New Zealand government agencies lag Australia's in DMARC enforcement

New Zealand government agencies lag Australia's in DMARC enforcement

Both government and private sector appear slow to move into enforcement mode.

Thom Hooker (SMX)

Thom Hooker (SMX)

Credit: Supplied

While deployment of DMARC (domain-based message authentication, reporting and conformance) 
email domain protection is growing fast in New Zealand, the bulk of certifications are only in reporting mode, a new study found.

More than half of 291 government agencies now have a valid DMARC record in place, an increase from 33 per cent in 2021 and 16 per cent in 2020

However, just 21 per cent of domains were in active enforcement mode, the third annual DMARC survey by New Zealand email cyber security specialist SMX found.

DMARC is an email authentication protocol used to protect an organisation’s email channel from spoofs, phishing scams and other email-borne attacks. 

Domain owners typically test the standard in reporting-only mode and introduce an active enforcement mode to quarantine or reject spoofed emails after confirming their DMARC record isn’t causing issues for legitimate senders.

The results indicate New Zealand government is lagging. By comparison, 74 per cent of 175 Australian Federal Government agency domains surveyed now have a valid DMARC in place, an increase from 66 per cent in 2021 and 53 per cent in 2020.  

Sixty-two per cent of Australian agencies were using DMARC for enforcement, compared to 21 per cent two years ago. 

Among New Zealand’s largest 100 companies by number of employees, almost 60 per cent now had a valid DMARC record, up from 45 per cent in 2021 and 29 per cent in 2020. 

Of these, 32.2 per cent were in enforcement mode, actively protecting their domains from email spoofing and forgery attacks.

“Progress in adopting DMARC is promising but can still improve," said Thom Hooker, co-founder and email security evangelist at SMX. 

"Organisations who choose not to implement DMARC risk becoming a vulnerability for their customers and business partners. Acting together, we have a chance to close the door on email forgery and other email-borne security threats in New Zealand and Australia.“  

SMX's survey of 1772 domains belonging to companies listed on the ASX found that just 30 per cent had deployed DMARC. This was an increase from 21.5 per cent in 2021.  

Of the ASX-listed companies holding a valid DMARC certification, 45 per cent were using it in enforcement mode, an increase from 34 per cent in 2021. 

“Email is a 40 year old technology and DMARC is the most important security upgrade since the RFCs were released in August 1982," Hooker said. 

SMX aimed to raise awareness of this critical email security standard among the organisations whose email communications are relied upon by large numbers of people and businesses, he said.

Follow Us

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags email securityNew ZealandASXDMARCgovernmentcyber security



Female leaders honoured at Reseller News Women in ICT Awards in 2022

Female leaders honoured at Reseller News Women in ICT Awards in 2022

​Reseller News is proud to announce the winners of the Women in ICT Awards (WIICTA) in 2022, honouring female excellence within the technology channel following an industry-defining celebration in New Zealand.

Female leaders honoured at Reseller News Women in ICT Awards in 2022
Show Comments