- Proofpoint warns that 36% of FIFA World Cup partners lack strong DMARC protections
- Weak email security leaves fans and sponsors exposed to phishing and fraud
- Only 64% apply a “reject” policy, meaning many domains remain vulnerable to spoofing.
With the 2026 FIFA World Cup just around the corner, cybercriminals will no doubt be looking to capitalize on the interest in identity theft, scams and wire fraud, and security researchers at Proofpoint have noted that they will have no difficulty doing so as many World Cup partners are not doing enough to protect their online identities.
In a research report shared with TechRadar Pro, Proofpoint said that more than a third (36%) of official sponsors, vendors, partners and supporters do not have the necessary email security measures in place to help them defend against domain spoofing.
“This may expose fans, customers, and partners to increased risk of email fraud impersonating trusted brands,” the researchers said.
Article continues below.
What is DMARC?
The company analyzed the level of adoption of Domain-Based Message Authentication, Reporting and Conformance (DMARC) among sponsoring domains.
DMARC is an email authentication protocol that helps domain owners prevent attackers from spoofing their domain. It works by checking SPF and DKIM results and telling receiving mail servers what to do if an email fails those checks, such as delivering it, quarantining it, or rejecting it. By implementing DMARC, organizations can define what action should be applied to messages that use their domain name.
Proofpoint analyzed 25 domains and found that 24 (96%) have published a DMARC record at a basic level, meaning most organizations have at least started implementing protections. While commendable, researchers said only 16 (64%) actively protect their domain name with the strictest DMARC policy: reject.
“This means that more than a third (36%) are still not proactively blocking fraudulent emails that try to impersonate their brand,” Proofpoint concluded.
Additionally, eight domains (32%) have DMARC configured in monitoring mode or a partial enforcement posture, allowing businesses to see what’s happening, but not stop spoofed emails in their tracks.
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to receive news, reviews and opinions from our experts in your feeds. Be sure to click the Follow button!
And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form and receive regular updates from us on WhatsApp also.
