Announcement posted by SMX 20 Jun 2022
20 June 2022 - SMX, the Australasian cyber secure email specialist, has published its third annual survey tracking the adoption of DMARC among Australian Federal Government agencies and ASX-listed companies.
Almost three quarters (74%) of 175 Australian Federal agency domains surveyed now have a valid DMARC in place, an increase from 66% in 2021 and 53% in 2020.
There is a corresponding progression by government domains from simple DMARC reporting to active enforcement mode, including quarantining and rejecting spam. Today 62% of agencies with DMARC are using it for enforcement, compared to 21% two years ago.
The experience of Federal agencies is shared by other categories surveyed, in which domain owners typically test the standard in reporting-only mode, and introduce enforcement mode after confirming their DMARC record isn’t causing issues for legitimate senders.
SMX also analysed 1772 domains belonging to companies listed on the ASX, and found that just 30% have DMARC. While this is an increase from 21.5% in 2021, the baseline year, it means that 70% of some of Australia’s largest companies remain exposed to email spoofing and forgery attacks such as whaling, phishing and payment redirection scams.
Of the ASX-listed companies holding a valid DMARC certification, 45% are now using it in enforcement mode, an increase from 34% in 2021.
"It's encouraging to see a steady increase in DMARC adoption across both Government and publicly listed organisations in the region; however as this data highlights, there's still a long way to go. We're delighted to support SMX in helping demystify DMARC across the region in order to better protect us all from these common email threats,” says Cameron McLean, Regional Sales Manager, Asia Pacific, Red Sift.
The rate of adoption among Australian Government domains is outpacing those in New New Zealand.
In New Zealand, more than half of 291 government sector domains now have a valid DMARC record in place, an increase from 33% in 2021 and 16% in 2020. However the bulk of these DMARC deployments are in reporting mode, with just 21% of domains in active enforcement mode.
Among New Zealand’s largest 100 companies by number of employees, almost 60% now have a working DMARC record, up from 45% in 2021 and 29% in 2020.
The increase in the proportion of DMARC users now in enforcement mode shows that a correctly implemented DMARC does not impact an organisation’s ability to send or receive email. Hooker believes that this experience should counter the perceived complexity of combining a DMARC deployment along with its dependencies, DKIM and SPF.
“Good progress is being made in adopting DMARC as organisations recognise its value in protecting not only themselves and anyone who emails them. We have a chance to close the door on phishing and other email-borne security threats in Australia and New Zealand - but must act collectively. Organisations who choose not to implement DMARC risk becoming a vulnerability for their customers and business partners, “ says Thom Hooker, Co-Founder and Email Security Evangelist at SMX.
“Email is a 40 year old technology and DMARC is the most important security upgrade since the RFCs were released in August 1982. SMX aims to raise awareness of this critical email security standard among the organisations whose email communications are relied upon by large numbers of people and businesses everyday,” he says.
About SMX
SMX is a cyber security company with specialist expertise in email. It’s all we do. That means you get local expertise to help you secure your organisation’s email. And when you protect your email, you’re also protecting your brand reputation.
For more than 17 years, our in-house development team has been delivering that to hundreds of public and private sector businesses, offering training, support and the latest in tech solutions.
We protect 24% of all Microsoft 365 inboxes in New Zealand. Our unrivalled email security encompasses multiple layers of protection, conforms with best-practice standards, and is data and workflow-driven.
This is amplified by strong partnerships with the likes of Microsoft, government agencies, M3AAWG and best-of-breed security vendors.
To learn more, visit