Welcome!

News Feed Item

Study Shows 75% of Large Enterprises That Attempt Email Authentication Fail, Leaving Internet's Top Global Domains Vulnerable

First-ever examination of S&P 500, Nasdaq 100, FTSE 100, and Alexa 1 million reveals majority of top businesses are at risk for data breaches and compliance lapses, regardless of company resources.

SAN FRANCISCO, Dec. 1, 2016 /PRNewswire/ -- ValiMail, the leader in automated email authentication, today released research indicating that most of the world's largest businesses fail at attempts to use open industry standards to control which email is sent using their names. The report reveals that three quarters of large businesses attempting implementation of the DMARC email authentication standard are not presently capable of using it to block unauthorized email, to the detriment of their own security, compliance, and brand protection.

435395LOGO

ValiMail performed a wide-ranging examination of email authentication policies for more than one million business domain names, including those for the S&P 500, Fortune 1000, NASDAQ 100, and FTSE 100. These policies are published using a specific syntax in DNS records so that receiving mailboxes can determine which messages are authorized and which are not.

"Our investigation showed that using email authentication to monitor and control unauthorized email is extremely difficult for the majority of global companies," said ValiMail CEO Alexander García-Tobar. "You might expect larger businesses with more resources to do a better job of governing the email going out under their names, but we found that most of them still miss the mark."

The study revealed that large enterprises are considerably more likely to attempt email authentication but that their success rate at managing and enforcing these complex open standards is nearly identical to far smaller, less-capitalized companies.

Email authentication is a foundational element in controlling how a company's identity is used online and protecting it from misuse. Problems stemming from unauthorized email include "Shadow IT" services inside the enterprise, brand damage from phishing, and the advanced attacks responsible for the vast majority of today's major security breaches.

ValiMail's study reveals large gaps in how corporations manage their online identities in email. Study highlights include:

  • Among companies attempting to implement email authentication, nearly 75% have not gotten all the way to enforcement.
  • The percentage of sites attempting email authentication varies directly with size. The NASDAQ 100 lead the way with 43% attempting authentication. Smaller companies are decreasingly likely to do so.
  • However, the likelihood of failure is remarkably consistent across all measured groups, regardless of size. The failure rate ranges from 62% to 80%, with most indexes clustering right around 75%.

Attempted authentication (of total)

Successfully protected (of total)

Protection failure rate (of those attempting authentication)

NASDAQ 100

43.0%

12.0%

72.1%

FTSE 100

25.0%

5.0%

80.0%

S&P 500

23.8%

6.1%

74.4%

Fortune 1000

16.2%

3.8%

76.5%

Alexa 10,000

14.2%

5.3%

62.3%

Alexa 100,000

5.9%

1.7%

71.1%

Alexa 1 million

2.3%

0.6%

74.6%

ValiMail analyzed the Domain Name System (DNS) records for every company in the Alexa 1 Million, the Fortune 1000, the Nasdaq 100, the S&P 500, and the UK's FTSE 100. By examining the record in DNS for each domain regarding DMARC (Domain-based Message Authentication, Reporting & Conformance), ValiMail was able to determine which businesses actively authenticated emails attempting to use their domain names.

ValiMail further determined which companies were performing this authentication correctly and which had failed to protect their domains. If a company fails at DMARC authentication, then unauthorized parties can use its domain names in email with impunity. That might be employees improperly sending email from cloud services or phishing attacks that can easily lead to data breaches.

"These results illustrate the difficulty in implementing email authentication correctly," said García-Tobar. "Though the DMARC, SPF, and DKIM standards that enable email authentication are highly effective when done right, they're poorly understood, counterintuitive, and syntactically exacting. That leaves industry with the very high failure rate measured in our research."

ValiMail provides a free domain check tool indicating whether a domain is authenticating properly and how exposed it is to phishing attacks and other misuse.

ABOUT VALIMAIL

ValiMail, the world's first provider of Email Authentication as a Service™, enables automated email authentication for 2.7 billion email inboxes globally. Using the DMARC, SPF, and DKIM protocols, ValiMail gives enterprises full visibility and control over who sends messages using their domains, eliminates phishing impersonation attacks, and improves email deliverability. For more information visit www.ValiMail.com.

Logo - http://photos.prnewswire.com/prnh/20161102/435395LOGO

To view the original version on PR Newswire, visit:http://www.prnewswire.com/news-releases/study-shows-75-of-large-enterprises-that-attempt-email-authentication-fail-leaving-internets-top-global-domains-vulnerable-300371175.html

SOURCE ValiMail

More Stories By PR Newswire

Copyright © 2007 PR Newswire. All rights reserved. Republication or redistribution of PRNewswire content is expressly prohibited without the prior written consent of PRNewswire. PRNewswire shall not be liable for any errors or delays in the content, or for any actions taken in reliance thereon.

Latest Stories
Today we can collect lots and lots of performance data. We build beautiful dashboards and even have fancy query languages to access and transform the data. Still performance data is a secret language only a couple of people understand. The more business becomes digital the more stakeholders are interested in this data including how it relates to business. Some of these people have never used a monitoring tool before. They have a question on their mind like “How is my application doing” but no id...
Join us at Cloud Expo June 6-8 to find out how to securely connect your cloud app to any cloud or on-premises data source – without complex firewall changes. More users are demanding access to on-premises data from their cloud applications. It’s no longer a “nice-to-have” but an important differentiator that drives competitive advantages. It’s the new “must have” in the hybrid era. Users want capabilities that give them a unified view of the data to get closer to customers and grow business. The...
The current age of digital transformation means that IT organizations must adapt their toolset to cover all digital experiences, beyond just the end users’. Today’s businesses can no longer focus solely on the digital interactions they manage with employees or customers; they must now contend with non-traditional factors. Whether it's the power of brand to make or break a company, the need to monitor across all locations 24/7, or the ability to proactively resolve issues, companies must adapt to...
It is ironic, but perhaps not unexpected, that many organizations who want the benefits of using an Agile approach to deliver software use a waterfall approach to adopting Agile practices: they form plans, they set milestones, and they measure progress by how many teams they have engaged. Old habits die hard, but like most waterfall software projects, most waterfall-style Agile adoption efforts fail to produce the results desired. The problem is that to get the results they want, they have to ch...
IoT solutions exploit operational data generated by Internet-connected smart “things” for the purpose of gaining operational insight and producing “better outcomes” (for example, create new business models, eliminate unscheduled maintenance, etc.). The explosive proliferation of IoT solutions will result in an exponential growth in the volume of IoT data, precipitating significant Information Governance issues: who owns the IoT data, what are the rights/duties of IoT solutions adopters towards t...
With the introduction of IoT and Smart Living in every aspect of our lives, one question has become relevant: What are the security implications? To answer this, first we have to look and explore the security models of the technologies that IoT is founded upon. In his session at @ThingsExpo, Nevi Kaja, a Research Engineer at Ford Motor Company, discussed some of the security challenges of the IoT infrastructure and related how these aspects impact Smart Living. The material was delivered interac...
Wooed by the promise of faster innovation, lower TCO, and greater agility, businesses of every shape and size have embraced the cloud at every layer of the IT stack – from apps to file sharing to infrastructure. The typical organization currently uses more than a dozen sanctioned cloud apps and will shift more than half of all workloads to the cloud by 2018. Such cloud investments have delivered measurable benefits. But they’ve also resulted in some unintended side-effects: complexity and risk. ...
The taxi industry never saw Uber coming. Startups are a threat to incumbents like never before, and a major enabler for startups is that they are instantly “cloud ready.” If innovation moves at the pace of IT, then your company is in trouble. Why? Because your data center will not keep up with frenetic pace AWS, Microsoft and Google are rolling out new capabilities. In his session at 20th Cloud Expo, Don Browning, VP of Cloud Architecture at Turner, posited that disruption is inevitable for comp...
In 2014, Amazon announced a new form of compute called Lambda. We didn't know it at the time, but this represented a fundamental shift in what we expect from cloud computing. Now, all of the major cloud computing vendors want to take part in this disruptive technology. In his session at 20th Cloud Expo, Doug Vanderweide, an instructor at Linux Academy, discussed why major players like AWS, Microsoft Azure, IBM Bluemix, and Google Cloud Platform are all trying to sidestep VMs and containers wit...
While DevOps most critically and famously fosters collaboration, communication, and integration through cultural change, culture is more of an output than an input. In order to actively drive cultural evolution, organizations must make substantial organizational and process changes, and adopt new technologies, to encourage a DevOps culture. Moderated by Andi Mann, panelists discussed how to balance these three pillars of DevOps, where to focus attention (and resources), where organizations might...
With major technology companies and startups seriously embracing Cloud strategies, now is the perfect time to attend 21st Cloud Expo October 31 - November 2, 2017, at the Santa Clara Convention Center, CA, and June 12-14, 2018, at the Javits Center in New York City, NY, and learn what is going on, contribute to the discussions, and ensure that your enterprise is on the right path to Digital Transformation.
No hype cycles or predictions of zillions of things here. IoT is big. You get it. You know your business and have great ideas for a business transformation strategy. What comes next? Time to make it happen. In his session at @ThingsExpo, Jay Mason, Associate Partner at M&S Consulting, presented a step-by-step plan to develop your technology implementation strategy. He discussed the evaluation of communication standards and IoT messaging protocols, data analytics considerations, edge-to-cloud tec...
New competitors, disruptive technologies, and growing expectations are pushing every business to both adopt and deliver new digital services. This ‘Digital Transformation’ demands rapid delivery and continuous iteration of new competitive services via multiple channels, which in turn demands new service delivery techniques – including DevOps. In this power panel at @DevOpsSummit 20th Cloud Expo, moderated by DevOps Conference Co-Chair Andi Mann, panelists examined how DevOps helps to meet the de...
When growing capacity and power in the data center, the architectural trade-offs between server scale-up vs. scale-out continue to be debated. Both approaches are valid: scale-out adds multiple, smaller servers running in a distributed computing model, while scale-up adds fewer, more powerful servers that are capable of running larger workloads. It’s worth noting that there are additional, unique advantages that scale-up architectures offer. One big advantage is large memory and compute capacity...
Cloud applications are seeing a deluge of requests to support the exploding advanced analytics market. “Open analytics” is the emerging strategy to deliver that data through an open data access layer, in the cloud, to be directly consumed by external analytics tools and popular programming languages. An increasing number of data engineers and data scientists use a variety of platforms and advanced analytics languages such as SAS, R, Python and Java, as well as frameworks such as Hadoop and Spark...