With an expected record-breaking holiday shopping season around the corner, we thought we’d take a look at DMARC adoption trends among the top 100 international retailers based on revenue.

Here’s what we found:  

  • 44% had no DMARC record
  • 31% had a DMARC record with a p=none policy
  • 20% had a DMARC record with a p=reject policy
  • 5% had a DMARC record with a p=quarantine policy

We were glad to discover that the majority, albeit a slim one, of the world’s top retailers have a DMARC policy in place on their main domains. Most are at a DMARC policy of p=none, which allows domain owners to observe who is sending email on their domains and typically signifies the initiation of a DMARC project. The problem with a p=none DMARC policy is this: it has the potential to expose customers, employees, and other stakeholders to email fraud. 

On the other end of the DMARC spectrum, 25% of the retailers in our research have domains that are protected with a DMARC enforcement policy at p=reject or p=quarantine; these policies stop criminals from using those domains for phishing attacks.

Retail remains a top phishing and ransomware target for cyber criminals; as with other sectors, brand impersonation via phishing is the preferred method of attack.

“The number of recent phishing attacks has more than doubled since early 2020, when APWG was observing between 68,000 and 94,000 attacks per month. APWG saw 260,642 attacks in July 2021, which was the highest monthly attack count recorded in APWG’s reporting history.”

The Anti-Phishing Working Group (APWG) Phishing Activity Trends Reporthttps://apwg.org/trendsreport

Phishing isn’t slowing down, and during the busiest online and in-person shopping season, retailers need to enable email authentication as part of their outbound email marketing strategies. Cyber criminals follow the money and know when to strike. 

The holiday season is prime time for retailers large and small to assess their domain security with internal IT staff or with third-party managed service providers. The National Retail Federation realizes that “loss of data is particularly potent for retailers, as their reputations and revenue can be impacted by a cyberattack.” 

When a crook successfully impersonates a brand through a phishing exploit, customers lose trust and the brand’s reputation is tarnished. A 2020 Cisco study found that 26% of customers stopped doing business with retailers because of data privacy concerns. 

Wouldn’t it be best to know that your customers can trust the email communications they receive from you?

Take a look at DMARC adoption rates for other sectors

During the coming weeks, remember to shop safely and responsibly.  

If you’re a domain owner and aren’t authenticating and trust-proofing your email streams with DMARC, let us know and we can help. If you’d like to get started right away, register for a trial at no cost and no commitment and our team of analysts will help you along the way.

Want to continue the conversation? Head over to the dmarcian Forum