March 13, 2018

Almost 70% of the SaaS 1000 leave consumers at risk of phishing and spoofing attacks.

A whopping 65% of SaaS 1000 companies do not protect their customers, partners, and employees from phishing attacks with a DMARC policy. That’s wild.

The SaaS 1000 is a list of top SaaS businesses with at least 40 employees, ranked by a combination of factors including employee count growth over the previous six month period and overall employee count. We recently analyzed the DMARC adoption rate for the SaaS 1000 and the results were eye-opening.

For those of you just joining us, DMARC is a sender-published policy for messages that fail authentication. With 91% of all cyber attacks beginning with a phishing email and 2 in 5 US consumers falling victim to an online phishing attack (according to a 2017 survey by DomainTools), having no DMARC policy in place is practically asking bad guys to prey on your customers.

There’s a good reason 65% of the Top 20 SaaS companies use a DMARC policy, even the lowest tier of protection: Cloudmark revealed 42% of consumers are less likely to do business with a company following receipt of a suspicious messaging purporting to be from that brand.

In other words, if you don’t know what’s going on in your house, not just your customers will pay the price. Some brands reported a correlating double-digit increase in marketing email opens once they started identifying and suppressing malicious email.

Quite frankly, any SaaS business needing real ROI on marketing or transactional emails cannot afford to not employ a DMARC policy, to say nothing about the safety of their email recipients. For SaaS companies without DMARC policies, it’s not difficult or inaccessible to implement a responsible DMARC strategy.

“Beyond the benefits of better email deliverability and improved reputation, even the most basic DMARC policy can better ensure recipients are protected from attempts to steal personal information,” said Matthew Vernhout, director of privacy at 250ok.

Our full report offers 250ok’s top six recommendations for brands, including starting with a simple None policy to allow you to observe what’s happening across all the domains you own before transitioning into more strict policies.

To get all six recommendations from us, download the report for free. No email address required.


For more information on how 250ok DMARC software and services can protect your domains through responsible DMARC deployment, contact us for a demo today.

Author: Nicky Copland

Nicky is the senior marketing manager at 250ok. Before joining the team, she spent the majority of her time crafting and implementing communications strategies for the association industry. She was never a brain surgeon, but she played one on the internet.

You may also like...

The Year in Email 2019

It’s hard to believe we are nearing the end of yet another exciting year in email, and 2019 proved to be one of the most momentous and active years to date. Over the past year, the number of new technologies, mergers and acquisitions, mailbox provider (MBP) announcements, news, and highlights is evidence of the versatility […]

[Infographic] Global Privacy Relationship Status: It’s Complicated

I recently gave a presentation on global privacy regulations to a post-graduate marketing class and one of the things I noticed while preparing was that even within a single country, privacy is complicated. On a global scale, it is really complicated. For example, Canada has one federal private sector privacy law, three similar provincial laws, […]

The Year in Email 2018

*Update: This article was featured on email influencer Jordie van Rijn’s emailmonday blog! To see it in action, plus a great round-up of other articles and thought leadership looking forward to the future of email, click here.* The Black Friday emails are deleted, marketers’ email lists are checked twice, we pretty much know which senders […]

Ready to get started?