The Guide to Major Trusts 2025-26. DSC (Directory of Social Change)

DMARC adoption by .org email domains double in a year but majority still unprotected

Melanie May | 20 May 2024 | News

Email icon on a smart device. By Brett Jordan on unsplash

Implementation of the DMARC security standard among .org email domains has doubled over the past year – but 92% are still unprotected, a study shows.

Analysis by email security provider EasyDMARC of a dataset of 9,935,024 verified .org domains found that uptake of the protocol rose from 3.98% to 7.78% between March 2023 and March 2024.

DMARC (Domain-based Message Authentication, Reporting, and Conformance) is used to automatically detect and prevent email spoofing: a common tactic used in phishing attacks. Implementing it ensures emails that fail authentication checks are either not delivered or sent to the ‘junk’ folder. The protocol has been available for over a decade but most charities have yet to implement it.

Advertisement

Great Fundraising Organizations, by Alan Clayton. Buy now.

Over half of those with DMARC did not have RUA (Reporting URI of Aggregate Reports) tags. These tags are used for monitoring and reporting and help users get the most out of DMARC. This, EasyDMARC says, indicates that compliance with recent Google and Yahoo email authentication regulations may be the main driver of DMARC uptake rather than a proactive commitment to implementing effective cybersecurity measures. 

Among those that are using the protocol however, adoption of the more stringent policies, which either prevent the delivery of suspected emails entirely (‘p=reject’) or send them to the junk folder (‘p=quarantine’), have increased from 45% to over 50%.

Gerasim Hovhannisyan, EasyDMARC CEO and co-founder, commented on the findings: 

“Nonprofits, which largely use the .org top-level domain, are significant users of bulk email so the recent change in policies by Google and Yahoo to require DMARC for emails to hit the inbox, means these organisations need to take action to ensure their emails get delivered.

 

“This research shows that action to implement DMARC amongst nonprofits is well underway, with the number of domains with DMARC policies almost doubling in a year. On top of this, those domains implementing it are increasingly adopting more secure policies – which is unsurprising in the face of an ever-growing threat from phishing attacks. But clearly, there’s still a long way to go with 92% of domains still unprotected.”



Loading

Mastodon