Feb 22, 2022 - by Staff Writer
Second Annual GCD Index Reveals Increase in Adoption of DNSSEC and SSLs
To gain a deeper understanding of corporate domain name management across the world’s largest companies, GoDaddy Corporate Domains completed an in-depth analysis of the Global 2000. The Global 2000* is an annual ranking of the top 2,000 public companies in the world by Forbes magazine. The ranking is based on a mix of four metrics: sales, profit, assets and market value.** For the second year, we leveraged our own Brandsight technology to conduct our analysis.
Portfolio Resolution
We began our analysis by looking at domain name portfolios belonging to the 50 largest Global 2000 companies to identify how many of the domains contained within those portfolios actually resolved to live content. This year our analysis revealed that 44% of these domains actually resolve to live content. This is an improvement over the previous year where 28% of domains resolved to live content. Ideally, companies should strive for 90% resolving, with only 10% of a portfolio not resolving. If a domain name is worth renewing, then it should be forwarding to live, relevant content. Exceptions for the 10% may include derogatory terms, or adult-themed domains.
Registry Locking
We also analyzed the main corporate domains of the Global 2000 and identified that only 17% had implemented Registry Locking. This number remains unchanged from last year. Registry Locking should be deployed for all core domains and any others that are critical to business operations. This includes production websites, email, internal applications, websites used for channel partners and resellers. While Registry Locking does require some additional time to make updates to domains, it is well worth the investment to create this additional layer of security. Registry Locking guards against inadvertent or unauthorized updates to valuable domains.
DNS Configuration
This year we uncovered that 5.1% of the Global 2000 corporate websites had implemented DNSSEC, up from 3.5% in the previous. DNSSEC protects against cache-poisoning and man-in-the-middle attacks. Companies that are collecting credential information should seriously consider implementing DNSSEC. Similar to last year, 14% of the corporate websites of the Global 2000 suffered from DNS configuration issues resulting from lame delegation. Lame delegation can cause delays in DNS resolution.
E-mail Authentication
Unchanged from last year, 90% of corporate website domains are configured to receive email. However, 86% are leveraging SPF (Sender Policy Framework) up from 84% last year. SPF enables owners to specify which servers are authorized to send mail. Fifty-seven percent of these domains were also leveraging DMARC (Domain-based Message Authentication, Reporting and Conformance). This had increased from 50% in the previous year. DMARC provides protection against email spoofing.
SSL Adoption
This biggest increases occurred in our analysis of SSLs. This year, 71% of root domains are properly secured with an SSL compared to 60% last year, and 93% of corporate websites leveraging www as a host are properly secured with an SSL, compared to 84% last year.
Conclusion
The increase in numbers of resolving names, in adoption of DNSSEC and in utilization of email authentication indicates that some improvements to the management of corporate domains has occurred. That said, the number of domains leveraging Registry Locking remains shockingly low. Additionally, the number of names suffering from lame delegation is still very high, given that these are the main corporate websites of the Global 2000. We look forward to conducting our analysis again next year, and we’re hopeful that we’ll continue to see some improvements.
The information contained in this blog is provided for general informational purposes about domains. It is not specific advice tailored to your situation and should not be treated as such.
*Data obtained from Forbes Global 2000: https://www.forbes.com/global2000
**https://en.wikipedia.org/wiki/Forbes_Global_2000
