Important Alert: Google and Yahoo will require DMARC starting from April 2024.
Read more

Date of analysis: 12/10/2021

Why Should Canada Consider Improving its DMARC Adoption Rate?

Since the start of the pandemic, online fraud has blown out of proportion with cybercriminals resorting to various methods of defrauding organizations, stripping them off their data, assets, and customers. Canadian organizations have also witnessed a spike in the rate of phishing attacks, BEC, ransomware attacks, and domain spoofing attempts since the viral outbreak, with more and more companies adopting remote working environments.

Now is not the time to sit idle, rather the situation calls for improving your defenses against impending attacks starting immediately!

Book a demo Download PDF

DMARC Adoption in Canada: 2021 Report

Assessing the Threat Landscape
BIMI Logo
  • In the 2020 Cyberthreat Defense Report (CDR) it came to light that 78 percent of Canadian organizations experienced at least one cyber attack within a 12-month period, all of which were successful attacks.
  • More than 70% of Canadian businesses faced Ransomware attacks between 2020-2021, making it the 6th most attacked country in the world in the past 1 year, with the average cost exceeding $400,000
  • The report also highlighted the fact that only 74% of businesses in Canada support AI-based security solutions and email authentication practices
  • Only a small percentage of Canadian companies (26%) were successful in setting up preventive measures against suspected Ransomware attacks
  • In a Data Breach Report by IBM  formulated in 2020, the average loss of financial assets dealt by Canadian organizations due to data breaches was estimated to be a whopping $4.5 million in the past 1 year
  • In between 2020-2021, 525 Canadian organizations fell prey to spear-phishing scams which led to the loss of $14.4 million in assets
  • Phishing attacks and fake email scams spiked up considerably in the COVID and post-COVID conditions

The above-mentioned statistics on ransomware, data breaches, and phishing attacks in Canada over the course of the past 1 year, raise some serious concerns:

    Graphical Analysis: Among all 140 domains examined that belong to various organizations in Canada, 126 domains (90%) possessed SPF records, out of which 14 domains (10%) had SPF records with errors. Only 74 domains (52.8%) had DMARC records out of which 3 of the domains (2.14%) contained errors. 49 domains had their DMARC policy set at none (35%), enabling monitoring only, while 22 domains (15.7%) had their DMARC policy level set at enforcement (i.e. p=quarantine/reject).

    Key Findings

    • 10% of the total domains in the Canadian energy sector possessed invalid SPF records
    • Only 25% of the total domains had DMARC at an enforcement level of p=quarantine/reject
    • No DMARC record was found in 45% of the domains

    Key Findings

    • 20% of the total domains in the Canadian Telecom sector had no SPF record published on their DNS
    • Only 10% of the total domains had DMARC at an enforcement level of p=quarantine/reject
    • While 45% of the domains had no DMARC record published on their DNS

    Key Findings

    • 85% of the domains in the Canadian Education Sector had valid SPF records published on their domain’s DNS
    • However, only 28.6% of the domains contained a DMARC record in their DNS, all of which were at monitoring only (at p=none)

    Key Findings

    • 75% of the total domains in the Canadian Healthcare sector contained valid SPF records while 15% of the total domains didn’t have any SPF record in their DNS
    • Only 15% of the domains had their DMARC record set at an enforcement level of p=quarantine/reject
    • 45% of the domains had no DMARC record published on their DNS

    Key Findings

    • 25% of the domains in the Canadian transport sector had SPF records that contained errors which rendered them invalid and ineffective
    • No DMARC record was found in the DNS of 47.4% of the domains
    • Only 15.8% of the domains were at DMARC enforcement

    Key Findings

    • 20% of the domains in the Canadian Media and Entertainment sector contained no SPF record in their domain’s DNS
    • Out of the 80% domains that contained an SPF record, 5% of the records contained errors
    • Only 5% of the domains were at DMARC enforcement

    Key Findings

    • On a positive note, 90% of the domains in the Canadian banking and finance sector had valid SPF records in place
    • However, 25% of the domains contained no DMARC record in their DNS, and a further 25% had their DMARC policy set at monitoring only

    Comparative Analysis of SPF Adoption among Different Sectors in Canada

    The SPF adoption rate was found to be the lowest among companies in the transport, healthcare, and media sector in Canada. Canadian banks were recorded to have the highest SPF adoption rate with 90% valid SPF records.

    Comparative Analysis of DMARC Adoption among Different Sectors in Canada

    55% of the banks in Canada out of the total domains analyzed had their DMARC record at monitoring only, the Telecom sector was observed to have the lowest rate of DMARC adoption with only 5% domains at DMARC enforcement. The transport and media sectors also had comparatively low rates of DMARC enforcement. The highest percentage of invalid DMARC records was observed in the Canadian energy sector. This is a low percentage of overall DMARC adoption among organizations in Canada.

    Critical Errors Organizations in Canada are Making

    On analyzing 140 Canadian domains from various sectors and industries, it is evident that organizations in Canada are making some critical errors that can jeopardize their online reputation and the safety of their clients:

    Steps to be Taken for Improving Email Security in Canada

    How can PowerDMARC Help You in this Process?

    PowerDMARC offers the world’s most comprehensive and secure email authentication solutions for companies and organizations of all sizes. Our proprietary DMARC software solution is designed to achieve a secure email ecosystem by combining the power of DMARC, DKIM, and SPF. Companies that implement DMARC in their email marketing solutions reduce spam complaints, internal emails bounces, enhance the deliverability of emails, and stay protected against phishing attacks and ransomware.

    Let’s join hands to increase the rate of  DMARC adoption and strengthen the email security infrastructure in businesses across Canada, take your free DMARC trial today! Get in touch with us at [email protected] to find out how we can help protect your domain and business today!