#Privacy: Only 12.5% of US retailers protect customers from fraudulent emails

A new report by Red Sift, has found that just 12.5% of America’s top 100 retailers prevent fraudulent emails being sent to their customers. 

The cloud-based email security company looked into the DMARC (Domain-based Message Authentication, Reporting & Conformance) status of retailers features in STORES Magazine’s Top 100 Retailers for 2019, along with their subsidiaries. 

DMARC is an email authentication protocol that ensures email are authenticated before reaching a user’s mailbox. It also confirms that the sender is legitimate. 

Researchers discovered that out of the 120 unique sites examined, only six had their DMARC set to “quarantine”, and nine sent to “reject”. 

An overwhelming 41 had no DMARC protection put in place, whilst 64 “had DMARC in place, but online in monitoring mode,” explained a Red Sift spokesperson to Infosecurity Magazine. 

Red Sift co-founder & CEO Rahul Powar told Infosecurity Magazine, that the most surprising finding from the research was “the sheer volume of unprotected retailers, given the shift away from shopping malls to online, means an increased reliance on email for marketing and commerce.”

The “reject” option is the strongest form of protection – and the retailers that opted for “reject” were Walmart, Burlington, Verizon Wireless, Kohl’s, Gap, Wegmans, IKEA, Williams-Sonoma and Tractor Supply Co. 

Amazon, Apple, Belk, Dress Barn, Lane Bryant and Wayfair opted for “quarantine”. 

The DMARC settings of America’s five leading delivering companies – UPS, FedEx, DHL, USPS and Amazon, all had opted to either “reject” or “quarantine”. 

However, shoppers are still vulnerable to cybercrime despite DMARC protection being set to maximum. 

Powar explained that DMARC will prevent all impersonated emails a fraudster tries to send from an exact domain, but it won’t stop emails from look-alike domains. 

“This is why the advice is to take a careful look at the sender’s email address, as these clunky fakes will be easy to spot.”


PrivSec Conferences will bring together leading speakers and experts from privacy and security to deliver compelling content via solo presentations, panel discussions, debates, roundtables and workshops.

For more information on upcoming events, visit the website.

We have been awarded the number 1 GDPR Blog in 2019 by Feedspot.

Privacy Culture: Data Privacy and Information Security Consulting, Culture & Behaviour, Training, and GDPR maturity, covered. https://www.privacyculture.com/