Protecting Charities with DMARC

The majority of us donate money to charity and in turn, charities do some truly inspiring and amazing work that benefits the wider community. But the vast amount of money that charities receive on a daily basis combined with the fact they are generally slower to adopt the latest cybersecurity defenses makes them a prime target for cybercriminals.

In 2017 99% of charities were vulnerable to impersonation

In 2017, Red Sift conducted research into the charity sector and analyzed more than 78,000 charity domains in the UK. The results showed that less than 1% of charities in the UK were protected against email impersonation/fraud.

This means that 99% of UK charities aren’t taking sufficient measures to make sure the donations they receive and the information they hold are protected against phishing. You can read and download the full Charity Industry Report here.

How DMARC can help protect charities worldwide

A simple way for charities to protect themselves from exact domain impersonation and fraud is by implementing a strong DMARC policy. DMARC is an email security protocol that when implemented at p=reject protects your domain from being impersonated by cybercriminals and used in some of the most advanced phishing attacks.

In the past, implementing DMARC was difficult, expensive, and time-consuming. But with OnDMARC, it’s become a straightforward process. OnDMARC guides users to full DMARC protection with simple step-by-step actions and easy-to-use dashboards.

The Turing Trust stopped more than 50 malicious senders with OnDMARC

Thanks to Red Sift’s OnDMARC, The Turing Trust successfully blocked over 50 malicious sources from sending phishing emails on their behalf, protecting their organization and anyone communicating with them. They also managed to increase the deliverability of their authorized emails, massively benefitting their work. You can read the full story here.

Free basic OnDMARC membership for all charities

Following the findings from Red Sift’s Charity Industry Report, we’re offering OnDMARC Basic plans to all charities for free. We believe the work that charities do for the wider community is essential and the price of security software, as well as the difficulty of implementation, has been a barrier to DMARC adoption for many charities.

We hope that through our Free for Charities program we will be able to encourage higher adoption of the DMARC protocol in the charity industry and ultimately help reduce the number of successful cyberattacks targeted at this sector.

Why not get in touch below, to find out if you’re eligible? You can also find out more about our Free for Charities program here.

Get in touch


Red Sift

25 Jul. 2017



Recent Posts


The best tools to protect yourself from SubdoMailing

Francesca Rünger-Field

In late February 2024, ‘SubdoMailing’ became a trending search term overnight. Research by Guardio Labs uncovered a massive-scale phishing campaign that had been going on since at least 2022. At the time of reporting, the campaign had sent 5 million emails a day from more than 8,000 compromised domains and 13,000 subdomains with several…

Read more
Product Release

Red Sift’s Spring 2024 Quarterly Product Release

Francesca Rünger-Field

This early into 2024, the cybersecurity space is already buzzing with activity. Emerging standards, such as Google and Yahoo’s bulk sender requirements, mark a new era of compliance for businesses reliant on email communication. At the same time, the prevalence of sophisticated cyber threats, such as the SubdoMailing campaign, emphasizes the continual hurdles posed…

Read more

Navigating the “SubdoMailing” attack: How Red Sift proactively identified and remediated a…

Rebecca Warren

In the world of cybersecurity, a new threat has emerged. Known as “SubdoMailing,” this new attack cunningly bypasses some of the safeguards that DMARC sets up to protect email integrity.  In this blog we will focus on how the strategic investments we have made at Red Sift allowed us to discover and protect against…

Read more

Where are we now? One month of Google and Yahoo’s new requirements…

Rebecca Warren

As of March 1, 2024, we are one month into Google and Yahoo’s new requirements for bulk senders. Before these requirements went live, we used Red Sift’s BIMI Radar to understand global readiness, and the picture wasn’t pretty.  At the end of January 2024, one-third of global enterprises were bound to fail the new…

Read more