These Countries Take Gold, Silver and Bronze In Email Authentication 

Given the world is currently competing for gold, silver and bronze, Red Sift has taken a similar approach to see how certain countries compete when it comes to levels of email authentication. 

The Competition 

This year’s Summer Games have cybersecurity teams across the world on high alert, as threat actors leverage phishing, hacktivism, malware and exploitation to wreak havoc. While cyber defenders prepare for a wide variety of attacks, two strategic plays exist to fortify their cyber resilience strategies: DMARC and BIMI. 

“The 2024 Summer Games in Paris presents prime opportunities for the gamut of threat actors seeking profit, fame, or national advantage. Competing teams as well as cyber defenders must understand the pressing threats to maintain resilience during the games. Defenders need to be prepared for a wide range of attacks, from low-level scams and DDoS attacks to doxxing against athletes and ransomware targeting critical infrastructure. It’s the Summer Games of cyber defense,” says Sean Costigan PhD, Managing Director of Resilience Strategy, Red Sift.

The Warmup 

DMARC stands for Domain-based Message Authentication, Reporting & Conformance. It’s an outbound email security protocol that allows domain owners to take back control of their email identity by telling receiving inboxes to reject spoofed emails.

DMARC allows domain owners to obtain visibility to email services that are sending on their behalf, and to block unauthorized senders. DMARC stops impersonation, by telling recipient servers not to accept any emails which aren’t authenticated to have come from you. So, bad actors cannot use your domain to send phishing emails and carry out Business Email Compromise (BEC).

BIMI (Brand Indicators for Message Identification) was introduced in 2021 and allows businesses to show their brand logo in the avatar slot of emails they send. BIMI can only be implemented and honored for organizations that have a DMARC enforcement policy of quarantine or reject at the root level and for all subdomains.

To completely take advantage of the benefits of BIMI logo display in email clients, companies must obtain a Verified Mark Certificate (VMC) from an approved certificate authority such as Entrust for their primary/corporate domain. This is the last mile, so to speak, and rewarded gold amongst the judges. 

The Games

For our purposes, the competing teams will be large public companies by country, as measured by the Fortune 500, (i.e. large public companies in France), and the events will be varying levels of email authentication – DMARC Reporting, BIMI Ready, and BIMI with VMC.  

  • DMARC Reporting:  These domains have started their DMARC implementation but have not yet progressed to a policy that is secure enough to qualify for BIMI.
  • BIMI Ready:  These domains have the DMARC policy required to deploy BIMI
  • BIMI with VMC: These market leaders have completed all the steps above and have obtained a Verified Mark Certificate for their registered trademarks.

Using proprietary data from Red Sift’s BIMI Radar, based on an analysis of 2,380 domains, Red Sift has unveiled the readiness of countries globally to see who is best prepared to combat the cyber threats carried out at the Summer Games. 

DMARC Reporting 🥉

  • Gold – Japan 50%
  • Silver – Italy 46.15%
  • Bronze – Turkey 39.18%

BIMI Ready 🥈

  • Gold – Netherlands 64.36%
  • Silver – UK 62.5% 
  • Bronze – Australia 59.8% 

BIMI with VMC 🥇

  • Gold – US 11.96%
  • Silver –  India 10.47%
  • Bronze – Canada 6.19%

*Red Sift is not affiliated, associated, authorized, endorsed by or in any way officially connected to the 2024 Summer Games.

PUBLISHED BY

Red Sift

7 Aug. 2024

SHARE ARTICLE:

Categories

Recent Posts

VIEW ALL
Security

How to drive cybersecurity as a top business priority

Jack Lilley

Everyone has a role to play in protecting the enterprise. Whether you’re shaping strategy or implementing solutions, aligning efforts to mitigate critical risks ensures a stronger, more resilient enterprise. If you missed Red Sift’s recent webinar on “From Data to Buy-In: Driving Cybersecurity as a Top Business Priority” we’ve got you covered. The session…

Read more
DMARC

BreakSPF: How to mitigate the attack

Red Sift

BreakSPF is a newly identified attack framework that exploits misconfigurations in the Sender Policy Framework (SPF) a widely used email authentication protocol. A common misconfiguration involves overly permissive IP ranges, where SPF records allow large blocks of IP addresses to send emails on behalf of a domain. These ranges often include shared infrastructures like…

Read more
Certificates

Never miss an expiring certificate again with Red Sift Certificates Lite

Francesca Rünger-Field

SSL/TLS certificates are the backbone of secure, uninterrupted digital experiences—but managing them effectively to prevent downtime remains a persistent challenge. With browser and certificate authorities looking to reduce certificate durations to as little as 90 or even 47 days, keeping track of renewals has never been more critical. That’s why we’re excited to introduce…

Read more
DMARC

Navigating G-Cloud 14 for DMARC solutions: A guide for former NCSC Mail…

Francesca Rünger-Field

Navigating G-Cloud 14 for DMARC solutions: A guide for former NCSC Mail Check users With the NCSC discontinuing key features of its Mail Check service, including DMARC aggregate and TLS reporting, after March 2025, UK public sector organisations must prepare for this change by transitioning to alternative email security solutions. To support this shift,…

Read more