More than 90% of the top 1.8 million email domains worldwide could be compromised in spoofing attacks, as only 7.7% of the said domains have adopted the most extensive Domain-based Message Authentication, Reporting, and Conformance policy dubbed 'p=reject', reports Infosecurity Magazine.
Implementation of stringent DMARC mandates has been associated with the largest decline in phishing emails landing in inboxes, with the U.S. having its phishing email rate decline from 68.8% to 14.2% between 2023 and 2025, according to a report from EasyDMARC. Despite DMARC mandates from Google, Microsoft, and Yahoo, basic DMARC records continued to be absent in 52.2% of domains, while more than 40% lacked RUA tags and other reporting mechanisms. "Misconfigurations, missing reporting, and passive DMARC policies are like installing a security system without ever turning it on... As threats grow more sophisticated and compliance pressures mount, stopping halfway with DMARC enforcement is no longer an option," said EasyDMARC CEO Gerasim Hovhannisyan.
Implementation of stringent DMARC mandates has been associated with the largest decline in phishing emails landing in inboxes, with the U.S. having its phishing email rate decline from 68.8% to 14.2% between 2023 and 2025, according to a report from EasyDMARC. Despite DMARC mandates from Google, Microsoft, and Yahoo, basic DMARC records continued to be absent in 52.2% of domains, while more than 40% lacked RUA tags and other reporting mechanisms. "Misconfigurations, missing reporting, and passive DMARC policies are like installing a security system without ever turning it on... As threats grow more sophisticated and compliance pressures mount, stopping halfway with DMARC enforcement is no longer an option," said EasyDMARC CEO Gerasim Hovhannisyan.
