Date of analysis: 20/05/2024

DMARC & MTA-STS Adoption in Switzerland: 2024 Report

Email authentication has emerged as a frontier player in email security in 2024. Major email service and inbox providers like Google and Yahoo recently upgraded their mandatory sender requirements – making email authentication implementation compulsory for both non-promotional and promotional emails. But why this sudden revolution? 

Email fraud is on the rise. Phishing and spoofing attacks have become more rampant than before with an estimated 3.4 billion scam emails being sent by cybercriminals every day! To protect yourself and your customers from malicious emails, authentication is a must.

Analyzing DMARC statistics highlights how these protocols protect organizations by preventing unauthorized email use and providing detailed reporting for better visibility.

DMARC (Domain-based Message Authentication, Reporting, and Conformance) is an email authentication protocol designed to give email domain owners the ability to protect their domain from unauthorized use, spoofing, and phishing attacks. You can set up your DMARC policy to reject unauthorized emails and even enable reporting to gain visibility on email channels, sending sources, and authentication results. 

The MTA-STS (Mail Transfer Agent Strict Transport Security)  protocol is designed to improve the security of email communications by enforcing the use of Transport Layer Security (TLS) during email transmission. It helps protect email traffic from passive eavesdropping and active man-in-the-middle attacks.

Assessing the Threat Landscape

With the global surge in email-based threats, Switzerland is increasingly at risk. The rapid advancement of technology, particularly with the introduction of AI, has increased the potential for cybercrime worldwide. These technological innovations, while beneficial in many ways, have also created new vulnerabilities that cybercriminals are quick to exploit. 

Switzerland, much like other nations, is experiencing a significant uptick in cyber threats, making it important for organizations and governments to strengthen their cybersecurity posture. Organizations should now take a proactive approach to safeguarding sensitive information and maintaining the authenticity of email communications.

According to an article published on Swissinfo.ch, in 2023, the federal office handled 187,000 reports through the antiphishing.ch website and took down 8,223 phishing websites in Switzerland.

Furthermore, the Swiss National Cyber Security Centre’s (NCSC) 2023 Anti-Phishing Report analyzed 10,000+ phishing websites impersonating brand names, out of which more than 60% were found to be Swiss brands. NCSC evidentiated how cybercrime almost doubled in Switzerland between 2022 and 2023, causing significant reason for alarm.

In our Switzerland DMARC and Email Authentication Adoption Report for 2024, we will address the following major concerns:

  • What is the current situation of SPF and DMARC adoption and enforcement in organizations in Switzerland?

  • What is the current status of MTA-STS adoption among organizations in Switzerland?

  • What is the rate of DNSSEC enablement among Swiss organizations?

  • How can we improve ‌the cybersecurity and email authentication infrastructure in Switzerland to prevent impersonation attacks?

  • Which industry sectors in Switzerland are the most vulnerable to email phishing and other cyberattacks?

  • How can organizations mitigate email-based threats?

To gain better insight into the current scenario we analyzed 1103 domains belonging to top businesses and organizations in Switzerland, from the following sectors:

What Do the Numbers Say?

An in-depth SPF, DMARC, MTA-STS, and DNSSEC adoption analysis was conducted while examining all 1103 Swiss domains, which led to the following revelations:

Graphical Analysis: Among all 1103 domains examined that belong to various organizations in Switzerland, 730 domains (66.2%) possessed correct SPF records, while 351 domains (31.8%) unfortunately had no SPF records at all. 487 domains (44.2%) had correct DMARC records, while 6 of the domains (0.5%) had DMARC records that contained errors. A vast majority of domains (610 domains making up 55.3%) had no DMARC record found. 264 domains had their DMARC policy set at none (23.9%), enabling monitoring only, while 117 domains (10.7%) had their DMARC policy ‌set at quarantine, and 106 domains (9.6%) had their DMARC policy set at maximum enforcement (i.e. p=reject)

Sector-wise Analysis of Domains in Switzerland

Fitness Sector

Key Findings

  • All examined domains (100%) had correct SPF records
  • All of the domains had their DMARC policy set at p=none offering no protection
  • MTA-STS and DNSSEC were not implemented for any of the domains in the fitness sector

Healthcare Sector

Key Findings

  • 34.8% of domains had no SPF record 
  • 23.8% of the domains had their DMARC policy set at p=none
  • No DMARC record was found for 59.7% of the domains
  • None of the domains in the Swiss Healthcare sector had MTA-STS implemented
  • DNSSEC was disabled for 81.2% of the domains

Media Sector

Key Findings

  • 48.6% of domains had no SPF record 
  • 27.0% of the domains had their DMARC policy set at p=none
  • No DMARC record was found for 65.0% of the domains 
  • MTA-STS wasn’t enabled for any of the examined domains 
  • DNSSEC was disabled for 91.9% of the domains

Government Sector

Key Findings

  • 10% of domains had no SPF record 
  • 27.1% of the domains had their DMARC policy set at p=none
  • No DMARC record was found for 51.4% of the domains 
  • 97.1% of the domains didn’t have MTA-STS implemented for them 
  • DNSSEC was also disabled for 87.1% of the domains in this sector

Telecom Sector

Key Findings

  • 35.9% of domains had no SPF record 
  • 16.6% of the domains had their DMARC policy set at p=none
  • No DMARC record was found for 60.8% of the domains 
  • 99.5% of the domains did not have MTA-STS implementation
  • 80.6% of the domains had DNSSEC disabled

Job Boards

Key Findings

  • All domains examined in the Swiss Job Board sector had SPF enabled
  • 33.3% of the domains had their DMARC policy set at p=none
  • No DMARC record was found for 33.3% of the domains 
  • MTA-STS was not enabled for any of the domains in this sector
  • DNSSEC was disabled for 33.3% of the domains

Transport Sector

Key Findings

  • 33.1% of domains had no SPF record 
  • 17.7% of the domains had their DMARC policy set at p=none
  • No DMARC record was found for 62.9% of the domains 
  • 96% of the domains did not have MTA-STS enabled 
  • DNSSEC was disabled for 78.9% of the domains

Miscellaneous Businesses

Key Findings

  • 18.3% of domains had no SPF record 
  • 21.1% of the domains had their DMARC policy set at p=none
  • No DMARC record was found for 37.3% of the domains 
  • 97.2% of the domains did not have MTA-STS enabled with 0.7% still in Testing mode
  • 90.1% of the domains had DNSSEC disabled

Banking Sector

Key Findings

  • 11% of domains had no SPF record 
  • 54.9% of the domains had their DMARC policy set at p=none
  • No DMARC record was found for 27.5% of the domains 
  • 98.9% of the domain did not have MTA-STS enabled 
  • DNSSEC was disabled for 82.4% of the domains in this sector

Education Sector

Key Findings

  • 49.1% of domains had no SPF record 
  • 20.5% of the domains had their DMARC policy set at p=none
  • No DMARC record was found for 64.3% of the domains 
  • None of the domains examined had MTA-STS implemented 
  • DNSSEC was also disabled for 80.4% of the domains analyzed

Comparative Analysis of SPF Adoption among Different Sectors in Switzerland

The SPF adoption rate was found to be the lowest in Switzerland’s Education and Media sectors. The highest rate of SPF adoption was noted in the Switzerland Government, Banking, Job Board, and Fitness sectors.

Comparative Analysis of DMARC Adoption among Different Sectors in Switzerland

Switzerland’s Education, Media, and Transport sectors noted low rates of DMARC adoption. The highest rate of DMARC adoption was noted in the Swiss Fitness and Banking sectors. A large percentage of organizations in all sectors had “none” DMARC policy implemented.

Comparative Analysis of MTA-STS Adoption among Different Sectors in Switzerland

An average of 89.97%.of the domains in Switzerland among the 1103 domains analyzed, did not have MTA-STS implemented.

Comparative Analysis of DNSSEC Adoption among Different Sectors in Switzerland

An average of 80.69%.of the domains in Switzerland among the 1103 domains analyzed, had DNSSEC disabled for them.

Critical Errors Organizations in Switzerland Are Making

After reviewing 1103 domains across different sectors and industries in Switzerland, we identified significant errors that Swiss organizations and governments were making that were leaving them potentially vulnerable to exploits.

How Can Organizations in Switzerland Improve Email Security?

How Can We Help You in this Process

Ensuring the security of your emails is paramount for organizations of all sizes. We understand the importance of safeguarding your communications from cyber threats. That’s why we offer a comprehensive suite of email and domain security solutions tailored to meet your organization’s needs.

Let’s join hands to increase the rate of DMARC adoption and strengthen the email security infrastructure in businesses across Switzerland. Get in touch with us at [email protected] to find out how we can help protect your domain and business today!