Europa Calling: DMARC Across Country Code Top-Level Domains in the EU

A Special Report for European Cybersecurity Month

To commemorate our first Cybersecurity Month as a truly European organisation, the Global Cyber Alliance (GCA) is starting a new project.

GCA believes that the adoption of our Domain-based Message Authentication, Reporting, and Conformance (DMARC), one of the most effective tools to help protect against phishing and spamming, is a powerful first step for self-protection and a clear, tangible measure towards a safer internet environment for us all.

In 2015 promoting the implementation of DMARC became our first global project, with the development of a setup guide available in 18 languages, seven of which are official in the EU. It led us to become engaged in determined advocacy campaigns with several governments and large e-mail providers, and to create a complete curriculum to guide users to actual deployment. We will try to leverage the success of our current DMARC Bootcamp, a global program that, across six weeks of intensive training, has brought a deeper knowledge about this standard – and more than 60 new adoptions – to more than 1,800 participants from more than 1,200 organisations in 55 different countries.

The new project will focus on the general topic of cyber hygiene and behavioural change, a theme that is common this year in awareness campaigns both in the US and in the EU. It is aimed at raising awareness in one of the best regulated, best organised, and most collaborative internet-governance environments in the world – that of the European country code top-level domains (ccTLDs), represented by CENTR, an association that has just turned 20 years old.

For the project, we have used two very simple ingredients: a sample of almost 1.4 million domains using EU ccTLDs taken out of our records (now around eight million domains altogether), and the traditional rivalry among different European countries, now, luckily, only restricted to sports…and Eurovision.

In the following weeks, running until the end of Cybersecurity Month, we will be presenting a series of daily infographics where we will compare the results obtained by two ccTLDs from neighbouring or closely-related countries in three indicators based on our data: the representativeness of the sample taken, the percentage of domains in the sample having implemented DMARC, and the percentage of domains with reject or quarantine policies over those having DMARC (that is, how many of them are enforcing the standard). At the end of the month, we will list all the ccTLDs together to present an overall picture of the deployment of DMARC across Europe (always based on our sample of 1.4 million domains).

It should be noted that we do not want to create a deep report out of this. We just want to open the debate in a field that we are convinced will be crucial for the successful deployment of DMARC across Europe.

ccTLDs play a central role in the rich small and medium-sized enterprise (SME) playground of Europe: unlike in other regions of the world, most local and small businesses resort to their country’s own domain to promote themselves (ccTLDs represent 63 percent of all domains registered in Europe). Also, in many cases, EU ccTLDs are directly linked to public agencies or supervising bodies that collaborate closely with the national cybersecurity agencies, for which SMEs constitute a primary target for protection. Finally, the regulatory environment in Europe is famous for its thoroughness, and this can arouse many interesting questions around global issues such as privacy protections and take-down procedures.

We hope you will enjoy this DMARC Eurovision, and that we will generate a necessary debate that will remain open after Cybersecurity Month is finished.

Be ready, Europe!

The author, Alejandro Fernández-Cernuda Díaz, is the Director of Communications and Marketing at the Global Cyber Alliance. You can follow Alejandro on Twitter @CyberDiplo or connect with him on LinkedIn