March 29, 2018

DMARC adoption troublingly low among colleges and universities around the world


Today 250ok published a comprehensive analysis of DMARC adoption at American, Canadian and European higher education institutions. Earlier, we reported the troubling findings in DMARC Adoption Among Top US Colleges and Universities (Q1 2018) indicating almost 90% of top-level .edu domains (also known as “root” domains) have no DMARC policy in place, leaving domains entirely open to spoofing, phishing scams, and email fraud.

Upon additional data collection and analysis in DMARC Adoption Among Top Canadian, EU, and US Colleges and Universities (Q1 2018), we determined domains controlled by European higher education institutions indexed lower in their adoption of a DMARC policy (8.6%) when compared to top Canadian universities and colleges (9.7%), and significantly lower than top American universities (11.2%). This data comes directly from a February 2018 analysis of 5,978 top-level .edu domains controlled by accredited colleges and universities.

DMARC is a sender-published policy for messages that fail authentication. By starting with an Observation Policy, organizations can identify malicious uses of their domain name and begin work to suppress abuse and protect email recipients. Not only does deploying a DMARC policy provide greater security, but some senders report a double-digit increase in marketing email opens after initiation.

Students, parents, and faculty at risk

Without DMARC deployment and monitoring, higher education institutions run a greater risk of domain-spoofing and phishing attacks on their communities, targeting students, faculty, parents, and others. According to a 2017 Cyber Monday phishing survey by DomainTools, two in five US consumers fell prey to an attack, underscoring the magnitude of domain vulnerability. Similarly, the US government recently announced sanctions and indictments against an Iranian hacker network that targeted US higher education institutions as well as other colleges and universities across the globe, include those in Canada and the EU.

“Beyond the benefits of better email deliverability and improved reputation, even the most basic DMARC policy can better ensure recipients are protected from attempts to steal personal information,” said Matthew Vernhout, director of privacy at 250ok.

Higher education institutions taking steps to correct

While just 1.6% of all .edu domains reviewed have a Reject Policy, the DMARC gold standard, 250ok is working with several colleges and universities to better secure their domains and protect their stakeholders, including the University of Kentucky in the United States.

“We send up to millions of unique emails each month to students, asking them to click links in the emails. Recipients get used to seeing emails from a UKY.edu domain, and they may click a link in the email without double-checking where the email came from,” said Alex Mackey, digital strategy manager at the University of Kentucky and 250ok client.

To read the comprehensive report and get six recommendations from 250ok, a leader in DMARC implementation, download the full report for free. No email address required.

DOWNLOAD REPORT

For more information on how 250ok DMARC software and services can protect your domains through responsible DMARC deployment, contact us for a demo today.

Author: Nicky Copland

Nicky is the senior marketing manager at 250ok. Before joining the team, she spent the majority of her time crafting and implementing communications strategies for the association industry. She was never a brain surgeon, but she played one on the internet.

You may also like...

[Infographic] Global Privacy Relationship Status: It’s Complicated

I recently gave a presentation on global privacy regulations to a post-graduate marketing class and one of the things I noticed while preparing was that even within a single country, privacy is complicated. On a global scale, it is really complicated. For example, Canada has one federal private sector privacy law, three similar provincial laws, […]

The Year in Email 2018

*Update: This article was featured on email influencer Jordie van Rijn’s emailmonday blog! To see it in action, plus a great round-up of other articles and thought leadership looking forward to the future of email, click here.* The Black Friday emails are deleted, marketers’ email lists are checked twice, we pretty much know which senders […]

Poorly designed emails could cost you millions of dollars. But what does that really mean?

We partnered with the smart folks at Lab42 to research what people really think about marketing email. Do they like how they look on their preferred device? Do they prioritize the same design elements you do? If you’re not aligned with your recipients, you could end up sending unwanted, unsatisfying email. You know what that […]

Ready to get started?