The Global Cyber Alliance released a new tool Monday that allows companies to track the success of security protocols used to protect email domains from malicious ‘spoofing’ threats.
GCA’s tool allows users to measure the deployment of their Domain-based Message Authentication, Reporting & Conformance (DMARC) email security standards against other companies and governments across half a million domains.
"The GCA DMARC Leaderboard offers a way to compare countries, sectors and companies as to their progress in deploying email spoofing protections, and we hope it helps lead to universal adoption of DMARC. Using DMARC to prevent email domain spoofing is essential as an anti-phishing measure," Philip Reitinger, CEO of GCA, said in a statement.
Officials expect the leaderboard to provide intelligence on 10 million email by domains by the first quarter of 2019.
DMARC is a set of email authentication standards used to to track domain security threats. According the tool, the U.S. has 1,102 domains covered under the policy.
Implementation of the DMARC policy is high among large consumer email providers, including Gmail and Microsoft [MSFT] 365, while the private sector and government agencies continue to lag behind in implementation, according to GCA.
GCA notes the FBI in July reported that business email compromises (BEC), including spoofing attacks where malicious threats are hidden in legitimate-looking accounts, are on the rise totaling $12.5 billion in losses worldwide over the last five years.
“DMARC’s power to reduce BEC, and provide a significant return on investment to companies that deploy it, is demonstrated by new research from GCA. [Our] report, which was released last month, shows the 1,046 domains that have implemented DMARC at quarantine or reject using GCA’s DMARC Setup Guide will save an estimated $19 million to $66 million dollars by limiting BEC for the year of 2018 alone,” officials said in a statement. “These organizations will continue to reap that reward every year in which they maintain the deployment of DMARC.”