24
High-Profile Focus: Advanced Technology and AI May 2026
Red Sift Report: Mass. Business Community Lags Northeast on AI, Email Security Enforcement
Boston – New research from cybersecurity firm Red Sift shows that many of Massachusetts’ largest organizations are still failing to fully protect their email domains from impersonation and business email compromise( BEC), despite operating in some of the most frequently targeted industries in the country.
Red Sift analyzed 700 domains from leading organizations across seven Northeast states, including Massachusetts, and found that only 245 domains( 35 %) have reached full DMARC enforcement, the email authentication standard that actively blocks spoofed and fraudulent emails. In Massachusetts, 42 % of top domains are fully enforced, placing the state above the regional average but still leaving a majority of major organizations exposed.
That gap is especially significant in Massachusetts, which sits at the center of U. S. healthcare, biotechnology, higher education, financial services, and defense, industries where trust-based, high-stakes communication relies heavily on email. The state is also home to thousands of small and mid-sized businesses that depend on email for invoicing, payments, procurement, and customer communication, making them especially vulnerable when trusted brands are impersonated.
Key Findings, across the 700 regional employers analyzed:
• 35 %( 245 domains) are fully protected with DMARC set to p = reject
• 31 %( 216 domains) remain at p = none, monitoring attacks but allowing spoofed email
• 23 %( 158 domains) are set to p = quarantine, blocking some threats but stopping short of enforcement
• 12 %( 81 domains) have no DMARC record published at all
This indicates that Massachusetts organizations are more likely to begin deploying email authentication than many of their neighbors, but many still stop short of the enforcement level that actually prevents impersonation.
Red Sift research focused on Boston reinforces this trend. 49.5 % of Boston’ s largest employers have not implemented full email security enforcement, leaving many local institutions exposed to phishing and brand impersonation attacks. Boston now trails sister cities like New York City and Washington, D. C. on adoption, even as email threats become easier to scale using AI, whether by criminal groups or state-backed actors.
The Northeast runs on industries where trust is foundational, and Massachusetts concentrates many of them more densely than anywhere else in the country.
Regional Context
• New York: 73 % enforcement
• New Jersey: 46 %
• Massachusetts: 42 %
• Connecticut: 40 %
• Rhode Island: 31 %
• Maine and New Hampshire: 30 %( tied)
• Vermont: 26 %
New York’ s adoption rate, the highest Red Sift has recorded in any major U. S. regional analysis, demonstrates that enforcement at scale is achievable, even in complex, regulated environments. Massachusetts’ position below the leading tier highlights a narrowing but still consequential gap during a pivotal moment for the business community.
REGIONAL COMPARISON www. high-profile. com