Key Takeaways
- New Zealand ranks 36th worldwide in DMARC compliance, indicating significant room for improvement.
- Only 11% of surveyed organizations implemented DMARC at a level necessary to effectively prevent domain spoofing.
- Less than 30% of government domains have correctly implemented DMARC, highlighting a concerning trend in email security within the public sector.
- A notable percentage of organizations were found to have invalid SPF and DMARC records, which can leave them vulnerable to phishing attacks.
- The overall study reveals major hurdles New Zealand companies face in effectively implementing email security protocols.
New Zealand’s top 200 companies and government departments are facing serious DMARC compliance issues, putting them at 36th spot worldwide.
In recent years, many major countries around the world have begun to recognize the importance of email security to prevent phishing attacks. In this climate of rapid change in cybersecurity practices, New Zealand has been lagging behind its peers in its levels of awareness and response to global security trends.
We conducted a study of 332 domains of organizations both in the public and private sectors. Among the domains we surveyed were:
- Deloitte Top 200 List (2019)
- New Zealand’s top energy companies
- Top telecom companies
- NZ registered banks
- The New Zealand Government (excluding Crown entities).
Simplify Security with PowerDMARC!
By studying their public DNS records and gathering data on their SPF and DMARC statuses, we were able to gather data on how well-protected major New Zealand organizations are against spoofing. You can download our study to find out the details behind these numbers:
- Only 37 domains, or 11%, had enforced DMARC at a level of quarantine or reject, which is required to stop domain spoofing.
- Less than 30% of Government domains had implemented DMARC correctly at any level.
- 14% of organizations observed had invalid SPF records and 4% had invalid DMARC records — many of them had errors in their records, and some even had multiple SPF and DMARC records for the same domain.
Our full study contains an in-depth exploration of the biggest hurdles New Zealand companies face in effectively implementing DMARC.
- PowerDMARC Recognized as Grid Leader for DMARC in G2 Spring Reports 2025 - March 26, 2025
- How to Identify Fake Order Confirmation Scam Emails and Protect Yourself - March 25, 2025
- Why No-Reply Emails Are a Cybersecurity Hazard - March 20, 2025