These Countries Take Gold, Silver and Bronze In Email Authentication 

Given the world is currently competing for gold, silver and bronze, Red Sift has taken a similar approach to see how certain countries compete when it comes to levels of email authentication. 

The Competition 

This year’s Summer Games have cybersecurity teams across the world on high alert, as threat actors leverage phishing, hacktivism, malware and exploitation to wreak havoc. While cyber defenders prepare for a wide variety of attacks, two strategic plays exist to fortify their cyber resilience strategies: DMARC and BIMI. 

“The 2024 Summer Games in Paris presents prime opportunities for the gamut of threat actors seeking profit, fame, or national advantage. Competing teams as well as cyber defenders must understand the pressing threats to maintain resilience during the games. Defenders need to be prepared for a wide range of attacks, from low-level scams and DDoS attacks to doxxing against athletes and ransomware targeting critical infrastructure. It’s the Summer Games of cyber defense,” says Sean Costigan PhD, Managing Director of Resilience Strategy, Red Sift.

The Warmup 

DMARC stands for Domain-based Message Authentication, Reporting & Conformance. It’s an outbound email security protocol that allows domain owners to take back control of their email identity by telling receiving inboxes to reject spoofed emails.

DMARC allows domain owners to obtain visibility to email services that are sending on their behalf, and to block unauthorized senders. DMARC stops impersonation, by telling recipient servers not to accept any emails which aren’t authenticated to have come from you. So, bad actors cannot use your domain to send phishing emails and carry out Business Email Compromise (BEC).

BIMI (Brand Indicators for Message Identification) was introduced in 2021 and allows businesses to show their brand logo in the avatar slot of emails they send. BIMI can only be implemented and honored for organizations that have a DMARC enforcement policy of quarantine or reject at the root level and for all subdomains.

To completely take advantage of the benefits of BIMI logo display in email clients, companies must obtain a Verified Mark Certificate (VMC) from an approved certificate authority such as Entrust for their primary/corporate domain. This is the last mile, so to speak, and rewarded gold amongst the judges. 

The Games

For our purposes, the competing teams will be large public companies by country, as measured by the Fortune 500, (i.e. large public companies in France), and the events will be varying levels of email authentication – DMARC Reporting, BIMI Ready, and BIMI with VMC.  

  • DMARC Reporting:  These domains have started their DMARC implementation but have not yet progressed to a policy that is secure enough to qualify for BIMI.
  • BIMI Ready:  These domains have the DMARC policy required to deploy BIMI
  • BIMI with VMC: These market leaders have completed all the steps above and have obtained a Verified Mark Certificate for their registered trademarks.

Using proprietary data from Red Sift’s BIMI Radar, based on an analysis of 2,380 domains, Red Sift has unveiled the readiness of countries globally to see who is best prepared to combat the cyber threats carried out at the Summer Games. 

DMARC Reporting 🥉

  • Gold – Japan 50%
  • Silver – Italy 46.15%
  • Bronze – Turkey 39.18%

BIMI Ready 🥈

  • Gold – Netherlands 64.36%
  • Silver – UK 62.5% 
  • Bronze – Australia 59.8% 

BIMI with VMC 🥇

  • Gold – US 11.96%
  • Silver –  India 10.47%
  • Bronze – Canada 6.19%

*Red Sift is not affiliated, associated, authorized, endorsed by or in any way officially connected to the 2024 Summer Games.

PUBLISHED BY

Francesca Rünger-Field

7 Aug. 2024

SHARE ARTICLE:

Categories

Recent Posts

VIEW ALL
DMARC

Why DMARC should top your MSP roadmap in 2025

Jack Lilley

Executive summary: Email remains the easiest way for criminals to reach customers, and major mailbox providers have decided that unauthenticated mail is no longer welcome. Google and Yahoo started rejecting bulk messages without DMARC in early 2024, and Microsoft 365 will follow in 2025. Yet only 9.7% of the world’s 73 million active domains…

Read more
Product Release

Red Sift’s 2025 Spring Quarterly Product Release

Francesca Rünger-Field

This Spring, we’ve delivered targeted updates to improve compliance, simplify certificate management, and strengthen infrastructure visibility—so you can take action faster and with more confidence. Highlights include: OnDMARC BIMI: Now with full Digicert & CMC support OnDMARC customers that wish to improve trust in their emails and boost open rates by implementing BIMI through…

Read more
BEC

The threat of Business Email Compromise in US healthcare

Jack Lilley

Executive summary: Business Email Compromise is siphoning billions from U.S. healthcare by exploiting human trust instead of software flaws. Spoofed or hijacked messages authorize fraudulent payments, spark ransomware, and expose patient data—causing crippling financial, operational, and compliance damage. Deploying DMARC, MFA, and rigorous multi-person payment checks is now critical. 3 key takeaways Business Email…

Read more
Email

Cloudflare selects Red Sift as a preferred partner to provide DMARC and…

Rebecca Warren

AI-generated email attacks are rapidly growing in scale and sophistication, demanding stronger defenses from at-risk organizations. Starting today, Red Sift is excited to announce a new strategic partnership with Cloudflare, the leading connectivity cloud company, to deliver its market-leading email security application, Red Sift OnDMARC, to a broader global audience.  Today’s alignment enhances Cloudflare’s…

Read more