EasyDMARC is set to present its 2025 Global DMARC Adoption Report at Black Hat Europe 2025 in London. The report, based on an analysis of over 1.8 million domains worldwide, highlights a critical finding: 80% of domains still lack effective protection against persistent email security risks.
The findings underscore that while email authentication awareness is increasing, passive compliance is failing to prevent high-impact fraud, particularly among UK organizations.
UK Phishing Incidents Prove Passive Compliance is Failing
High-profile incidents in 2025 demonstrate that even large institutions and critical sectors remain vulnerable to sophisticated impersonation and spoofing attacks:
- HMRC Impersonation (Mid-2025): A massive phishing campaign impersonating HM Revenue and Customs (HMRC) compromised around 100,000 UK taxpayer accounts, resulting in approximately £47 million in fraudulent tax-rebate claims borne by the government.
- Home Office SMS Attacks (July–August 2025): Scammers successfully posed as the Home Office to steal credentials for the Sponsorship Management System (SMS) from organizations holding sponsor licences.
These verified cases underline a crucial point: adopting email authentication standards alone is not enough. Without enforcement and monitoring, organizations remain exposed to significant financial and reputational risk.
Rik Turner, Chief Analyst for Cybersecurity at Omdia, commented:
“EasyDMARC aims to drive DMARC enforcement across the global community of email domain owners. It supports both direct and indirect businesses in enforcing sustainable email authentication, security, and deliverability, which Omdia considers a critical capability in the ever-evolving age of AI.”
EasyDMARC is an enterprise member of EmailExpert, supporting our mission to connect email and digital messaging professionals worldwide.
