Cyber group releases tool to track use of email security protocol

A cybersecurity group has released a new tool to help companies track if they’ve implemented domain-based message authentication, reporting and conformance (DMARC), a security tool aimed at preventing fake or “spoof” emails being sent from legitimate accounts.

The Global Cyber Alliance (GCA) unveiled the GCA DMARC Leaderboard on Monday, aimed at tracking where the DMARC policy is currently being utilized. The tool was launched during a symposium co-hosted by GCA and the Cybersecurity Tech Accord, according to a release.

The tool shows that the U.S. is a leader in DMARC implementation, with 1,235 domains having adopted the practice. The United Kingdom is recorded with the largest number of participating domains at 2,351.

ADVERTISEMENT

Many major email services like Gmail and Microsoft already include the protocol for their accounts, but the government and private businesses are still behind in implementing the practice, according to the release.

“The GCA DMARC Leaderboard offers a way to compare countries, sectors and companies as to their progress in deploying email spoofing protections, and we hope it helps lead to universal adoption of DMARC,” Philip Reitinger, the president and CEO of GCA, said in a statement. “Using DMARC to prevent email domain spoofing is essential as an anti-phishing measure. ”

This new tool is released roughly a month after the Department of Homeland Security-mandated deadline for federal agencies to adopt DMARC for their domains, helping to block the spoof emails being sent from the addresses that could be used in phishing campaigns.

Security firms released varying numbers at the time of the October deadline: Cybersecurity firm Proofpoint found that 26 percent of government domains failed to meet the deadline, while cyber firm Agari said 85 percent of federal domains had adopted DMARC.