New research has emphasized a lack of awareness and willingness to change security policies, as almost a third of decision-makers refuse to comply with the latest Google and Yahoo measures
Delaware, USA, 27th March 2024—Google and Yahoo’s recent implementation of email security measures has failed to influence the actions of many IT decision-makers, according to new research from EasyDMARC. The study found that, despite the email providers warning customers that failure to implement the DMARC security standard could lead to diminishing email deliverability, only 37% of IT decision-makers have rolled out the security measure.
The study investigated the awareness and uptake of email authentication protocols following the rollout and the opinions of IT decision-makers on the effectiveness of the suggested changes.
High confidence in email security despite poor uptake
Out of the 1,000 respondents across the US, UK, Europe, and Oceania, there was a high confidence level in the strength of current email protection measures. 81% of respondents stated they were confident in their organization’s email security measures to protect against phishing and other cybersecurity attacks.
Despite high confidence in email security postures, only 14% claimed to be ‘very familiar’ with email authentication protocols like SPF, DKIM, and DMARC, with a further 33% describing themselves as ‘somewhat familiar.’ 30% said they had heard of the measures but were not familiar with them, and almost a quarter (23%) were not familiar at all.
When asked if their organization had implemented email protections, less than 4 in 10 (37%) stated DMARC was operational. Almost as many (34%) weren’t even aware of their organization’s use of email security policies.
Opinions of the Google and Yahoo changes
The EasyDMARC study found that only 29% of respondents were aware of the changes to email authentication being implemented by Google and Yahoo.
The proposed DMARC changes jointly announced by Google and Yahoo initially apply to bulk senders sending more than 5,000 emails daily. Email senders must authenticate their emails with SPF, DKIM, and DMARC to reduce spam and phishing attempts. DMARC protocols, first published in 2012, allow senders to dictate the handling of emails that don’t pass authentication checks, specifying actions such as directing them to the junk folder or outright rejecting them. Organizations that don’t keep up with the changes risk their emails not reaching their intended recipients’ inboxes.
When asked about the impact of the recent changes and whether IT decision-makers will use them as an opportunity to change their internal email authentication policy, there was a disconnect. Despite poor uptake, 95% of respondents felt the changes were a good idea, and 98% expected them to have at least a ‘somewhat significant’ impact on reducing spam and improving business email operations. Similarly, a vast majority (82%) felt that email service providers were primarily responsible for email security.
The impacts on email security policy
When it came to implementing DMARC protocols, decision-makers were less confident. While 40% stated they would probably, and 19% said they would definitely consider implementing email authentication once they learned about the new changes, just under a third (30%) stated they don’t think the changes impacted them or would lead to changes in policy.
For over 1 in 5 (22%) IT decision-makers, not even a decline in email deliverability in the months following the DMARC changes would be enough to influence their organization to implement email authentication. This suggests that while the vast majority of individuals support the new rules, a sizeable minority of organizations are still unlikely to respond.
Gerasim Hovhannisyan, CEO of EasyDMARC, responded to the research, saying: “While it’s encouraging to see a substantial consensus among IT professionals regarding the potential impact of these standards, the disparity between recognition and implementation underscores a crucial area for improvement.”
“DMARC protocols represent an unequivocal step forward in enhancing email security, but if not understood or implemented, they could also have important implications for business revenue. It’s crucial for email providers to ramp up efforts to raise awareness about these changes and emphasize the potential risks businesses face by not adhering to evolving cybersecurity standards.”
About EasyDMARC
EasyDMARC is a cloud-native B2B SaaS to solve email security and deliverability problems in just a few clicks. With advanced tools, such as its AI-powered DMARC Report Analyser, DMARC, SPF, DKIM cloud management solutions, and email source reputation monitoring, EasyDMARC’s platform helps customers stay safe and maintain the “health” of their domains without risk.
With offices in the US, Netherlands, and Armenia, the company delivers the most comprehensive platform for anyone who strives to build the best possible defense for their email ecosystem. EasyDMARC ultimately provides peace of mind, enabling clients to focus on achieving their business objectives rather than dealing with the worries and concerns associated with cybersecurity.
We’re glad you joined EasyDMARC newsletter! Get ready for valuable email security knowledge every week.
You’re already subscribed to EasyDMARC newsletter. Continue learning more about email security with us