sufficient to stop phishing attacks at the gateway or sweep to the spam folder. And just to remind you, DMARC is the only surefire way to stamp out email impersonation – email impersonation which enables scammers to send you phishing emails – phishing emails that can dupe you into handing over data, money, confidential details about your SoC… just saying.

But wait, there is good news! We ran the research again this year, and can reveal an improvement – disappointingly, it was a very small increase, just 13% of 2019’s exhibitors had DMARC set at the p=quarantine or p=reject levels.

So, what does this research tell us, apart from the industry is painfully slow at responding to ratified global protocols?

  • DMARC is available to anyone – so if the industry pioneers aren’t implementing it, either hubris is setting in, or it’s proving more complicated than expected to configure it correctly
  • We shouldn’t trust security vendors because they say they’re cybersec geniuses – if they can’t protect their own, known domains, how can they protect your unknown digital infrastructure?
  • DMARC alone can’t protect your networks from intrusion or scammers exploiting vulnerabilities, but it is one of the layers of protection required to prevent phishing attacks – one of the biggest threats to any organisation in today’s age of digital comms.

If you are looking for support with DMARC deployment or simply want to find out more information about how to stop email spoofing, make sure you sign up to our OnDMARC trial for free!

PUBLISHED BY

Red Sift

12 Jun. 2019

SHARE ARTICLE:

Categories

Recent Posts

VIEW ALL
News

Winter wins: Red Sift OnDMARC wraps up 2024 as a G2 DMARC…

Francesca Rünger-Field

The season of giving has brought us another reason to celebrate! Red Sift OnDMARC continues its winning streak in G2’s Winter 2025 report, earning Leader status in the DMARC category for another consecutive season. This recognition reflects our strong market presence and the unwavering satisfaction of our customers. Cheers to wrapping up 2024 on…

Read more
AI

Text classification in the age of LLMs

Phong Nguyen

As natural language processing (NLP) advances, text classification remains a foundational task with applications in spam detection, sentiment analysis, topic categorization, and more. Traditionally, this task depended on rule-based systems and classical machine learning algorithms. However, the emergence of deep learning, transformer architectures, and Large Language Models (LLMs) has transformed text classification, allowing for…

Read more
Security

How to drive cybersecurity as a top business priority

Jack Lilley

Everyone has a role to play in protecting the enterprise. Whether you’re shaping strategy or implementing solutions, aligning efforts to mitigate critical risks ensures a stronger, more resilient enterprise. If you missed Red Sift’s recent webinar on “From Data to Buy-In: Driving Cybersecurity as a Top Business Priority” we’ve got you covered. The session…

Read more
DMARC

BreakSPF: How to mitigate the attack

Red Sift

BreakSPF is a newly identified attack framework that exploits misconfigurations in the Sender Policy Framework (SPF) a widely used email authentication protocol. A common misconfiguration involves overly permissive IP ranges, where SPF records allow large blocks of IP addresses to send emails on behalf of a domain. These ranges often include shared infrastructures like…

Read more