Why have only 61% of manufacturers adopted DMARC?

Quick Takeaways

• 61% of leading manufacturers have DMARC, but only 19% enforce a reject policy.
• 43% use a “none” policy, allowing spoofed emails to reach inboxes.
• 31% quarantine suspicious mail, while 30.8% reject it outright.
• Lack of DMARC hurts email deliverability with major providers.
• Manufacturing is the most targeted industry for cyber attacks, per the World Economic Forum.

What is DMARC and why does it matter for manufacturers?

DMARC (Domain-based Message Authentication, Reporting, and Conformance) is an email‑authentication protocol that tells receiving servers how to handle messages that fail SPF or DKIM checks. By publishing a DMARC record, organizations can automatically block phishing and spoofing attempts, protecting both their brand and their customers. For manufacturers, whose supply‑chain communications often contain sensitive data, DMARC reduces the risk of malicious actors impersonating vendors or partners. Implementing a strict p=reject policy ensures that unauthenticated emails never reach employee inboxes, dramatically lowering click‑through rates on phishing links.

How many top manufacturers actually use DMARC?

According to Palisade’s recent research of 4,796 global manufacturing domains, 2,938 (61.26%) have a DMARC record published. While this shows progress, it also means nearly four‑fifths of manufacturers still lack basic email authentication, leaving them vulnerable to spoofing attacks.

What DMARC policies are manufacturers adopting?

The study broke down policy adoption as follows:

• None (p=none): 1,287 domains (43.81%) – reports are generated but no protective action is taken.
• Quarantine (p=quarantine): 914 domains (31.11%) – suspicious mail lands in the junk folder.
• Reject (p=reject): 902 domains (30.8%) – unauthenticated messages are blocked outright.

Only the reject policy provides full protection against phishing, yet less than a third of manufacturers have enabled it.

Why are many manufacturers still using a “none” policy?

Organizations often start with p=none to gather reporting data without disrupting email flow. However, without moving to quarantine or reject, the data never translates into security. In manufacturing, legacy IT stacks and limited security expertise can delay policy upgrades, especially when email systems are tightly integrated with ERP and supply‑chain platforms.

How does insufficient DMARC affect email deliverability?

Major inbox providers such as Google, Yahoo, and Apple already require DMARC for bulk senders, and Microsoft is following suit. Domains without a proper DMARC record risk being flagged as low‑trust, causing marketing and transactional emails to land in spam or be rejected entirely. This reduces campaign effectiveness and can impact revenue‑critical communications.

What other email‑authentication standards should manufacturers implement?

Beyond DMARC, manufacturers should ensure SPF (Sender Policy Framework) and DKIM (DomainKeys Identified Mail) are correctly configured. SPF defines which servers are authorized to send mail on behalf of a domain, while DKIM adds a cryptographic signature to each message. Palisade offers easy‑to‑manage SPF and DKIM tools that integrate with existing DNS providers.

Can BIMI improve brand visibility while enhancing security?

Brand Indicators for Message Identification (BIMI) lets organizations display their logo next to authenticated emails, reinforcing brand trust. BIMI works on top of DMARC, SPF, and DKIM, so deploying it requires a fully enforced DMARC policy. Palisade’s BIMI service helps manufacturers add this visual cue without extra complexity.

What steps should an IT team take to upgrade DMARC policy?

1. Review current DMARC reports to identify legitimate sources that fail authentication.
2. Align SPF and DKIM records for all sending services (e.g., ERP notifications, marketing platforms).
3. Gradually move from p=none to p=quarantine, monitoring impact on deliverability.
4. Once stable, switch to p=reject for full protection.
5. Use Palisade’s automated monitoring to get real‑time alerts on authentication failures.

How does digital transformation increase email risk for manufacturers?

Modern manufacturing relies on interconnected IoT devices, cloud‑based ERP, and third‑party logistics platforms, expanding the attack surface. Each new integration creates additional email endpoints that can be spoofed. Without robust email authentication, attackers can impersonate vendors, inject malicious links, or exfiltrate data through phishing campaigns.

What are the financial implications of poor email security?

Phishing incidents can lead to ransomware, data breaches, and loss of intellectual property—all costly for manufacturers. Additionally, reduced email deliverability hampers sales outreach, marketing ROI, and supplier communications, directly affecting the bottom line. Investing in DMARC, SPF, DKIM, and BIMI can yield a high return by preventing these losses.

How can Palisade help manufacturers achieve full email protection?

Palisade provides a cloud‑native platform that automates DMARC, SPF, DKIM, and BIMI configuration across multiple DNS providers. Its AI‑powered reporting surface surfaces misconfigurations instantly, while the Email Security Score tool offers a quick health check. With a few clicks, manufacturers can move from a “none” policy to full reject enforcement, safeguarding their brand and communications.

Where can I learn more about improving email security in manufacturing?

Visit Palisade’s resource hub for whitepapers, webinars, and a free email security assessment. Start by checking your DMARC health with the Email Security Score and follow the step‑by‑step guide to upgrade your policy.

FAQs

1. What is the difference between p=none, p=quarantine, and p=reject? p=none only generates reports; p=quarantine sends suspicious mail to junk; p=reject blocks it entirely.
2. Do I need to change my existing email infrastructure? No. DMARC works with existing SPF and DKIM records; you only add a DNS TXT record.
3. How long does it take to see results after switching to p=reject? Most providers enforce the policy within 24‑48 hours, but monitoring is essential to catch false positives.
4. Can I test DMARC changes safely? Yes. Use Palisade’s staging environment to simulate policy shifts before going live.
5. Is BIMI required for DMARC compliance? No, but BIMI adds brand visibility and works best with a fully enforced DMARC policy.