John Wilson, Senior Fellow of Threat Research at Fortra, dives into the state of DMARC adoption across the top 10 million domains. He explains how SPF, DKIM, and DMARC work together to prevent email spoofing, the dangers of misconfigurations like “+all,” and why few organizations enforce strong DMARC policies even years after the standard’s introduction. Wilson shares key research findings, real-world risks, and simple analogies to make email authentication concepts easy to understand.
Originally published in Help Net Security.
Excerpt: "Out of the top 10 million domains on the internet, only 36.7 percent had a valid SPF record. Sixty-one percent had no record whatsoever. That‘s a little bit frightening, to be honest.“
