May 15, 2018

Majority of top 100 law firms operate with ZERO DMARC policy in place.

Today 250ok published the latest in our DMARC adoption report series, DMARC Adoption Among the Top 100 Law Firms, revealing more than half (62%) of top global law firms use no DMARC policy to protect their clients and employees. While indexing higher in their DMARC usage than the SaaS 1000, global e-retailers and higher education institutions, the highly scrutinized industry’s lack of blanket adoption is a troubling security flaw.

We reviewed and analyzed 100 top-level domains controlled by the top 100 law firms as determined by 2016 revenue and found only 38% used a DMARC policy to protect their email recipients. This is higher adoption than the SaaS 1000 (35% adoption), and significantly better than top US and EU retailers (15.8%), US colleges and universities (11.2%), and top Chinese brands (4.6%). However, considering 38% is still far from even half the reviewed domains, there’s clearly more work to be done within the legal industry.

For those not in the know, DMARC is a sender-published policy for email messages that fail authentication, helping to prevent spoofing, where a malicious agent impersonates your brand to spread viruses or scam consumers. Not only does deploying a DMARC policy provide greater security, but some senders report a double-digit increase in marketing email opens after initiation.

Did you know 91% of all cyber attacks begin with a phishing email, and although these scams are widely recognized, 2 in 5 US consumers still fell victim to an online phishing attack (according to a 2017 survey by DomainTools)? It’s apparent brands dealing with sensitive information and invested stakeholders, be they clients or employees, need to ensure they’re doing all they can to protect their email recipients from harm. With malicious senders becoming more sophisticated, crafting emails that look convincing on what appear to be valid domains, having zero DMARC policy in place acts almost like an engraved invitation for criminals to prey on consumers.

While DMARC adoption rates are still too low to consider it a victory, the silver lining is that top law firms and the SaaS 1000 are leading DMARC use among the industries we studied, as these two groups likely best understand the ramifications of unauthenticated, malicious email, both for recipients and spoofed senders. However, only 3% of the top law firm domains are at a reject policy, which is the US Department of Homeland Security’s mandate for all the .gov domains by October 2018.

If it’s required for the government’s domains…shouldn’t lawyers’ domains be held to the same security standard?

For more information on how 250ok DMARC software and services can protect your domains through responsible DMARC deployment, contact us for a demo today.

Get the details in our full report:


Author: Nicky Copland

Nicky is the senior marketing manager at 250ok. Before joining the team, she spent the majority of her time crafting and implementing communications strategies for the association industry. She was never a brain surgeon, but she played one on the internet.

You may also like...

The Year in Email 2019

It’s hard to believe we are nearing the end of yet another exciting year in email, and 2019 proved to be one of the most momentous and active years to date. Over the past year, the number of new technologies, mergers and acquisitions, mailbox provider (MBP) announcements, news, and highlights is evidence of the versatility […]

[Infographic] Global Privacy Relationship Status: It’s Complicated

I recently gave a presentation on global privacy regulations to a post-graduate marketing class and one of the things I noticed while preparing was that even within a single country, privacy is complicated. On a global scale, it is really complicated. For example, Canada has one federal private sector privacy law, three similar provincial laws, […]

The Year in Email 2018

*Update: This article was featured on email influencer Jordie van Rijn’s emailmonday blog! To see it in action, plus a great round-up of other articles and thought leadership looking forward to the future of email, click here.* The Black Friday emails are deleted, marketers’ email lists are checked twice, we pretty much know which senders […]

Ready to get started?