Report Finds Almost 90 Percent of Top US and EU Internet Retailer Domains Fail to Protect Consumers From Phishing Attacks

Study, produced by 250ok, analyzed 3,300 domains operated by the top 1,000 US and 500 EU online retailers by revenue

INDIANAPOLIS--()--A new study published today by 250ok, a leader in advanced email analytics for DMARC, deliverability, design and engagement, has revealed that 87.6 percent of the root domains operated by top e-retailers in the United States and European Union are putting their brands and consumers at risk for phishing attacks.

Phishing and spoofing attacks against consumers are most likely when companies don’t have a published Sender Policy Framework (SPF) or Domain-based Message Authentication, Reporting and Conformance (DMARC) policy properly in place. SPF is an email validation system that detects spoofing attempts, or a third party that disguises itself as a particular sender using a counterfeit email address. DMARC is considered the industry standard for email-validation to prevent such attacks.

The report, DMARC Adoption Among e-Retailers, which analyzed 3,300 domains of the top 1,000 US internet retailers and top 500 EU internet retailers by revenue, reveals that the majority of retailers currently use some level of email authentication on their domains. However, many are inconsistent in their approach across all the domains they control. Only 11.3 percent of top US retailer domains and 12.2 percent of top EU retailer domains meet 250ok’s recommended minimum protocol for the email channel:

  1. Publish SPF records for all domains
  2. Ensure SPF records are valid and without errors
  3. Publish a DMARC policy for all domains

“By failing to publish basic authentication records like SPF and a DMARC record for all of the domains they operate, retailers are blind to the potential abuse of their brands’ domain names,” said Matthew Vernhout, director of privacy at 250ok. “It leaves both the brand and the consumer unnecessarily exposed to phishing attacks that damage brand trust.”

A 2017 study from the Anti-Phishing Working Group reported that an average of 443 brands per month were targeted for phishing attacks in the first half of 2017, up from 413 per month during the same period in the previous year. These attacks are a threat to brand trust as 91 percent of all cyber attacks begin with a phishing email.

"Time and again, we see that phishing is among the most common cyber risks. DMARC protects both consumers and businesses from some of the worst types of phishing," says Global Cyber Alliance Director of Operations, Shehzad Mirza. "The value of the protection is such that both the UK and U.S. governments have mandated their respective government domains to implement DMARC. We urge all governments and businesses to do the same."

In an effort to support the protection of consumers and the email programs of businesses around the world, 250ok today announces an offer for free usage of 250ok DMARC software in 2018 for all new customers that sign up before the end of February 2018.

“This is a moment in time where we have the opportunity to make a real impact on the security of consumers and brands,” said Greg Kraios, 250ok CEO. “By offering free access to our DMARC software, we hope to play a meaningful role in reducing phishing attacks in 2018 and beyond. Ultimately, we expect marketers to see improvements in email engagement due to stronger consumer trust in their brands.”

To access the full report, visit:

About 250ok

250ok focuses on advanced email analytics, insight and deliverability technology to power a large and growing number of enterprise email programs ranging from clients like Adobe, Marketo and Furniture Row who depend on 250ok to cut through big data noise and provide actionable, real-time analytics to maximize email performance. For more information, visit


Kate Jaramillo, 317-806-1900

Release Summary

250ok report finds almost 90 percent of top US and EU internet retailer domains fail to protect consumers from phishing attacks


Kate Jaramillo, 317-806-1900