Date of analysis: 02/09/2024

Indonesia DMARC & MTA-STS Adoption Report 2024

Indonesia’s digital economy is growing at a remarkable rate. Digital transactions reached almost $77 billion in 2022 and are projected to hit $130 billion by 2025, making Indonesia an important player in the Southeast Asian digital landscape. The world of Indonesian startups is also blooming, ranking 6th globally in the number of startups.

Despite the promising developments in the country’s digital landscape, there are also some major challenges. Data leaks and identity have accounted for as high as 88% of cyber attacks in the past three years. According to Tech for Good Institute, “In the first half of 2023 alone, Indonesia is recorded to have experienced more than 347 million cyber attack cases, with the highest number of cases being due to ransomware incidents.” 

This article will delve into the email security challenges of Indonesia, while also aiming to provide solutions that could potentially protect the country from the next wave of cyber attacks.

Download PDF Book a Demo

Assessing the Threat Landscape

In our Indonesia DMARC and Email Authentication Adoption Report for 2024, we will address the following major concerns:

  • What’s the current state of SPF and DMARC implementation in Indonesia?

  • Is MTA-STS adoption a widespread phenomenon in the country?

  • How many domains have DNSSEC enabled?

  • What steps can Indonesia take to prevent cyber attacks?

  • What strategies can organizations in different industries employ to defend against email-based threats?

Sectors Analyzed 

In total, over 900 domains have been analyzed across 7 sectors.

  • Healthcare

  • Financial Services

  • Miscellaneous – Businesses

  • Government

  • Telecommunication

  • Transport

  • Education

What Do the Numbers Say?

Indonesia SPF Adoption Analysis

Indonesia DMARC Adoption Analysis

Indonesia MTA-STS Adoption Analysis

Indonesia DNSSEC Adoption Analysis

Sector-wise Analysis of Domains in Indonesia

Healthcare Sector

SPF Adoption Analysis

BIMI Logo

DMARC Adoption Analysis

BIMI Logo

MTA-STS Adoption Analysis

BIMI Logo

DNSSEC Adoption Analysis

BIMI Logo

Financial Services Sector

SPF Adoption Analysis

BIMI Logo

DMARC Adoption Analysis

BIMI Logo

MTA-STS Adoption Analysis

BIMI Logo

DNSSEC Adoption Analysis

BIMI Logo

Telecommunications Sector

SPF Adoption Analysis

BIMI Logo

DMARC Adoption Analysis

BIMI Logo

MTA-STS Adoption Analysis

BIMI Logo

DNSSEC Adoption Analysis

BIMI Logo

Government Sector

SPF Adoption Analysis

BIMI Logo

DMARC Adoption Analysis

BIMI Logo

MTA-STS Adoption Analysis

BIMI Logo

DNSSEC Adoption Analysis

BIMI Logo

Transport Sector

SPF Adoption Analysis

BIMI Logo

DMARC Adoption Analysis

BIMI Logo

MTA-STS Adoption Analysis

BIMI Logo

DNSSEC Adoption Analysis

BIMI Logo

Education Sector

SPF Adoption Analysis

BIMI Logo

DMARC Adoption Analysis

BIMI Logo

MTA-STS Adoption Analysis

BIMI Logo

DNSSEC Adoption Analysis

BIMI Logo

Miscellaneous Businesses

SPF Adoption Analysis

BIMI Logo

DMARC Adoption Analysis

BIMI Logo

MTA-STS Adoption Analysis

BIMI Logo

DNSSEC Adoption Analysis

BIMI Logo

Comparative Analysis of SPF Adoption among Different Sectors in Indonesia

BIMI Logo

Comparative Analysis of DMARC Adoption among Different Sectors in Indonesia

BIMI Logo

Comparative Analysis of MTA-STS Adoption among Different Sectors in Indonesia

BIMI Logo

Comparative Analysis of DNSSEC Adoption among Different Sectors in Indonesia

DMARC & MTA-STS Adoption Rates: Key Statistics

  • More than 20% of analyzed domains in Indonesia have no SPF record.

  • Less than 40% of analyzed domains in Indonesia have DMARC correctly configured. Over 60% of the country’s analyzed domains do not have a DMARC record.

  • For 95% of domains in Indonesia, DNSSEC is disabled. For sectors as important as financial services, 98.4% of domains have DNSSEC disabled.

  • Only 0.2% of domains (2 out of 900) have MTA-STS enabled.

  • Almost 70% of domains have correct SPF adoption. This is a relatively high number compared to the rest of the region.

  • Of the domains with DMARC implemented, only 7.89% have the most strict and secure (i.e. “reject”) policy in place.

Critical Errors Organizations in Indonesia Are Making

  • While correct SPF adoption rates are rather high across different sectors, the no SPF record percentage is not very low at 23.1%.

  • Most domains in the country either do not have a DMARC record or have incorrect DMARC configurations.

  • DNSSEC adoption is concerningly low, implying vulnerability against DNS-based attacks.

  • MTA-STS adoption is also significantly low for all domains, be it in healthcare, government, financial services, or any other sector.

  • Permissive DMARC policies are commonplace in Indonesia, especially in the transport and government sectors.

How Can Organizations in Indonesia Improve Email Security & Deliverability?

If you’re looking for ways to improve email security and deliverability in Indonesia, consider the following:

  • Pay particular attention to DNSSEC adoption to safeguard your business from DNS-based attacks.

  • Make sure MTA-STS is enabled for all sectors in Indonesia.

  • Replace permissive policies (e.g. p=none) with stricter p=reject DMARC policies to enhance safety.

  • As Indonesia’s startup scene is growing at an unprecedented speed, ensure maximum accuracy when adopting important policies and protocols such as DMARC and SPF in the business sector. 

  • Make sure you have a detailed and comprehensive DMARC record for all sectors.

How Can PowerDMARC Help?

PowerDMARC is a full-stack email authentication SaaS platform ideal for businesses of all sizes, MSPs, MSSPs, governments, and non-profits. We incorporate all relevant domain security and email authentication protocols like DMARC, SPF, DKIM, BIMI, MTA-STS, and TLS-RPT into a single centralized, easy-to-navigate platform. The objective of our initiative is simple and straightforward — we aim to help organizations combat phishing attacks, spoofing, domain abuse, ransomware, and all other forms of unauthorized use without breaking the bank.

Organizations in Indonesia and Southeast Asia looking to enhance their email security and deliverability efforts can contact us at [email protected] to get the necessary support addressing the challenges highlighted in this report and beyond.

secure email powerdmarcReady to prevent brand abuse, scams and gain full insight on your email channel?

Start 15-day trial Book a demo