Date of analysis: 02/09/2024

Laos DMARC & MTA-STS Adoption Report 2024

Similar to many other developing states in Southeast Asia, Laos has numerous cybersecurity challenges that require immediate attention. Laos is taking important steps toward enhanced cybersecurity, investing in establishing LaoCERT, the National Computer Incident Response Team for Laos, and putting significant efforts into training local cybersecurity personnel. 

However, much more can be done in accordance with the continuous growth of digital infrastructure in Laos. In fact, the cybersecurity market revenues in Laos are projected to grow by 9.30% annually until 2029, implying further expansion of its digital infrastructure and, consequently, a potential rise in the number of cyber attacks. PowerDMARC’s team of cybersecurity experts is well aware of the potential implications of digital growth and the importance of firm cybersecurity infrastructure in this context. 

Therefore, we have decided to examine the threat landscape in Laos to identify current mistakes and misconfigurations for a stronger and better digital future in Laos. In our case study, you will find key statistics related to SPF, DMARC, MTA-STS, and DNSSEC adoption rates, as well as key recommendations to enhance the cybersecurity framework in Laos. 

Download PDF Book a Demo

A Brief Overview of Email Authentication & Why It’s Important


DMARC

DMARC (Domain-based Message Authentication, Reporting & Conformance) is an email authentication protocol that, by expanding on SPF and DKIM, helps prevent email spoofing and phishing attacks.


SPF

Sender Policy Framework (SPF) is designed to verify the validity and safety of emails by enabling domain owners to filter which mail servers are valid and authorized to send emails from their domain.


MTA-STS

Mail Transfer Agent Strict Transport Security (MTA-STS) makes TLS encryption mandatory for inbound emails, ensuring secure email transmission over an encrypted SMTP connection.

Assessing the Threat Landscape

Sectors Analyzed 

Total domains analyzed: 1532

  • Healthcare

  • Media

  • Government

  • Transport

  • Education

Transport

SPF Adoption

BIMI Logo

DMARC Adoption

BIMI Logo

MTA-STS Adoption

BIMI Logo

DNSSEC Adoption

BIMI Logo

Comparative Analysis Among Different Sectors

Comparative Analysis of SPF Adoption among Different Sectors in Laos

BIMI Logo

Comparative Analysis of DMARC Adoption among Different Sectors in Laos

BIMI Logo

Comparative Analysis of MTA-STS Adoption among Different Sectors in Laos

BIMI Logo

Comparative Analysis of DNSSEC Adoption among Different Sectors in Laos

DMARC & MTA-STS Adoption Rates: Key Statistics

  • A concerning 94.65% of analyzed domains in Laos have no SPF record.

  • Only 1.11% of analyzed domains in Laos have DMARC correctly configured, whereas over 98.89% of the analyzed domains in the country do not have a DMARC record.

  • DNS spoofing attacks are very likely to take place in Laos, as for as high as 99.74% of domains in Laos, DNSSEC is completely disabled.

  • None of the analyzed domains (0%) in Laos have MTA-STS enabled.

  • Only 5.09% of domains in the country have correct SPF adoption.

  • Only 0.20% of total domains have the most strict and secure DMARC policy (i.e., “reject”) in place.

Critical Errors Organizations in Laos Are Making

  • There is a widespread lack of SPF records in the country, and this is true for all sectors. The education sector has the lowest percentage (71.92%) of no SPF record, meaning it has a better SPF adoption rate compared to other sectors for which the percentage ranges from 93.33% to 99.60%.

  • DMARC implementation is also very low. The majority of sectors have 0 or near-zero adoption rates. Only the education sector has a relatively higher (but still extremely low) correct DMARC adoption at 3.94%.

  • Only the education sector has some level of strict DMARC policy (i.e. “reject”) adoption, albeit at only 1.48%.

  • Regardless of the sector, MTA-STS adoption is non-existent, with 100% of domains not implementing MTA-STS.

  • DNSSEC too has a very low adoption rate across all 7 sectors. The majority of sectors have no DNSSEC implementation, whereas the education sector has a relatively higher adoption rate at as low as 1.48%.

  • Sectors that are essential for national security and the economy, such as banking (99.60%), government (97.46%), and telecommunications (97.88%), have extremely high percentages of domains without SPF records.

How Can Organizations in Laos Improve Email Security & Deliverability?

  • As 94.65% of domains lack SPF adoption, organizations should make SPF adoption a priority in the near future.

  • Since only 1.11% of domains have correct DMARC configuration, it is crucial to pay attention to the correct adoption of DMARC policies. Moreover, organizations should put more effort into moving towards stricter DMARC policies such as “reject.”

  • Having DNSSEC disabled for 99.74% of domains in the country significantly increases the likelihood of DNS attacks. Therefore, special emphasis should be placed on DNSSEC enabling.

  • As MTA-STS adoption is now at 0% in the country, businesses across telecommunications, media, and all other sectors in Laos should implement MTA-STS at the earliest possible time. 

  • Making use of DKIM and adding digital signatures to outgoing emails may also help prevent unauthorized operations.

How Can PowerDMARC Help?

PowerDMARC offers full-stack email authentication SaaS services suitable for businesses of all sizes and categories, including MSPs, MSSPs, governments, and non-profits. 

Our team leverages all relevant domain security and email authentication protocols (e.g. DMARC, SPF, DKIM, BIMI, MTA-STS, and TLS-RPT) into a single centralized platform, helping organizations combat unauthorized use of their own domains. Whether your fight is against phishing attacks, spoofing, domain abuse, or ransomware, we are here to help you in the most effective ways and lowest possible costs.

Whether you’re based in Laos, in another Southeast Asian country, or any other part of the world, you can contact us at [email protected] and we will help you meet your domain security needs in no time!

secure email powerdmarcReady to prevent brand abuse, scams and gain full insight on your email channel?

Start 15-day trial Book a demo