Welcome!

News Feed Item

Study Shows 75% of Large Enterprises That Attempt Email Authentication Fail, Leaving Internet's Top Global Domains Vulnerable

First-ever examination of S&P 500, Nasdaq 100, FTSE 100, and Alexa 1 million reveals majority of top businesses are at risk for data breaches and compliance lapses, regardless of company resources.

SAN FRANCISCO, Dec. 1, 2016 /PRNewswire/ -- ValiMail, the leader in automated email authentication, today released research indicating that most of the world's largest businesses fail at attempts to use open industry standards to control which email is sent using their names. The report reveals that three quarters of large businesses attempting implementation of the DMARC email authentication standard are not presently capable of using it to block unauthorized email, to the detriment of their own security, compliance, and brand protection.

435395LOGO

ValiMail performed a wide-ranging examination of email authentication policies for more than one million business domain names, including those for the S&P 500, Fortune 1000, NASDAQ 100, and FTSE 100. These policies are published using a specific syntax in DNS records so that receiving mailboxes can determine which messages are authorized and which are not.

"Our investigation showed that using email authentication to monitor and control unauthorized email is extremely difficult for the majority of global companies," said ValiMail CEO Alexander García-Tobar. "You might expect larger businesses with more resources to do a better job of governing the email going out under their names, but we found that most of them still miss the mark."

The study revealed that large enterprises are considerably more likely to attempt email authentication but that their success rate at managing and enforcing these complex open standards is nearly identical to far smaller, less-capitalized companies.

Email authentication is a foundational element in controlling how a company's identity is used online and protecting it from misuse. Problems stemming from unauthorized email include "Shadow IT" services inside the enterprise, brand damage from phishing, and the advanced attacks responsible for the vast majority of today's major security breaches.

ValiMail's study reveals large gaps in how corporations manage their online identities in email. Study highlights include:

  • Among companies attempting to implement email authentication, nearly 75% have not gotten all the way to enforcement.
  • The percentage of sites attempting email authentication varies directly with size. The NASDAQ 100 lead the way with 43% attempting authentication. Smaller companies are decreasingly likely to do so.
  • However, the likelihood of failure is remarkably consistent across all measured groups, regardless of size. The failure rate ranges from 62% to 80%, with most indexes clustering right around 75%.

Attempted authentication (of total)

Successfully protected (of total)

Protection failure rate (of those attempting authentication)

NASDAQ 100

43.0%

12.0%

72.1%

FTSE 100

25.0%

5.0%

80.0%

S&P 500

23.8%

6.1%

74.4%

Fortune 1000

16.2%

3.8%

76.5%

Alexa 10,000

14.2%

5.3%

62.3%

Alexa 100,000

5.9%

1.7%

71.1%

Alexa 1 million

2.3%

0.6%

74.6%

ValiMail analyzed the Domain Name System (DNS) records for every company in the Alexa 1 Million, the Fortune 1000, the Nasdaq 100, the S&P 500, and the UK's FTSE 100. By examining the record in DNS for each domain regarding DMARC (Domain-based Message Authentication, Reporting & Conformance), ValiMail was able to determine which businesses actively authenticated emails attempting to use their domain names.

ValiMail further determined which companies were performing this authentication correctly and which had failed to protect their domains. If a company fails at DMARC authentication, then unauthorized parties can use its domain names in email with impunity. That might be employees improperly sending email from cloud services or phishing attacks that can easily lead to data breaches.

"These results illustrate the difficulty in implementing email authentication correctly," said García-Tobar. "Though the DMARC, SPF, and DKIM standards that enable email authentication are highly effective when done right, they're poorly understood, counterintuitive, and syntactically exacting. That leaves industry with the very high failure rate measured in our research."

ValiMail provides a free domain check tool indicating whether a domain is authenticating properly and how exposed it is to phishing attacks and other misuse.

ABOUT VALIMAIL

ValiMail, the world's first provider of Email Authentication as a Service™, enables automated email authentication for 2.7 billion email inboxes globally. Using the DMARC, SPF, and DKIM protocols, ValiMail gives enterprises full visibility and control over who sends messages using their domains, eliminates phishing impersonation attacks, and improves email deliverability. For more information visit www.ValiMail.com.

Logo - http://photos.prnewswire.com/prnh/20161102/435395LOGO

To view the original version on PR Newswire, visit:http://www.prnewswire.com/news-releases/study-shows-75-of-large-enterprises-that-attempt-email-authentication-fail-leaving-internets-top-global-domains-vulnerable-300371175.html

SOURCE ValiMail

More Stories By PR Newswire

Copyright © 2007 PR Newswire. All rights reserved. Republication or redistribution of PRNewswire content is expressly prohibited without the prior written consent of PRNewswire. PRNewswire shall not be liable for any errors or delays in the content, or for any actions taken in reliance thereon.

Latest Stories
Internet-of-Things discussions can end up either going down the consumer gadget rabbit hole or focused on the sort of data logging that industrial manufacturers have been doing forever. However, in fact, companies today are already using IoT data both to optimize their operational technology and to improve the experience of customer interactions in novel ways. In his session at @ThingsExpo, Gordon Haff, Red Hat Technology Evangelist, will share examples from a wide range of industries – includin...
Kubernetes is a new and revolutionary open-sourced system for managing containers across multiple hosts in a cluster. Ansible is a simple IT automation tool for just about any requirement for reproducible environments. In his session at @DevOpsSummit at 18th Cloud Expo, Patrick Galbraith, a principal engineer at HPE, discussed how to build a fully functional Kubernetes cluster on a number of virtual machines or bare-metal hosts. Also included will be a brief demonstration of running a Galera MyS...
The WebRTC Summit New York, to be held June 6-8, 2017, at the Javits Center in New York City, NY, announces that its Call for Papers is now open. Topics include all aspects of improving IT delivery by eliminating waste through automated business models leveraging cloud technologies. WebRTC Summit is co-located with 20th International Cloud Expo and @ThingsExpo. WebRTC is the future of browser-to-browser communications, and continues to make inroads into the traditional, difficult, plug-in web co...
"We build IoT infrastructure products - when you have to integrate different devices, different systems and cloud you have to build an application to do that but we eliminate the need to build an application. Our products can integrate any device, any system, any cloud regardless of protocol," explained Peter Jung, Chief Product Officer at Pulzze Systems, in this SYS-CON.tv interview at @ThingsExpo, held November 1-3, 2016, at the Santa Clara Convention Center in Santa Clara, CA.
"We analyze the video streaming experience. We are gathering the user behavior in real time from the user devices and we analyze how users experience the video streaming," explained Eric Kim, Founder and CEO at Streamlyzer, in this SYS-CON.tv interview at 19th Cloud Expo, held November 1-3, 2016, at the Santa Clara Convention Center in Santa Clara, CA.
"This is specifically designed to accommodate some of the needs for high availability and failover in a network managed system for the major Korean corporations," stated Thomas Masters, Managing Director at InfranicsUSA, in this SYS-CON.tv interview at 19th Cloud Expo, held November 1-3, 2016, at the Santa Clara Convention Center in Santa Clara, CA.
Enterprise IT has been in the era of Hybrid Cloud for some time now. But it seems most conversations about Hybrid are focused on integrating AWS, Microsoft Azure, or Google ECM into existing on-premises systems. Where is all the Private Cloud? What do technology providers need to do to make their offerings more compelling? How should enterprise IT executives and buyers define their focus, needs, and roadmap, and communicate that clearly to the providers?
"We are an all-flash array storage provider but our focus has been on VM-aware storage specifically for virtualized applications," stated Dhiraj Sehgal of Tintri in this SYS-CON.tv interview at 19th Cloud Expo, held November 1-3, 2016, at the Santa Clara Convention Center in Santa Clara, CA.
"We are a leader in the market space called network visibility solutions - it enables monitoring tools and Big Data analysis to access the data and be able to see the performance," explained Shay Morag, VP of Sales and Marketing at Niagara Networks, in this SYS-CON.tv interview at 19th Cloud Expo, held November 1-3, 2016, at the Santa Clara Convention Center in Santa Clara, CA.
According to Forrester Research, every business will become either a digital predator or digital prey by 2020. To avoid demise, organizations must rapidly create new sources of value in their end-to-end customer experiences. True digital predators also must break down information and process silos and extend digital transformation initiatives to empower employees with the digital resources needed to win, serve, and retain customers.
Amazon has gradually rolled out parts of its IoT offerings in the last year, but these are just the tip of the iceberg. In addition to optimizing their back-end AWS offerings, Amazon is laying the ground work to be a major force in IoT – especially in the connected home and office. Amazon is extending its reach by building on its dominant Cloud IoT platform, its Dash Button strategy, recently announced Replenishment Services, the Echo/Alexa voice recognition control platform, the 6-7 strategic...
Organizations planning enterprise data center consolidation and modernization projects are faced with a challenging, costly reality. Requirements to deploy modern, cloud-native applications simultaneously with traditional client/server applications are almost impossible to achieve with hardware-centric enterprise infrastructure. Compute and network infrastructure are fast moving down a software-defined path, but storage has been a laggard. Until now.
We're entering the post-smartphone era, where wearable gadgets from watches and fitness bands to glasses and health aids will power the next technological revolution. With mass adoption of wearable devices comes a new data ecosystem that must be protected. Wearables open new pathways that facilitate the tracking, sharing and storing of consumers’ personal health, location and daily activity data. Consumers have some idea of the data these devices capture, but most don’t realize how revealing and...
IoT solutions exploit operational data generated by Internet-connected smart “things” for the purpose of gaining operational insight and producing “better outcomes” (for example, create new business models, eliminate unscheduled maintenance, etc.). The explosive proliferation of IoT solutions will result in an exponential growth in the volume of IoT data, precipitating significant Information Governance issues: who owns the IoT data, what are the rights/duties of IoT solutions adopters towards t...
Get deep visibility into the performance of your databases and expert advice for performance optimization and tuning. You can't get application performance without database performance. Give everyone on the team a comprehensive view of how every aspect of the system affects performance across SQL database operations, host server and OS, virtualization resources and storage I/O. Quickly find bottlenecks and troubleshoot complex problems.