Federal Agencies Lead Companies in DMARC Enforcement


June 20, 2022 – SMX, the Australasian secure cyber-email specialist, has released its third annual survey of DMARC adoption among Australian Federal Government agencies and ASX-listed companies.

Almost three-quarters (74%) of the 175 Australian federal agency domains surveyed now have a valid DMARC in place, an increase from 66% in 2021 and 53% in 2020.

There is a corresponding progression in government domains, from simple DMARC reporting to active enforcement mode, including quarantine and spam rejection. Today, 62% of agencies with DMARC use it for the app, up from 21% two years ago.

The experience of federal agencies is echoed by other categories surveyed, where domain owners typically test the standard in report-only mode and introduce enforcement mode after confirming that their DMARC record does not cause problems for legitimate senders.

SMX also analyzed 1,772 domains owned by ASX-listed companies and found that only 30% had DMARC. Although this is an increase from 21.5% in 2021, the base year, it means that 70% of some of Australia’s largest companies remain exposed to email spoofing and forgery attacks such as whaling, phishing, and payment redirection scams.

Of ASX-listed companies with valid DMARC certification, 45% now use it in application mode, up from 34% in 2021.

“It is encouraging to see a steady increase in DMARC adoption across government and publicly traded organizations in the region; however, as this data shows, there is still a long way to go. We are delighted to support SMX to help demystify DMARC in the region to better protect us all from these common email threats,” says Cameron McLean, Regional Sales Manager, Asia-Pacific, Red Sift.

The adoption rate among Australian government domains exceeds that of New Zealand.

In New Zealand, more than half of the 291 domains in the government sector now have a valid DMARC record in place, an increase from 33% in 2021 and 16% in 2020. However, the bulk of these DMARC deployments are in report mode, with only 21% of domains in active enforcement mode.

Among New Zealand’s 100 largest companies by number of employeesnearly 60% now have a working DMARC record, up from 45% in 2021 and 29% in 2020.

The increase in the proportion of DMARC users now in enforcement mode shows that a properly implemented DMARC does not impact an organization’s ability to send or receive email. Hooker thinks this experience should counter the perceived complexity of combining a DMARC deployment with its dependencies, DKIM and SPF.

“Good progress is being made in adopting DMARC as organizations recognize its value in protecting not only themselves and anyone who sends email to them. We have a chance to close the door on phishing and other email-delivered security threats in Australia and New Zealand – but we must act collectively Organizations that choose not to implement DMARC risk becoming a vulnerability for their customers and business partners” , says Thom Hooker, Co-Founder and Email Security Evangelist at SMX.

“Email is a 40-year-old technology and DMARC is the most significant security upgrade since RFCs. were launched in August 1982. SMX aims to educate organizations whose e-mail communications are used by large numbers of people and businesses on a daily basis of this e-mail security standard,” he says.

About SMX

SMX is a cybersecurity company specializing in email. That’s all we do. This means you get local expertise to help secure your organization’s email. And when you protect your email, you also protect your brand reputation.

For over 17 years, our in-house development team has provided this to hundreds of public and private sector companies, providing training, support and the latest technology solutions.

We protect 24% of all Microsoft 365 inboxes in New Zealand. Our unparalleled email security includes multiple layers of protection, adheres to best practice standards, and is data and workflow driven.

This is amplified by strong partnerships with companies such as Microsoft, government agencies, M3AAWG and top security vendors.

To learn more, visit



Comments are closed.