NZ organizations showing low DMARC compliance rates
by
Reading Time: 2 min
Key Takeaways
- New Zealand ranks 36th worldwide in DMARC compliance, indicating significant room for improvement.
- Only 11% of surveyed organizations implemented DMARC at a level necessary to effectively prevent domain spoofing.
- Less than 30% of government domains have correctly implemented DMARC, highlighting a concerning trend in email security within the public sector.
- A notable percentage of organizations were found to have invalid SPF and DMARC records, which can leave them vulnerable to phishing attacks.
- The overall study reveals major hurdles New Zealand companies face in effectively implementing email security protocols.
New Zealand’s top 200 companies and government departments are facing serious DMARC compliance issues, putting them at 36th spot worldwide.
In recent years, many major countries around the world have begun to recognize the importance of email security to prevent phishing attacks. In this climate of rapid change in cybersecurity practices, New Zealand has been lagging behind its peers in its levels of awareness and response to global security trends.
We conducted a study of 332 domains of organizations both in the public and private sectors. Among the domains we surveyed were:
- Deloitte Top 200 List (2019)
- New Zealand’s top energy companies
- Top telecom companies
- NZ registered banks
- The New Zealand Government (excluding Crown entities).
Simplify Security with PowerDMARC!
By studying their public DNS records and gathering data on their SPF and DMARC statuses, we were able to gather data on how well-protected major New Zealand organizations are against spoofing. You can download our study to find out the details behind these numbers:
- Only 37 domains, or 11%, had enforced DMARC at a level of quarantine or reject, which is required to stop domain spoofing.
- Less than 30% of Government domains had implemented DMARC correctly at any level.
- 14% of organizations observed had invalid SPF records and 4% had invalid DMARC records — many of them had errors in their records, and some even had multiple SPF and DMARC records for the same domain.
Our full study contains an in-depth exploration of the biggest hurdles New Zealand companies face in effectively implementing DMARC.
Domain & Email Security Expert at PowerDMARC
Ahona is the Marketing Manager at PowerDMARC, with 5+ years of experience in writing about cybersecurity topics, specializing in domain and email security. Ahona holds a post-graduation degree in Journalism and Communications, solidifying her career in the security sector since 2019.
Latest posts by Ahona Rudra (see all)
- What Is Spam Email? Definition, Types & How to Stop It - July 11, 2025
- How to Tell if an Email Is Fake: Red Flags to Watch Out For - July 11, 2025
- Have I Been Pwned? Steps to Check, Fix, and Stay Safe - July 11, 2025
