According to a recent study by cybersecurity firm Proofpoint, many of Southeast Asia's leading companies are exposing their customers, employees, and partners to email fraud.
Only 13% of the Fortune Southeast Asia 500 companies have implemented the most secure level of email authentication, DMARC reject.
DMARC reject in a nutshell;
This protocol prevents unauthorized emails from reaching users' inboxes, thereby avoiding domain spoofing and phishing attacks.
DMARC (Domain-based Message Authentication, Reporting, and Conformance) is a widely used email validation system that checks the sender's identity.
It protects businesses against email-based threats such as phishing, which is frequently used in business email compromise (BEC) scams.
Despite its importance, Proofpoint discovered that 87% of Southeast Asia's top companies have not implemented the highest level of DMARC protection, leaving them vulnerable to potential attacks.
Key Findings from Proofpoint's Analysis
- 87% of Fortune Southeast Asia 500 companies have not implemented the most stringent DMARC protection (reject).
- 28% of companies have no DMARC records, making them highly vulnerable to email fraud.
- 13% of companies use the most secure DMARC policy (reject), which prevents phishing emails from reaching inboxes.
- Singapore leads the region in DMARC implementation, with 28% of companies using the most stringent level of protection.
- Thailand and Vietnam lag behind, with 45% and 37% of companies respectively lacking DMARC protection.
Based on Proofpoint's analysis, 28% of the region's leading companies have not implemented any form of DMARC, leaving them particularly vulnerable to email fraud.
Thailand (45%) and Vietnam (37%) have the highest percentage of companies that lack DMARC protection.
Singapore and Malaysia perform slightly better, with 85% and 83% of businesses, respectively, using some level of email authentication.
However, even in these countries, a small percentage of businesses have implemented the most stringent security measures to fully protect their email systems.
Subscribe to our newsletter
Without adequate DMARC protection, organizations risk having their emails marked as spam or rejected entirely, lowering customer trust and increasing the likelihood of successful phishing attacks.
Lastly, companies that do implement DMARC, do so without professional assistance, which can result in misconfigurations that block legitimate emails.