Latest news with #Domain-basedMessageAuthentication
Tourism Breaking News
15-06-2025
- Business
- Tourism Breaking News
85% of UAE travel sites adopt email authentication measures to protect holidaymakers during peak booking season
Post Views: 39 Proofpoint, Inc., a leading cybersecurity and compliance company released new research revealing that 85% of the top online travel sites* in the UAE have adopted Domain-based Message Authentication, Reporting and Conformance (DMARC), a key email security protocol that helps protect users from email fraud. However, only 45% of these sites have implemented it at the highest enforcement level of 'reject,' which actively blocks unauthorised emails from reaching inboxes. The findings are based on a DMARC adoption analysis of the top 20 online travel sites in the UAE, and across Europe and the Middle East. DMARC is an email validation protocol designed to protect domain names from being misused by cybercriminals. It authenticates the sender's identity before allowing a message to reach its intended destination. DMARC has three levels of protection – monitor, quarantine and reject, with reject being the most secure for preventing suspicious emails from reaching the inbox. With travel demand in the UAE continuing to rise, a recent KPMG study found that 77% of UAE travellers use mobile apps or hotel booking services, increasing the volume of digital interactions between consumers and travel brands. But as consumers eagerly plan and book their getaways, this surge in activity – coupled with a high volume of emails and promotional offers from travel companies – creates a perfect storm for cybercriminals, turning dream holidays into costly scams through sophisticated email fraud. Key findings include: • The UAE demonstrates stronger foundational email security adoption compared to its European counterparts, with 85% of the top travel sites publishing a DMARC record, reflecting growing awareness of cybersecurity best practices across the country's travel sector. • However, there is room for improvement with only 45% of the UAE's top travel sites using the policy at 'reject' level, meaning 55% are leaving their customers, staff, and partners more vulnerable to receiving fraudulent emails impersonating these brands. • On average, 88% of the top travel websites across Europe and the Middle East have published a basic DMARC record. However, only 46% of all travel sites analysed are at reject, meaning 54% of the top travel sites across the regions are leaving customers at risk of email fraud. 'Holiday bookings often represent a significant number of high-value financial transactions and bring experiences of high personal and emotional value; this combination makes travellers prime targets for cybercriminals. Attackers actively use sophisticated email fraud, especially during peak holiday season, to exploit vulnerabilities,' says Matt Cooke, cybersecurity strategist, Proofpoint. 'Fake booking confirmations, too-good-to-be-true deals, and urgent payment requests for supposed flight changes are common tactics. These fraudulent communications can appear highly convincing, putting travellers' finances and personal data at risk.' 'Travel companies bear a social responsibility to do everything they can to stop convincing scam emails being sent in their name, to holidaymakers,' continues Cooke. 'Implementing DMARC technology to its fullest level of 'reject' allows travel companies to massively reduce the risk of that happening, protecting both their brand and all of the holidaymakers at the same time., it's a win-win.' Proofpoint advises consumers to follow these tips to stay safe when booking and managing travel online: 1. Secure your bookings – and your accounts. Use strong, unique passwords for travel accounts and booking sites. Enable multi-factor authentication (MFA) wherever possible to add an extra layer of security. 2. Watch out for fake travel deals – and websites. Be wary of unsolicited offers that seem too good to be true. Scammers create convincing fake websites for airlines, hotels, or comparison sites to steal money and credentials. Always book through official sites or reputable, verified agents. 3. Navigate away from phishing trips – and smishing scams. Stay alert to phishing emails or smishing (SMS phishing) messages regarding flight changes, booking confirmations, or visa applications that demand urgent action or personal details. These often lead to fake login pages designed to capture your information. 4. Don't get detoured by suspicious links. Avoid clicking directly on links in unsolicited emails, social media messages, or pop-up ads, especially for special offers or urgent alerts. Instead, type the official website address directly into your browser. 5. Check reviews before You book. Fraudulent travel offers, websites, and apps can look deceptively genuine. Before providing payment details or downloading a new travel app, invest time in researching the company, reading independent online reviews, and checking for customer complaints.
Time Business News
15-06-2025
- Business
- Time Business News
DMARC Report vs. Valimail: Which One Should You Choose?
In the evolving world of email authentication and domain security, choosing the right DMARC monitoring tool is crucial. Two of the most prominent names in this space are DMARC Report and Valimail. Each platform offers robust features aimed at helping organizations implement and monitor Domain-based Message Authentication, Reporting, and Conformance (DMARC) policies. However, when evaluating a Valimail alternative, many users look for platforms that offer ease of use, affordability, and comprehensive analytics. This article aims to provide a detailed comparison between DMARC Report and Valimail, helping you make an informed decision. We'll cover core features, usability, pricing, support, and value to help you decide which platform is best suited to protect your email domain and improve deliverability. DMARC plays a critical role in preventing phishing, spoofing, and impersonation attacks. By aligning SPF and DKIM records and setting policies for failed authentication, it allows domain owners to control email flow and receive reports. Choosing the right tool for DMARC monitoring ensures consistent email authentication and better domain reputation. It allows organizations to visualize data, interpret complex reports, and fine-tune policies for maximum protection. The DMARC Report is designed to make DMARC monitoring accessible to everyone—from small businesses to large enterprises. It offers a clean interface, real-time analytics, and simplified onboarding, which makes it one of the most appealing tools for those looking for a Valimail alternative. The platform excels in offering actionable insights with a minimal learning curve. Features such as guided setup, customizable reports, and email alerts make it easy to stay ahead of potential threats. You can also compare with the DMARC report to see where it stands against competitors. Valimail has been a longstanding player in the DMARC space, often used by large enterprises for its robust infrastructure and extensive integration options. It focuses on identity-based email authentication and includes tools for automation and scalability. However, Valimail may present a steep learning curve for smaller organizations or those without a dedicated IT team. It's also priced at a premium, which can be a barrier for startups and small businesses exploring a Valimail alternative. When it comes to features, both tools offer comprehensive DMARC monitoring, reporting, and policy management. However, DMARC Report shines with features like instant domain validation, auto-configuration assistance, and a visually intuitive dashboard. Valimail, on the other hand, offers deeper integrations with enterprise platforms and a wider range of automated capabilities. But these features can be overkill for smaller teams and harder to configure without support. DMARC Report provides a seamless, user-friendly experience. Its interface is designed with simplicity in mind, making it easy for non-technical users to navigate and understand DMARC analytics. Valimail's interface is more complex, which may appeal to advanced users but can be overwhelming for newcomers. Organizations seeking a straightforward Valimail alternative will likely find DMARC Report to be the more approachable option. One of the biggest differentiators between the two platforms is pricing. DMARC Report offers flexible pricing plans, including a robust free tier that gives users access to essential DMARC features. This makes it an ideal choice for budget-conscious businesses. Valimail, by contrast, is typically priced higher and often targets enterprise clients with custom pricing models. Smaller companies may find the cost prohibitive when evaluating it as a Valimail alternative. DMARC Report is known for its responsive and personalized customer support. Users have access to comprehensive documentation, live chat, and direct support channels to resolve issues quickly. Valimail also provides solid support, but it may be more structured and less accessible for smaller clients. When comparing the two, those seeking hands-on assistance may prefer the approachability of DMARC Report. Deployment speed and integration ease are important factors when choosing a DMARC tool. DMARC Report enables users to set up and start receiving reports within minutes, thanks to automated configuration tools and guided onboarding. Valimail's deployment process is more complex, involving manual steps and detailed configuration. While powerful, this can be a barrier for teams looking for a plug-and-play Valimail alternative. Customization is another area where DMARC Report leads. Users can tailor their dashboards, export data in multiple formats, and set thresholds for alerts. This level of control helps fine-tune monitoring to specific organizational needs. Valimail does offer customizable reports, but the process may be more rigid. Users often need deeper technical knowledge to fully leverage its reporting features. DMARC Report focuses on converting complex data into actionable insights. Visual charts, trend analysis, and domain-level breakdowns make it easy to spot problems and apply solutions. Valimail's dashboards are detailed but may require more interpretation. Users without a background in cybersecurity or DNS management might find it less intuitive compared to the Compare with DMARC Report experience. DMARC Report enjoys high ratings for its transparency, simplicity, and effectiveness. It's particularly popular among small to mid-sized businesses that need enterprise-grade protection without the complexity. Valimail is also trusted by many, especially large corporations. However, its enterprise focus sometimes leads smaller users to seek a more tailored Valimail alternative. DMARC Report has shown a consistent commitment to improvement, regularly rolling out new features based on user feedback. This responsiveness makes it a reliable tool for organizations with evolving security needs. While Valimail also innovates, its pace is typically aligned with enterprise requirements, which may delay certain updates or improvements desired by smaller users. Ultimately, the best DMARC tool depends on your organization's size, technical capacity, and budget. If you're a small to mid-sized business looking for a flexible, affordable, and user-friendly Valimail alternative, DMARC Report is an excellent choice. Enterprises with dedicated security teams and large-scale infrastructure may benefit from Valimail's deep integrations and automation features. But for most users, especially those getting started, Compare with DMARC Report to experience greater ease and faster results. In the battle of DMARC Report vs. Valimail, your decision should come down to usability, cost, and organizational fit. DMARC Report stands out as a powerful Valimail alternative that doesn't compromise on features or performance. Whether you're aiming for full compliance or just getting started with email security, tools like DMARC Report offer a smoother journey. Take the time to Compare with DMARC Report and see how it measures up for your needs. TIME BUSINESS NEWS
Channel Post MEA
13-06-2025
- Business
- Channel Post MEA
UAE Travel Brands Taking Proactive Steps To Defend From Fraudulent Emails
Proofpoint has released new research revealing that 85% of the top online travel sites in the UAE have adopted Domain-based Message Authentication, Reporting and Conformance (DMARC), a key email security protocol that helps protect users from email fraud. However, only 45% of these sites have implemented it at the highest enforcement level of 'reject,' which actively blocks unauthorised emails from reaching inboxes. The findings are based on a DMARC adoption analysis of the top 20 online travel sites in the UAE, and across Europe and the Middle East. DMARC is an email validation protocol designed to protect domain names from being misused by cybercriminals. It authenticates the sender's identity before allowing a message to reach its intended destination. DMARC has three levels of protection – monitor, quarantine and reject, with reject being the most secure for preventing suspicious emails from reaching the inbox. With travel demand in the UAE continuing to rise, a recent KPMG study found that 77% of UAE travellers use mobile apps or hotel booking services, increasing the volume of digital interactions between consumers and travel brands. But as consumers eagerly plan and book their getaways, this surge in activity – coupled with a high volume of emails and promotional offers from travel companies – creates a perfect storm for cybercriminals, turning dream holidays into costly scams through sophisticated email fraud. Key findings include: The UAE demonstrates stronger foundational email security adoption compared to its European counterparts, with 85% of the top travel sites publishing a DMARC record, reflecting growing awareness of cybersecurity best practices across the country's travel sector. However, there is room for improvement with only 45% of the UAE's top travel sites using the policy at 'reject' level, meaning 55% are leaving their customers, staff, and partners more vulnerable to receiving fraudulent emails impersonating these brands. On average, 88% of the top travel websites across Europe and the Middle East have published a basic DMARC record. However, only 46% of all travel sites analysed are at reject, meaning 54% of the top travel sites across the regions are leaving customers at risk of email fraud. 'Holiday bookings often represent a significant number of high-value financial transactions and bring experiences of high personal and emotional value; this combination makes travellers prime targets for cybercriminals. Attackers actively use sophisticated email fraud, especially during peak holiday season, to exploit vulnerabilities,' says Matt Cooke, cybersecurity strategist, Proofpoint. 'Fake booking confirmations, too-good-to-be-true deals, and urgent payment requests for supposed flight changes are common tactics. These fraudulent communications can appear highly convincing, putting travellers' finances and personal data at risk.' 'Travel companies bear a social responsibility to do everything they can to stop convincing scam emails being sent in their name, to holidaymakers,' continues Cooke. 'Implementing DMARC technology to its fullest level of 'reject' allows travel companies to massively reduce the risk of that happening, protecting both their brand and all of the holidaymakers at the same time., it's a win-win.' Proofpoint advises consumers to follow these tips to stay safe when booking and managing travel online: Secure your bookings – and your accounts. Use strong, unique passwords for travel accounts and booking sites. Enable multi-factor authentication (MFA) wherever possible to add an extra layer of security. Watch out for fake travel deals – and websites. Be wary of unsolicited offers that seem too good to be true. Scammers create convincing fake websites for airlines, hotels, or comparison sites to steal money and credentials. Always book through official sites or reputable, verified agents. Navigate away from phishing trips – and smishing scams. Stay alert to phishing emails or smishing (SMS phishing) messages regarding flight changes, booking confirmations, or visa applications that demand urgent action or personal details. These often lead to fake login pages designed to capture your information. Don't get detoured by suspicious links. Avoid clicking directly on links in unsolicited emails, social media messages, or pop-up ads, especially for special offers or urgent alerts. Instead, type the official website address directly into your browser. Check reviews before You book. Fraudulent travel offers, websites, and apps can look deceptively genuine. Before providing payment details or downloading a new travel app, invest time in researching the company, reading independent online reviews, and checking for customer complaints.
Techday NZ
13-06-2025
- Business
- Techday NZ
Just 3% of New Zealand domains enforce top anti-phishing policy
Only 3% of New Zealand domains have implemented full protection against phishing according to new research by EasyDMARC. EasyDMARC's analysis covered 141,242 domains registered in New Zealand, highlighting a low adoption rate of the strictest email authentication setting known as DMARC at p=reject. DMARC, or Domain-based Message Authentication, Reporting & Conformance, is a protocol designed to verify that emails are legitimately sent by the domain they claim to represent, with the p=reject policy providing the highest available security by blocking unauthorised emails outright. This scrutiny comes as the government introduces the Secure Government Email Framework, which will require all public sector domains to enforce DMARC at the p=reject setting by October 2025. The requirement targets government domains, but the implications reach across public and private sectors. Non-compliant vendors, councils, NGOs, and universities not only risk delivery failures for legitimate communications, but are also vulnerable to impersonation and phishing incidents. EasyDMARC's research found that just 24.5% of New Zealand domains have valid DMARC records. Of those, a significant 72.4% use the policy set to none, which only monitors for suspicious activity but does not take any blocking action. Only 3.1%, or 4,327 domains, enforce the p=reject setting, meaning the overwhelming majority of domains are not proactively preventing phishing attacks. The findings underscore concerns around email-based cyberattacks in the country. Phishing accounts for more than 90% of all cyberattacks globally, giving urgency to calls for more comprehensive enforcement of DMARC policies. Gerasim Hovhannisyan, CEO of EasyDMARC, stated: "Most organisations set up DMARC but don't enforce it. By mandating DMARC at its strictest level, p=reject, New Zealand is leading by example, showing that email security only works when enforcement is taken seriously. Too many organisations stop at 'p=none', the weakest DMARC setting, which merely monitors for fraudulent emails without taking action. This creates a false sense of security while leaving the door wide open to phishing attacks. Our research shows that only 9.5% of the top global 1.8 million domains have reached p=reject – the only DMARC policy that actively blocks spoofed emails. This gap between adoption and proper enforcement is exactly why email remains the most common attack vector. Today's phishing attacks aren't the clumsy scams we used to see. Thanks to AI, they're now flawless, highly targeted messages that look and feel legitimate. We can't expect employees to spot them in a flood of emails, and relying on outdated filters or passive monitoring just isn't enough. Organisations need a system that blocks unauthorised senders before their message even hits the inbox. By enforcing p=reject, New Zealand has built exactly that system for its public sector. Email is still how governments issue updates, how companies close deals, and how people reset passwords. If we can't trust what's in our inboxes, the whole system falters. New Zealand's new email security mandate sets a clear benchmark, and it puts pressure on others to stop pretending that partial implementation is progress." The Secure Government Email Framework's upcoming mandate intends to standardise security practice across government entities, but the new research suggests most domains - both public and private - are not yet in line with these requirements. EasyDMARC's data shows significant room for improvement if organisations are to protect email communications and comply with incoming regulations. With New Zealand's digital economy expanding rapidly, the research points to a gap between policy and practice regarding email security, highlighting ongoing challenges for organisations seeking to protect users and data from phishing attacks. Follow us on: Share on:
Techday NZ
30-05-2025
- Business
- Techday NZ
Most high-traffic email domains still vulnerable to phishing
New research from EasyDMARC has found that 92% of the world's top 1.8 million email domains lack adequate protection against phishing attacks. The EasyDMARC 2025 DMARC Adoption Report has revealed that only 7.7% of these domains are fully protected using the strictest DMARC (Domain-based Message Authentication, Reporting, and Conformance) policy, known as 'p=reject'. This policy is designed to actively block malicious emails from being delivered to inboxes. DMARC is an email authentication protocol that builds on existing standards such as SPF and DKIM, allowing domain owners to specify how they want mail servers to handle emails that fail authentication checks. The protocol also enables domain owners to receive reports on emails sent under their domain name, providing vital records of authentication attempts and potential abuse. EasyDMARC's analysis demonstrates that although there has been a noticeable increase in DMARC adoption since 2023 — largely due to regulatory initiatives and mandates from major providers including Google, Yahoo, and Microsoft — most organisations opt for the weakest available configuration, 'p=none'. This setting only monitors for threats, rather than thwarting attacks by blocking illegitimate emails. The report, which reviewed security practices across the most-visited websites globally as well as Fortune 500 and Inc. 5000 companies, shows a continued gap between DMARC adoption and meaningful implementation. More than half (52.2%) of the surveyed domains have not implemented DMARC at any level, leaving them exposed to phishing and spoofing risks. Among domains that do have a DMARC record, most have not configured enforcement policies or reporting mechanisms necessary for full protection. The research also found that over 40% of the domains with a DMARC record did not include any reporting tags. This omission means these organisations have little to no visibility into authentication failures or an understanding of who might be sending emails on their behalf. Gerasim Hovhannisyan, Chief Executive Officer of EasyDMARC, addressed the misconception surrounding DMARC adoption: "There's a growing perception that simply publishing a DMARC record is enough. But adoption without enforcement creates a dangerous illusion of security. In reality, most organisations are leaving the door wide open to attacks targeting customers, partners, or even employees." Mandates have had a measurable effect. In the United States, where regulatory enforcement is strong, the proportion of phishing emails accepted dropped from 68.8% in 2023 to just 14.2% in 2025. Similar progress was noted in the UK and the Czech Republic, countries that also enforce DMARC usage. However, countries without strict requirements, such as the Netherlands and Qatar, showed minimal improvement in reducing phishing acceptance rates. Recent high-profile cyber attacks, including those targeting retailers such as M&S and Co-op, serve as a backdrop for the report's release. In these incidents, attackers exploited weaknesses in email security through social engineering, costing affected businesses hundreds of thousands in losses. According to EasyDMARC, the increasing sophistication of phishing, partly driven by the use of AI, magnifies the risks for organisations that are inadequately protected. Hovhannisyan further commented: "Misconfigurations, missing reporting, and passive DMARC policies are like installing a security system without ever turning it on. Phishing remains one of the oldest and most effective forms of cyberattack, and without proper enforcement, organisations are effectively handing attackers the keys to their business. As threats grow more sophisticated and compliance pressures mount, stopping halfway with DMARC enforcement is no longer an option." The report methodology combined public DNS data with proprietary data collected through EasyDMARC's platform. It involved the review of aggregate DMARC reports from major mailbox providers and included a survey of 980 IT professionals across the United States, United Kingdom, Canada, and the Netherlands. This allowed for insights into regional differences in phishing trends, adoption challenges, and the varying influence of regulatory mandates. The research concludes that while DMARC adoption has increased, genuine protection against phishing relies on both enforcement and visibility — elements still missing for the vast majority of high-traffic domains worldwide.
