Market Overview

Report Reveals e-Retail and Other Major Industries Worldwide Are High-Risk for Phishing Attacks


Study produced by 250ok analyzed DMARC adoption of nearly 17,000
domains across the retail, higher education, software-as-a-service, law
and non-profit industries worldwide

New research released today by 250ok, a leader in advanced email
analytics for Domain-based Message Authentication, Reporting and
Conformance (DMARC),
deliverability, design and engagement, reveals none of the industries
reviewed have achieved majority DMARC adoption, leaving email recipients
and others at risk of harmful email attacks.

Chinese brands are the worst offenders, as more than 95 percent of the
top 100 most valuable Chinese brands have no DMARC policy in place. US
and EU e-retailers fared marginally better, with 84.4% without a DMARC
policy. Still, this means more than three-quarters of e-retailers
studied leave their email and their customers at risk.

Of the industries studied within the United States, nonprofits saw the
lowest DMARC adoption, as 94.2 percent of US nonprofits have no DMARC
policy in place.

Law firms, the "leading" industry studied, still has only a 38 percent
adoption rate. Software-as-a-service companies followed as a close
second, with a 35 percent adoption rate.

DMARC is considered the industry standard for email validation to
prevent attacks in which malicious third parties send harmful email
using a counterfeit address.

"In the months since US Department of Homeland Security mandated that
all federal agencies should achieve a DMARC Reject Policy on all
domains, we expected enterprises and NGOs to take the same steps to
protect consumers," said Matthew Vernhout, director of privacy at 250ok.
"By failing to implement DMARC, negligent brands worldwide are putting
themselves and their customers directly in harm's way."

A DMARC reject policy protects recipients by requesting the malicious
email be blocked from landing in the inbox, while a quarantine policy
requests it's moved to a spam or similar folder, while a none policy
allows the email to continue to the inbox.

To produce the report, Multi-Industry DMARC Adoption 2018, 250ok
studied publicly-available DNS records of nearly 17,000 domains
operated by the following:

  • Top 100 Chinese brands by revenue
  • Top 1,000 US e-retailers by revenue
  • Top 500 EU e-retailers by revenue
  • Top accredited US, EU and Canadian colleges and universities by
  • Top 1,000 fastest-growing Software-as-a-Service companies worldwide
  • Top 100 law firms worldwide by revenue
  • US nonprofits with 25 employees or more

To view the full report, visit

About 250ok

250ok focuses on advanced email analytics, insight and deliverability
technology to power a large and growing number of businesses, ranging
from clients like eHarmony, Furniture Row and Pinterest, who depend on
250ok to cut through big data noise and provide actionable, real-time
analytics to maximize email performance. For more information, visit

View Comments and Join the Discussion!