May 15, 2018

Majority of top 100 law firms operate with ZERO DMARC policy in place.

Today 250ok published the latest in our DMARC adoption report series, DMARC Adoption Among the Top 100 Law Firms, revealing more than half (62%) of top global law firms use no DMARC policy to protect their clients and employees. While indexing higher in their DMARC usage than the SaaS 1000, global e-retailers and higher education institutions, the highly scrutinized industry’s lack of blanket adoption is a troubling security flaw.

We reviewed and analyzed 100 top-level domains controlled by the top 100 law firms as determined by 2016 revenue and found only 38% used a DMARC policy to protect their email recipients. This is higher adoption than the SaaS 1000 (35% adoption), and significantly better than top US and EU retailers (15.8%), US colleges and universities (11.2%), and top Chinese brands (4.6%). However, considering 38% is still far from even half the reviewed domains, there’s clearly more work to be done within the legal industry.

For those not in the know, DMARC is a sender-published policy for email messages that fail authentication, helping to prevent spoofing, where a malicious agent impersonates your brand to spread viruses or scam consumers. Not only does deploying a DMARC policy provide greater security, but some senders report a double-digit increase in marketing email opens after initiation.

Did you know 91% of all cyber attacks begin with a phishing email, and although these scams are widely recognized, 2 in 5 US consumers still fell victim to an online phishing attack (according to a 2017 survey by DomainTools)? It’s apparent brands dealing with sensitive information and invested stakeholders, be they clients or employees, need to ensure they’re doing all they can to protect their email recipients from harm. With malicious senders becoming more sophisticated, crafting emails that look convincing on what appear to be valid domains, having zero DMARC policy in place acts almost like an engraved invitation for criminals to prey on consumers.

While DMARC adoption rates are still too low to consider it a victory, the silver lining is that top law firms and the SaaS 1000 are leading DMARC use among the industries we studied, as these two groups likely best understand the ramifications of unauthenticated, malicious email, both for recipients and spoofed senders. However, only 3% of the top law firm domains are at a reject policy, which is the US Department of Homeland Security’s mandate for all the .gov domains by October 2018.

If it’s required for the government’s domains…shouldn’t lawyers’ domains be held to the same security standard?

For more information on how 250ok DMARC software and services can protect your domains through responsible DMARC deployment, contact us for a demo today.

Get the details in our full report:


Author: Nicky Copland

Nicky is the marketing manager at 250ok. Before joining the team, she spent the majority of her time crafting and implementing communications strategies for the association industry. She was never a brain surgeon, but she played one on the internet.

You may also like...

How the top 500 internet retailers collect email sign-ups (2016).

Welcome to How The Top 500 Internet Retailers Collect Email Sign-ups (2016), an analysis of how retailers promote their programs, leverage mobile optimization, use social sign-ups, capture personal data, and more. In addition, we have shared some year-over-year trend insights compared to How The Top 500 Internet Retailers Collect Email Sign-ups (2015). Let’s dig in. Sign-up […]

How the top 500 internet retailers collect email sign-ups (2015).

We reviewed the top 500 internet retailers to analyze their email collection practices and sending habits. Check out some of the trends we discovered while analyzing over 1,000 websites owned by the internet’s top retailers.

Deliverability myth: Why you need to measure inbox placement. [INFOGRAPHIC]

It’s important to measure and compare your delivered rate to your inbox rate. What’s the difference? Let’s say your email service is reporting 90% deliverability with a 10% bounce rate. Then you run your campaign through your deliverability service and it reports the same 10% bounce/missing rate, but 72% inbox placement and 18% spam placement. Both look […]

Ready to get started?