Email Safety in New Zealand: A Comprehensive Look

July 29, 2020

New Zealand’s top 200 companies and government departments are facing DMARC compliance issues, putting them at a disadvantage.


In recent years, many major countries around the world have begun to recognize the importance of email security to prevent phishing attacks. In this climate of rapid change in cybersecurity practices, New Zealand has been lagging behind its peers in its levels of awareness and response to global security trends.

We conducted a study of 332 domains of organizations both in the public and private sectors. Among the domains we surveyed were:

  • Deloitte Top 200 List (2019)
  • New Zealand’s top energy companies
  • Top telecom companies
  • NZ registered banks
  • The New Zealand Government (excluding Crown entities).

By studying their public DNS records and gathering data on their SPF and DMARC statuses, we were able to gather data on how well-protected major New Zealand organizations are against spoofing. You can download our study to find out the details behind these numbers:

  • Only 37 domains, or 11%, had enforced DMARC at a level of quarantine or reject, which is required to stop domain spoofing.
  • Less than 30% of Government domains had implemented DMARC correctly at any level.
  • 14% of organizations observed had invalid SPF records and 4% had invalid DMARC records — many of them had errors in their records, and some even had multiple SPF and DMARC records for the same domain.

Our full study contains an in-depth exploration of the biggest hurdles New Zealand companies face in effectively implementing DMARC.

For more information, you can download our study

 

Subscribe to the GCA Newsletter

Get the latest news from GCA, including updates about the GCA Toolkit. Signup and opt-in.

You have Successfully Subscribed!