Outbound Email Authentication and DMARC Adoption Among SEC-Regulated Firms
We grabbed a list of all 18,281 firms registered with the Security and Exchange Commission. Then, for the 15,254 firms for which a web domain could be found, we analyzed their DNS to find their DMARC policy and SPF records. For an industry that depends so heavily on trust, the results are quite grim.
Only 5% of all firms have adopted DMARC in protection mode, a policy whereby unauthenticated emails sent on their behalf are rejected or quarantined by the receiver.
Barely 12% are gathering DMARC reports at all, creating a large blindspot for attackers to exploit. Fill out the form on the right to view the full report.
By filling out the form, you agree to our terms and conditions.