May 15, 2018
Majority of top 100 law firms operate with ZERO DMARC policy in place.
Today 250ok published the latest in our DMARC adoption report series, DMARC Adoption Among the Top 100 Law Firms, revealing more than half (62%) of top global law firms use no DMARC policy to protect their clients and employees. While indexing higher in their DMARC usage than the SaaS 1000, global e-retailers and higher education institutions, the highly scrutinized industry’s lack of blanket adoption is a troubling security flaw.
We reviewed and analyzed 100 top-level domains controlled by the top 100 law firms as determined by 2016 revenue and found only 38% used a DMARC policy to protect their email recipients. This is higher adoption than the SaaS 1000 (35% adoption), and significantly better than top US and EU retailers (15.8%), US colleges and universities (11.2%), and top Chinese brands (4.6%). However, considering 38% is still far from even half the reviewed domains, there’s clearly more work to be done within the legal industry.
For those not in the know, DMARC is a sender-published policy for email messages that fail authentication, helping to prevent spoofing, where a malicious agent impersonates your brand to spread viruses or scam consumers. Not only does deploying a DMARC policy provide greater security, but some senders report a double-digit increase in marketing email opens after initiation.
Did you know 91% of all cyber attacks begin with a phishing email, and although these scams are widely recognized, 2 in 5 US consumers still fell victim to an online phishing attack (according to a 2017 survey by DomainTools)? It’s apparent brands dealing with sensitive information and invested stakeholders, be they clients or employees, need to ensure they’re doing all they can to protect their email recipients from harm. With malicious senders becoming more sophisticated, crafting emails that look convincing on what appear to be valid domains, having zero DMARC policy in place acts almost like an engraved invitation for criminals to prey on consumers.
While DMARC adoption rates are still too low to consider it a victory, the silver lining is that top law firms and the SaaS 1000 are leading DMARC use among the industries we studied, as these two groups likely best understand the ramifications of unauthenticated, malicious email, both for recipients and spoofed senders. However, only 3% of the top law firm domains are at a reject policy, which is the US Department of Homeland Security’s mandate for all the .gov domains by October 2018.
If it’s required for the government’s domains…shouldn’t lawyers’ domains be held to the same security standard?
For more information on how 250ok DMARC software and services can protect your domains through responsible DMARC deployment, contact us for a demo today.
Get the details in our full report:
You may also like...
The Black Friday emails are deleted, marketers’ email lists are checked twice, we pretty much know which senders have been naughty or nice. Another year in email is coming to a close, and boy, what a ride. While most thought leaders are busy making predictions about 2019, we like to learn from the past to […]
We partnered with the smart folks at Lab42 to research what people really think about marketing email. Do they like how they look on their preferred device? Do they prioritize the same design elements you do? If you’re not aligned with your recipients, you could end up sending unwanted, unsatisfying email. You know what that […]
Can you believe it? The year 2017 is coming to a close and what a year it has been in the email ecosystem. Email’s staying power continues to flex its muscles as a dynamic channel that can adapt to the ever-changing landscape of digital marketing. This past year saw many changes, trends, and announcements that […]