May 15, 2018
Majority of top 100 law firms operate with ZERO DMARC policy in place.
Today 250ok published the latest in our DMARC adoption report series, DMARC Adoption Among the Top 100 Law Firms, revealing more than half (62%) of top global law firms use no DMARC policy to protect their clients and employees. While indexing higher in their DMARC usage than the SaaS 1000, global e-retailers and higher education institutions, the highly scrutinized industry’s lack of blanket adoption is a troubling security flaw.
We reviewed and analyzed 100 top-level domains controlled by the top 100 law firms as determined by 2016 revenue and found only 38% used a DMARC policy to protect their email recipients. This is higher adoption than the SaaS 1000 (35% adoption), and significantly better than top US and EU retailers (15.8%), US colleges and universities (11.2%), and top Chinese brands (4.6%). However, considering 38% is still far from even half the reviewed domains, there’s clearly more work to be done within the legal industry.
For those not in the know, DMARC is a sender-published policy for email messages that fail authentication, helping to prevent spoofing, where a malicious agent impersonates your brand to spread viruses or scam consumers. Not only does deploying a DMARC policy provide greater security, but some senders report a double-digit increase in marketing email opens after initiation.
Did you know 91% of all cyber attacks begin with a phishing email, and although these scams are widely recognized, 2 in 5 US consumers still fell victim to an online phishing attack (according to a 2017 survey by DomainTools)? It’s apparent brands dealing with sensitive information and invested stakeholders, be they clients or employees, need to ensure they’re doing all they can to protect their email recipients from harm. With malicious senders becoming more sophisticated, crafting emails that look convincing on what appear to be valid domains, having zero DMARC policy in place acts almost like an engraved invitation for criminals to prey on consumers.
While DMARC adoption rates are still too low to consider it a victory, the silver lining is that top law firms and the SaaS 1000 are leading DMARC use among the industries we studied, as these two groups likely best understand the ramifications of unauthenticated, malicious email, both for recipients and spoofed senders. However, only 3% of the top law firm domains are at a reject policy, which is the US Department of Homeland Security’s mandate for all the .gov domains by October 2018.
If it’s required for the government’s domains…shouldn’t lawyers’ domains be held to the same security standard?
For more information on how 250ok DMARC software and services can protect your domains through responsible DMARC deployment, contact us for a demo today.
Get the details in our full report:
You may also like...
Can you believe it? The year 2017 is coming to a close and what a year it has been in the email ecosystem. Email’s staying power continues to flex its muscles as a dynamic channel that can adapt to the ever-changing landscape of digital marketing. This past year saw many changes, trends, and announcements that […]
We’re back for year three of How the Top 500 Internet Retailers Collect Email Sign-ups (2017), where we analyze the email sign-up process of retailers, including how they incentivized sign-ups, what personal data they collected, and more. Included in this blog will be trend comparison over last year’s How the Top 500 Internet Retailers Collect […]
Welcome to 250ok’s Top 100 Retailers’ Black Friday & Cyber Monday Email Experience (2016). This blog is a collection of data and insights from around the industry and from our survey of the Top 100 Retailers. Forget the turkey, shoppers went FULL HAM during 2016’s Black Friday and Cyber Monday, spending $12.8 billion online in the US […]