Given the world is currently competing for gold, silver and bronze, Red Sift has taken a similar approach to see how certain countries compete when it comes to levels of email authentication.
The Competition
This year’s Summer Games have cybersecurity teams across the world on high alert, as threat actors leverage phishing, hacktivism, malware and exploitation to wreak havoc. While cyber defenders prepare for a wide variety of attacks, two strategic plays exist to fortify their cyber resilience strategies: DMARC and BIMI.
“The 2024 Summer Games in Paris presents prime opportunities for the gamut of threat actors seeking profit, fame, or national advantage. Competing teams as well as cyber defenders must understand the pressing threats to maintain resilience during the games. Defenders need to be prepared for a wide range of attacks, from low-level scams and DDoS attacks to doxxing against athletes and ransomware targeting critical infrastructure. It’s the Summer Games of cyber defense,” says Sean Costigan PhD, Managing Director of Resilience Strategy, Red Sift.
The Warmup
DMARC stands for Domain-based Message Authentication, Reporting & Conformance. It’s an outbound email security protocol that allows domain owners to take back control of their email identity by telling receiving inboxes to reject spoofed emails.
DMARC allows domain owners to obtain visibility to email services that are sending on their behalf, and to block unauthorized senders. DMARC stops impersonation, by telling recipient servers not to accept any emails which aren’t authenticated to have come from you. So, bad actors cannot use your domain to send phishing emails and carry out Business Email Compromise (BEC).
BIMI (Brand Indicators for Message Identification) was introduced in 2021 and allows businesses to show their brand logo in the avatar slot of emails they send. BIMI can only be implemented and honored for organizations that have a DMARC enforcement policy of quarantine or reject at the root level and for all subdomains.
To completely take advantage of the benefits of BIMI logo display in email clients, companies must obtain a Verified Mark Certificate (VMC) from an approved certificate authority such as Entrust for their primary/corporate domain. This is the last mile, so to speak, and rewarded gold amongst the judges.
The Games
For our purposes, the competing teams will be large public companies by country, as measured by the Fortune 500, (i.e. large public companies in France), and the events will be varying levels of email authentication – DMARC Reporting, BIMI Ready, and BIMI with VMC.
- DMARC Reporting: These domains have started their DMARC implementation but have not yet progressed to a policy that is secure enough to qualify for BIMI.
- BIMI Ready: These domains have the DMARC policy required to deploy BIMI
- BIMI with VMC: These market leaders have completed all the steps above and have obtained a Verified Mark Certificate for their registered trademarks.
Using proprietary data from Red Sift’s BIMI Radar, based on an analysis of 2,380 domains, Red Sift has unveiled the readiness of countries globally to see who is best prepared to combat the cyber threats carried out at the Summer Games.
DMARC Reporting 🥉
- Gold – Japan 50%
- Silver – Italy 46.15%
- Bronze – Turkey 39.18%
BIMI Ready 🥈
- Gold – Netherlands 64.36%
- Silver – UK 62.5%
- Bronze – Australia 59.8%
BIMI with VMC 🥇
- Gold – US 11.96%
- Silver – India 10.47%
- Bronze – Canada 6.19%
*Red Sift is not affiliated, associated, authorized, endorsed by or in any way officially connected to the 2024 Summer Games.
