That total includes only exact-domain sender spoofing, in which senders put a fake email address in the From: field of their messages. This is one of the most difficult to detect and damaging types of fake emails. For example, the Federal Bureau of Investigation recently reported that business email compromise (BEC) costs have reached $12 billion over the past several years.
Valimail's study underscores the scope of the fake email problem. Far from being merely a "social engineering" issue, fake email is a direct result of technical issues with the way email is implemented: It lacks a built-in authentication mechanism, making it all too easy to spoof senders.
However, the fake email crisis is also amenable to a technical solution, starting with the email authentication standards DMARC, SPF, and DKIM.
"Valimail's research shows that fake email continues to be a major problem worldwide," said Alexander García-Tobar, CEO and co-founder of Valimail. He added: "There are encouraging signs of progress in the fight against fake email, starting with the U.S. federal government, where we've seen an unprecedented deployment of anti-impersonation technologies, thanks to a mandate by the Department of Homeland Security. There's still a long way to go, but the DHS example shows that stopping email impersonation is both critical to our highest institutions and achievable."
For the purposes of this report, Valimail used proprietary data from its analysis of billions of email message authentication requests, plus an analysis of more than 3 million publicly accessible DMARC and SPF records.
Now in its third consecutive quarter, Valimail's research able to show how the fight against fake email is progressing worldwide, in a variety of industry categories.
Notably, the U.S. federal government leads all other sectors in DMARC usage and DMARC enforcement, thanks to an October 2017 mandate from the Department of Homeland Security. Over 70 percent of federal domains have DMARC records and 43 percent are configured in a way that protects agencies from impersonation.
Other findings from the report:
The United States continues to lead the world as a source of fake email
The rate of DMARC implementation continues to grow in every industry
DMARC enforcement remains a major challenge, with a failure rate of 75-80 percent in every industry
The rate of SPF usage continues to grow in every industry, despite a high rate of implementation problems
Valimail is the trusted leader in automated email authentication, with a comprehensive platform for anti-impersonation, brand protection, and anti-fraud defense. Valimail's patented, standards-compliant technology provides an unrivaled, fully automated solution for DMARC enforcement to stop phishing attacks, improve deliverability, provide comprehensive visibility of legitimate as well as unauthorized email senders, and protect organizations' reputations. Valimail authenticates billions of messages a month for some of the world's biggest companies, in finance, government, transportation, health care, manufacturing, media, technology, and more. Valimail is based in San Francisco. For more information visit www.valimail.com.