A Chilling Look: DMARC Adoption among the World’s Candy Giants
Halloween is creeping up again—a season of haunted houses, eerie costumes and, of course, mountains of candy. To mark the occasion, we’re taking a look at DMARC adoption among the world’s top 100 candy manufacturers based on revenue.
The results were, well, chilling—over half of the confectioners’ domains lack a proper DMARC record or an enforcement policy of p=quarantine or p=reject. These domains could be leveraged for phishing and domain spoofing.
- 43% had no DMARC record or contained errors
- 23% had a DMARC record with a p=none policy
- 22% had a DMARC record with a p=reject policy
- 12% had a DMARC record with a p=quarantine policy
The sweet news is that since we last studied the top 100 confectioners in 2021, candy makers have improved their DMARC disposition. We saw a 30% decrease in domains that lack a DMARC record and wonder if the new bulk sender requirements had a hand in that reduction. We also saw an increase in policy enforcement with a 144% increase in p=reject, the ultimate policy state for a domain, and a 100% increase in domains at p=quarantine.
A Cautionary Tale from the Candy Industry
Phishing continues to be the top cybersecurity threat for organizations, and even the Willy Wonkas of the world aren’t exempt.
Earlier this year, a family-owned candy company that’s been churning out sweets for over 150 years was the victim of a ransomware attack delivered by email. The malicious payload crippled operational systems, production systems were offline, and criminals accessed servers containing PII like human resources and contract data.
There were no smashed windows or broken locks in cyberspace, but signs pointed to a phishing email or stolen password as the culprit. We would later learn that 76% of cyberattacks on food manufacturers begin with phishing emails, and I wouldn’t be surprised if we became part of that statistic.
—Ganong Bros.
Trick or Treat? It’s Time to Unmask Your Email Traffic
When deploying DMARC, don’t leave any domains, especially parked domains, lurking in the shadows. With DMARC enforced across an organization’s entire domain portfolio, deployment itself becomes much easier because there is organizational visibility, and managers get new tools to ensure all email is being sent in compliance with the organization’s standards.
Cybersecurity is an ever-evolving challenge for organizations large and small. There’s no one spell solution to magically address all elements in the threat landscape, so a layered approach is necessary. With such an approach, you can ensure that your defense controls and procedures are complementary and cover your organization’s systems and assets. DMARC is the email security bedrock that provides visibility into your domain use and lets you control who and what sends email on behalf of your domains.
Take a look at DMARC adoption rates for other sectors
Ready to face what’s hiding behind your domain?
dmarcian helps organizations achieve DMARC compliance with an enforced p=reject policy. Our team of security experts and a mission of making email and the internet less spooky through domain security, we’re here to help people implement and manage DMARC for the long haul. Our onboarding and support team will help you along the way.
Want to continue the conversation? Head over to the dmarcian Forum.
