June 21, 2018

More than 90% of US and UK nonprofits and their email recipients are highly susceptible to fraud.

The latest installment in 250ok’s Domain-based Message Authentication, Reporting & Conformance (DMARC) adoption reports brings us some truly shocking and disturbing findings: Nearly 95% of US-based nonprofit organizations (NPOs) have no DMARC policy to protect their email recipients from fraud. We also analyzed UK-based NPOs and found they fared only marginally better, with almost 93% operating without a DMARC policy in place. Both numbers are highly troubling, considering many NPOs’ business models depend on the financial generosity of the public and directly impact the wellbeing of those in need.

For those unaware, DMARC is a sender-published policy for email messages that fail authentication, which helps prevent spoofing. Spoofing is, of course, where a bad actor impersonates your brand to spread viruses or scam consumers. For NPOs, the risk is so great because of the potential magnitude of such a breach of donors’ and volunteers’ trust.

This malicious practice is so common that in times of disaster, well-known and trusted organizations like the Red Cross issue consumer-facing warnings that the potential for fraud is elevated. However, if NPOs do not put in their own safeguards like DMARC, they’re putting the entire onus on their email recipients (who include donors, volunteers, and even those they serve) to detect and thwart attempts to steal cash, financial details, and other damaging information. Even though phishing is common practice and email recipients are wiser today than ever before, 2 in 5 US consumers still fell victim to an online phishing attack (according to a 2017 survey by DomainTools).

“The current state of NPO email authentication shows most organizations are not following recommended best practices for protecting supporters and employees from spoofing, phishing, and other known fraud tactics,” said Matthew Vernhout, director of privacy at 250ok and author of the report. “This is an incredibly risky decision, when NPOs livelihood hinges on trust and goodwill.”

If the benefit of better protecting your donors isn’t persuasive enough, not only does deploying a DMARC policy provide greater security, but some senders report a double-digit increase in email delivery and opens after deploying DMARC. Better email practices often beget better email success. While NPOs’ often operate on limited budgets, this is an investment that clearly has multiple benefits for the brand.

For more information on how 250ok DMARC software and services can protect your domains through responsible DMARC deployment, contact us for a demo today.

Get the details in our full report:


Author: Nicky Copland

Nicky is the marketing manager at 250ok. Before joining the team, she spent the majority of her time crafting and implementing communications strategies for the association industry. She was never a brain surgeon, but she played one on the internet.

You may also like...

How the top 500 internet retailers collect email sign-ups (2016).

Welcome to How The Top 500 Internet Retailers Collect Email Sign-ups (2016), an analysis of how retailers promote their programs, leverage mobile optimization, use social sign-ups, capture personal data, and more. In addition, we have shared some year-over-year trend insights compared to How The Top 500 Internet Retailers Collect Email Sign-ups (2015). Let’s dig in. Sign-up […]

How the top 500 internet retailers collect email sign-ups (2015).

We reviewed the top 500 internet retailers to analyze their email collection practices and sending habits. Check out some of the trends we discovered while analyzing over 1,000 websites owned by the internet’s top retailers.

Deliverability myth: Why you need to measure inbox placement. [INFOGRAPHIC]

It’s important to measure and compare your delivered rate to your inbox rate. What’s the difference? Let’s say your email service is reporting 90% deliverability with a 10% bounce rate. Then you run your campaign through your deliverability service and it reports the same 10% bounce/missing rate, but 72% inbox placement and 18% spam placement. Both look […]

Ready to get started?