- Proofpoint warns that 36% of FIFA World Cup partners lack strong DMARC protection
- Weak email security leaves fans and sponsors vulnerable to spoofing and fraud
- Only 64% enforce the “disavow” policy, meaning many domains are still vulnerable to spoofing
With the 2026 FIFA World Cup just around the corner, cybercriminals will no doubt be looking to capitalize on interest in identity theft, fraud and fraud – and security researchers at Proofpoint have noted that they won’t have a hard time doing so, as many World Cup partners are not doing enough to protect their online identities.
In a research report shared with TechRadar Pro, Proofpoint said that more than a third (36%) of official sponsors, suppliers, partners and supporters do not have the necessary email security measures in place to help them defend against domain spoofing.
“This could expose fans, customers and partners to an increased risk of email scams impersonating trusted brands,” the researchers said.
The article continues below
What is DMARC?
The company analyzed the level of domain-based message authentication, reporting and compliance (DMARC) adoption among sponsor domains.
DMARC is an email authentication protocol that helps domain owners prevent attackers from spoofing their domain. It works by checking SPF and DKIM results and telling receiving mail servers what to do if an email fails these checks, such as delivering, quarantining, or rejecting it. By implementing DMARC, organizations can define what action should be applied to messages using their domain name.
Proofpoint analyzed 25 domains and found that 24 (96%) have published a DMARC record at a basic level, meaning that most organizations have at least begun to implement protection. While laudable, the researchers said only 16 (64%) actively protect their domain name with the strongest DMARC policy — reject.
“This means that more than a third (36%) are not yet proactively blocking fraudulent emails that try to impersonate their brand,” Proofpoint concluded.
Furthermore, eight domains (32%) have DMARC set to monitoring mode or a partial enforcement position, which allows companies to see what’s going on but not stop spoofed emails in their tracks.
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews and opinions in your feeds. Be sure to click the Follow button!
And of course you can too follow TechRadar on TikTok for news, reviews, video unboxings, and get regular updates from us on WhatsApp also.
