Valimail, a leading provider of identity-based anti-phishing solutions, today released its Summer 2019 Email Fraud Landscape Report,
shedding light on the identity crisis of worldwide Internet email and
the steps being taken to protect email against impersonation. The
original research analyzes the adoption rate of Domain-based Message
Authentication, Reporting and Conformance (DMARC), a vendor-neutral
authentication protocol that allows email domain owners to protect their
domain from unauthorized use, or "spoofing."
Valimail
found that 850,000 domains worldwide now have DMARC records, a 5x
increase since 2016. However, less than 17% of global DMARC records are
at enforcement - meaning fake emails that appear to come from those
domains are still arriving in recipients' inboxes. Among large
companies, only one in five enterprise DMARC records is at enforcement, a
significant factor in the wild success of business email compromise
(BEC) attacks, which has produced more than $26 billion in losses in the
past three years.
"The
identity crisis of email has never been more apparent," said Alexander
García-Tobar, CEO and co-founder of Valimail. "Phishing is implicated in
more than 90% of all cyberattacks, and the vast majority of phishing
emails leverage impersonation. This is only possible due to email's lack
of robust sender identity validation. The sharp rise in DMARC records
worldwide is promising, but the low rate of enforcement indicates there
is a long way to go in establishing real trust in one of the world's
most common forms of communication."
According
to the research findings, less than half of large U.S. tech companies'
DMARC records are at enforcement, and in most industry categories, fewer
than 10% of enterprise domains are protected from impersonation. The
U.S. government, which traditionally lags behind the private sector when
it comes to security readiness, has achieved an impressive 93% of DMARC
records at enforcement. This is up slightly from 91% since Valimail's
last research report, an indication that the government sector is
proactively tackling the problem with email identity.
This
research was compiled by analyzing tens of millions of publicly
accessible records as well as aggregate data from billions of
authentication requests. To download the full report, please visit https://www.valimail.com/resources/email-fraud-landscape-q3-2019/.