DMARC and South African Financial Institutions

The South African financial sector, especially banks, loan companies, and insurance companies, have experienced a stark uptick in cybercrimes lately. The COVID-19 pandemic has also contributed to this as many people resorted to malicious activities to make quick money. 

Phishing, scamming, and spoofing are common cyberattacks. Threat actors use social engineering and other tactics to send emails pretending to originate from financial companies. By seeming legitimate and often urgent, these emails convince customers to share sensitive details. The information is then exploited to defraud or steal from the victim.

However, organizations using email protection protocols like SPF, DKIM, and DMARC are far more protected against such threats. Email authentication isn’t a luxury anymore; it’s rather a necessity to maintain your financial institution’s reputation and customer trust.


What is DMARC?

DMARC or Domain-Based Message Authentication, Reporting, and Conformance is an email authentication protocol that uses SPF and DKIM to evaluate the authenticity of emails sent from your domain. It helps ISPs or Internet Service Providers identify and block fraud and spam emails. A DMARC record is published using a DNS record to let recipients’ mailboxes know how to deal with each email from your domain. 

It has three policies:

  • None Policy (p=none): Enables the receiver’s mailbox to do nothing with unqualified emails. However, they’re added to the DMARC record for any infractions.
  • Quarantine Policy (p=quarantine): Sends unsolicited emails to the spam folder. 
  • Reject Policy (p=reject): Tells the receiver’s mailbox to welcome only 100% verified emails and denies the entry of all unqualified ones. 

Banks in South Africa

As of 2020, South African banks have accumulated assets worth $448.4 billion, making the finance sector one of the most sought-after among bad actors. Spoofing attacks are a common tactic used  to get sensitive customer details for nefarious purposes. Customers receive fraudulent emails asking them to click on a malicious link that directs them to a genuine-looking website where they’re asked to submit credentials, credit card numbers, CVVs, identity numbers, etc. 

They may even use email spoofing tactics with a fake email header or IP address to bolster legitimacy. These techniques are often used in conjunction with phishing. 

DMARC Adoption in South African Banks

Well, one of the most efficient solutions to email phishing and spoofing is DMARC policy adoption. According to research conducted by the experts at EasyDMARC, a DMARC deployment service provider, 38 out of 49 banks in South Africa use the DMARC policy. 

This means their email systems are more secure than the 11 banks not deploying it. However, not all of them use the reject policy, which means their customers are still prone to phishing, spamming, and spoofing attacks.  

Out of the 38 banks using the DMARC protocol, 9 use the none policy, 8 use the quarantine policy, and 18 use the reject policy. The 9 banks who’ve set p=none for months still have both legitimate and illegitimate sending sources. Without this prolonged and patient monitoring, your DMARC policy might block genuine senders too.

EasyDMARC’s research results show that 94% of banks use SPF or the Sender Policy Framework policy, which lets domain owners specify genuine email servers. SPF is the first step toward email protection, and companies must pair it with DMARC to avoid cybercrimes.


Insurance Companies in South Africa

Like many industries, insurance companies in South Africa are also under the radar of phishers and spoofers. The digital shift has opened many doors for customers. But they’re also more exposed to email-based attacks. 

Imagine a threat actor using your business email domain to send malicious links to your customers! How detrimental it would be for your reputation! 

Liberty Insurance became a victim of a ransomware attack when hackers seized a database containing crucial details related to the company and customers. Its customers even received fraudulent emails, but fortunately, nobody witnessed a financial loss as the insurance company quickly responded to the attack and regained control.

In situations like this, the DMARC policy either lets you know about fraudulent senders (p=none) or blocks illegitimate emails from reaching your customers’ mailbox altogether (p=reject). 

DMARC Adoption in South African Insurance Companies

Out of 35 South African insurance companies, only 18 have a DMARC policy deployed for email authentication. This means only 51.42% of insurance companies are prepared against phishing, spoofing, and spamming attacks attempted in their name. The percentage of them using the none, quarantine, and reject protocol is 38.88%, 11.11% and 50%, respectively. 

EasyDMARC officials are concerned about these statistics as the South African insurance sector isn’t fully shielded by the DMARC protocol. They’ve come across several insurance companies who’ve set the none policy for years and believe their domain is protected. This isn’t true as the none policy is meant for the preliminary stage only. 

However, 94% of these companies have already deployed the SPF protocol, which means their DMARC deployment journey will be a bit easier and quicker.


Loan Companies in South Africa

Cybersecurity is a concern for every sector, but the financial sector is always a prime target because it holds an extensive database. That’s’ why South African Deputy Reserve Bank Governor Francois Groepe emphasized being heedful of cyberattacks amid fast digitalization.

Threat actors often launch malware attacks to access business computers or emails and steal sensitive details. These are then manipulated to attempt phishing, spamming, or spoofing in the loan company’s name. Cybercriminals send emails to your customers and prospects and request them to share identity numbers, phone numbers, dates of birth, credit card numbers, CVVs, etc. 

DMARC Adoption in South African Loan Companies

As per the data collected by EasyDMARC’s research team, only 8 out of 29 major loan companies in South Africa have deployed the DMARC policy. The number of them using the none, quarantine, and reject protocol is 4,3 and 1, respectively. 

The remaining 21 loan companies are highly prone to email-related cyberattacks. 82% of companies use the SPF protocol, which is a smaller percentage than banks and insurance companies. 

One of the biggest DMARC enforcement mistakes is forgetting about subdomains. If you haven’t set a subdomain policy of sp=none, attackers can still spoof you and defraud your customers. For example, phishing emails sent from [email protected] won’t pass through with the DMARC reject policy, but [email protected] will since no policy has been set for that subdomain.


How to Add DMARC Records at Your DNS Provider

The DMARC record is generated using a DMARC record generator and can be published on your DNS (domain name system) to see whether your domain is getting abused. EasyDMARC offers a free DMARC Record Generator Service that guides you through each process step. Click here to start. 

To add a DMARC record to your DNS, you just have to copy it and go to your DNS zone. Add a new TXT or CNAME record and paste the provided record. In most cases, it’ll automatically be added. You can reach out to EasyDMARC for further help and any queries.



Hackers target financial institutions like banks, loan companies, and insurance companies to attempt email-related cyberattacks and defraud customers. They often use phishing, spamming, and spoofing tactics using your company’s email domain to make recipients believe that emails are coming from a legitimate source. 

A successful cyberattack can permanently damage your brand reputation, trustworthiness, and business continuity.

Thus all South African banks, loan companies, and insurance companies must deploy SPF, DKIM, and DMARC authentication protocols to protect themselves and their clients. 

With DMARC deployment, a DMARC record is created as a DNS TXT record that’s added to the domain to tell the recipient’s server how to deal with legitimate and illegitimate emails. With the reject policy in place, malicious and phishing emails will never reach your customers’ mailboxes.


The post DMARC and South African Financial Institutions appeared first on EasyDMARC.

*** This is a Security Bloggers Network syndicated blog from EasyDMARC authored by EasyDmarc. Read the original post at: