Important Alert: Google and Yahoo will require DMARC starting from Feb 2024.

Date of analysis: 21/07/2021

DMARC Adoption in Australia: 2021 Report

Australian businesses have lost $176.1 million to scams in 2020 alone, with 75% of these losses originating as a result of phishing attacks, which are now being deployed through fake emails. As we have been progressing into 2021, the amount of money lost from cybercrimes is only rising. Researchers have found that the financial damage from email-based attacks in Australia is predicted to grow by 46% over the next two years. Hence being prepared is not an option anymore, it is imperative!

Why Should Australia Consider Improving its DMARC Adoption Rate?

Assessing the Threat Landscape

To give a brief overview of what we are dealing with here, according to the Australian Competition and Consumer Commission’s Scamwatch, in 2020 alone businesses in Australia lost a whopping $176.1 million to cyber scams. It might come as a surprise, but the most reported type of scam was Phishing, with a steep rise in the frequency of attacks since 2019.  While Australians had reported 25,168 phishing attacks in 2019, the number of reported attacks rose to 44,084 in 2021 (up by 75%). From the findings of various surveys conducted in the past year, the most preferred delivery method for perpetuating the cyberattacks was email.

As of 2021, the huge rise in phishing schemes is a worrying trend that shows no signs of slowing. While any attack campaign can be used for any purpose, the low startup cost and high payout make it appealing to cybercriminals looking to make the most amount of money with the least amount of effort.

The above-mentioned statistics on the lack of email security in Australia raises some serious concerns:

  • What are the current situation of DMARC adoption and enforcement in organizations in Australia?

  • How can we improve the cybersecurity and email authentication infrastructure in Australia to mitigate impersonation attacks?

To gain better insight into the current scenario we analyzed 140 domains belonging to top businesses and organizations in Australia, from the following sectors:

The above-mentioned statistics on the lack of email security in Australia raises some serious concerns:

  • Energy
  • Education
  • Telecom
  • Healthcare
  • Transport
  • Banking and Finance
  • Media & Entertainment

What Do the Numbers Say?

An in-depth SPF and DMARC adoption analysis was conducted while examining all 140 domains, which led to the following revelations:

Graphical Analysis: Among all 140 domains examined that belong to various organizations in Australia, 132 domains (78.6%) possessed SPF records, out of which 22 domains (15.7%) had SPF records with errors. Only 79 domains (54%) had DMARC records out of which 6 of the domains (4.28%) contained errors. 54 domains had their DMARC policy set at none (39%), enabling monitoring only, while 25 domains (18%) had their DMARC policy level set at enforcement (i.e. p=quarantine/reject).