March 5, 2018

DMARC Adoption Among Top US Colleges and Universities (Q1 2018)

Today 250ok published a new report detailing our analysis of DMARC adoption at US higher education institutions. The troubling findings in DMARC Adoption Among Top US Colleges and Universities (Q1 2018) indicate almost 90% of top-level .edu domains (also known as “root” domains) have no DMARC policy in place, leaving domains entirely open to spoofing, phishing scams, and email fraud. This data comes directly from a February 2018 analysis of 3,614 top-level .edu domains controlled by accredited US colleges and universities.

Entire Mailing Lists Are at Risk

Without DMARC deployment and monitoring, higher education institutions run a higher risk of domain-spoofing and phishing attacks on their communities, targeting students, faculty, parents, and others. According to a 2017 Cyber Monday phishing survey by DomainTools, two in five US consumers fell prey to an attack, underscoring the magnitude of domain vulnerability.

“Beyond the benefits of better email deliverability and improved reputation, even the most basic DMARC policy can better ensure recipients are protected from attempts to steal personal information,” said Matthew Vernhout, director of privacy at 250ok. “We found only 11.2% of .edu domains reviewed had any DMARC policy in place, leading us to believe these institutions simply don’t understand DMARC isn’t optional anymore—it’s crucial.”

DMARC is a sender-published policy for messages that fail authentication. By starting with an Observation policy, organizations can identify malicious uses of their domain name and begin work to suppress abuse and protect email recipients. Not only does deploying a DMARC policy provide greater security, but some institutions report a double-digit increase in marketing email opens after initiation.

Higher Education Institutions Taking Steps to Correct

While just .4% of .edu domains reviewed have a Reject policy, the DMARC gold standard, 250ok is working with several colleges and universities to get better secure their domains and protect their stakeholders, including the University of Kentucky.

“We send up to millions of unique emails each month to students, asking them to click links in the emails. Recipients get used to seeing emails from a domain, and they may click a link in the email without double-checking where the email came from,” said Alex Mackey, digital strategy manager at the University of Kentucky and 250ok client.

“Being compliant and understanding the implications of spoofers using your domain needs to be at the forefront of the mind of anyone who is sending email, especially in the higher ed space.”

To read the full report and get six recommendations from 250ok, a leader in DMARC implementation, download the report for free. No email address required.


For more information on how 250ok DMARC software and services can protect your domains through responsible DMARC deployment, contact us for a demo today.

Author: Nicky Copland

Nicky is the marketing manager at 250ok. Before joining the team, she spent the majority of her time crafting and implementing communications strategies for the association industry. She was never a brain surgeon, but she played one on the internet.

You may also like...

How the top 500 internet retailers collect email sign-ups (2016).

Welcome to How The Top 500 Internet Retailers Collect Email Sign-ups (2016), an analysis of how retailers promote their programs, leverage mobile optimization, use social sign-ups, capture personal data, and more. In addition, we have shared some year-over-year trend insights compared to How The Top 500 Internet Retailers Collect Email Sign-ups (2015). Let’s dig in. Sign-up […]

How the top 500 internet retailers collect email sign-ups (2015).

We reviewed the top 500 internet retailers to analyze their email collection practices and sending habits. Check out some of the trends we discovered while analyzing over 1,000 websites owned by the internet’s top retailers.

Deliverability myth: Why you need to measure inbox placement. [INFOGRAPHIC]

It’s important to measure and compare your delivered rate to your inbox rate. What’s the difference? Let’s say your email service is reporting 90% deliverability with a 10% bounce rate. Then you run your campaign through your deliverability service and it reports the same 10% bounce/missing rate, but 72% inbox placement and 18% spam placement. Both look […]

Ready to get started?