Big-name companies are still leaving themselves and their customers open to phishing because they haven’t implemented the DMARC message validation standard. In this year’s DMARC adoption report [PDF], phishing prevention specialist Agari reckons two-thirds of the Fortune 500 are yet to implement Domain-based Message Authentication, Reporting and Conformance (DMARC) yet. Specified in RFC 7489 to combine Sender Policy Framework and DomainKeys Identified Mail techniques, DMARC’s aim is to defeat e-mail spoofing. It was originally put forward by Google, Microsoft, AOL, Facebook, Yahoo!, PayPal and others.