Report: Less than 5% of public companies use the latest email security standards

Were you unable to attend Transform 2022? Check out all of the summit sessions in our on-demand library now! Watch here.

Every year, phishing becomes more entrenched as the most prevalent form of cyberattack. In the first quarter of 2022, the Anti-Phishing Working Group observed the most phishing attacks in history, as the quarterly volume of attacks exceeded 1 million for the first time.

Despite this, organizations around the world already have two secret weapons to help stem the tide: DMARC and BIMI. DMARC (domain-based message authentication, reporting and conformance) is an email security standard that protects domains against exact impersonation by hackers, which is a precursor to the majority of phishing attacks. BIMI (brand indicators for message identification) builds on DMARC by showing a company’s registered trademark in a recipient’s inbox, establishing visual trust that the email message is truly from the sender.

There’s a solution — why is there still a problem?

Given the significant promise that DMARC with BIMI holds in stopping phishing attacks, the natural question is, why is the volume of attacks and the damage they inflict increasing?

To answer this question, Red Sift conducted a comprehensive study to understand the state of BIMI readiness and implementation across domains, enterprises and brands. Using proprietary data from BIMI Radar, it found that while more than half (51.2%) of S&P 500 companies have adopted DMARC (i.e., are “BIMI ready”), only 2.4% have fully adopted BIMI. Among Fortune 500 companies, the numbers are about the same (49.9% are BIMI ready vs. 3.2% at full BIMI adoption).


MetaBeat 2022

MetaBeat will bring together thought leaders to give guidance on how metaverse technology will transform the way all industries communicate and do business on October 4 in San Francisco, CA.

Register Here

Image source: Red Sift.

While this data shows that most organizations around the world have yet to reach the last mile of BIMI adoption, Apple’s support in iOS 16 represents a seismic shift that signals rapid growth ahead. In September, Apple joined Google, Yahoo, La Poste and Fastmail as the major mail providers supporting BIMI. As a result, it will be possible for almost 90% consumers to gain the visual trust mentioned above by viewing logos in emails natively in iOS 16 and macOS Ventura from organizations that have implemented DMARC to secure their domains.

Adoption of VMCs to be completely BIMI ready

While it’s logical to conclude that the largest companies will make more substantial investments in DMARC as part of a comprehensive security strategy, a massive gap still exists between BIMI readiness and full implementation.

To completely take advantage of the benefits of BIMI logo display in email clients, companies must obtain a verified mark certificate (VMC) from an approved certificate authority such as Entrust for their primary/corporate domain.

Red Sift is now seeing more evidence that businesses are following suit as VMC adoption is now outpacing BIMI alone. This shows that they care about the security benefit of BIMI through DMARC above and beyond the benefits to a brand. Interestingly, more than 50% of VMCs are issued to companies with less than $50 million in revenue and less than 250 employees.

Read the full report from Red Sift.

VentureBeat’s mission is to be a digital town square for technical decision-makers to gain knowledge about transformative enterprise technology and transact. Discover our Briefings.