In fact, nearly six in ten of the SGX top 200 companies have no DMARC protocol in place at all, with the majority of these being Real Estate Investment Trusts (REITs).
This lack of protection against email fraud means exposing countless parties to imposter emails and business email compromises. Those attacks are designed to trick victims into thinking they received an email from an organisation leader like the CEO or CFO asking them to transfer funds, release sensitive or personally identifiable information, or hand over their credentials.
“Without a DMARC policy, companies are basically leaving the doors to their sensitive information wide open for hackers and cyber criminals to exploit and are also putting anyone they work with – from employees, to clients, and partners – at risk,” says Alex Lei, senior vice president for Asia Pacific and Japan at Proofpoint.
He continues: “Implementing DMARC email authentication protocols is akin to having your passport checked at an airport – ensuring your identity matches who you say you are and that you have the necessary travel visas required.”
See also: Singtel to start commercialising an AI-enabled Home WiFi Gateway
“In a similar way, DMARC allows organisations to ensure that only legitimate senders are using their trusted domains to message employees, customers, and business partners to prevent email fraud and domain spoofing.”
DMARC is an open email authentication protocol designed to protect domain names from being misused by cybercriminals. It authenticates the sender's identity before allowing the message to reach its intended recipient.
Organisations using a DMARC protocol can implement three levels of policy for unqualified emails attempting to spoof their domains:
- Monitor -- Allows unqualified emails to go to the recipient's inbox or other folders
- Quarantine -- Directs unqualified emails to go to the junk or spam folder
- Reject (the highest level of protection) -- Blocks unqualified emails from getting to the recipient.
