If you had to guess, worldwide, how many phishing emails would you estimate are sent out every day, what would you say?
If you guessed anything less than three billion, you'd be incorrect. Three billion a day, on average. That's both terrifying and depressing.
On hearing that grim statistic, it's natural to assume that there's just not much you can do to reduce your exposure and not get as many phishing emails as you currently do, but surprisingly, there are things you can do.
Specifically, you can apply DMARC, which stands for Domain-based Message Authentication, Reporting and Conformance). That's a fancy way of saying that only authorized senders can send an email using a given domain, which not only helps to prevent spam, but also serves as a reporting tool.
Essentially DMARC enforcement virtually eliminates domain spoofing, which means that those emails simply never get delivered to begin with.
How effective is that approach? Well, based on the latest statistics, domains without DMARC applied are nearly five times as likely to be the targets of phishing emails compared to those that have it.
As the CEO of Valimail, Alexander Garcia-Tobar puts it:
"Privacy laws already exist in Europe and parts of the United States, and if a company does any business in those areas, a DMARC policy at enforcement is essential. By having valid email authentication in place, companies protect themselves and their customers from privacy violations. Without it, emails are sent without permission, fines are issued, confidential information is obtained and reputations sink."
It's a policy that just makes sense. If you're not already applying DMARC to domains you control, you should consider doing so immediately. The more domains that do, the less effective phishing emails become, and that's something that everyone but the hackers can agree is a very good thing.