SAN FRANCISCO, July 14, 2020 /PRNewswire/ -- Valimail, the leading provider of zero-trust identity-based anti-phishing solutions, today released findings from its Email Fraud Landscape: Summer 2020 Report. Now in its fourth year, this research analyzes trends in the adoption of Domain-based Message Authentication, Reporting and Conformance (DMARC), a vendor-neutral authentication protocol that allows email domain owners to protect their domain from unauthorized use, or "spoofing."
For the first time, the number of domains deploying DMARC records has surpassed 1 million — 2.5 times greater than the total in 2018.
DMARC is widely supported, with 80% of all inboxes worldwide doing DMARC checks and enforcing domain owners' policies on every single inbound message — if the senders of those messages have configured DMARC for their domains. It is also widely recommended: The U.S. Department of Homeland Security mandates DMARC for federal agencies, the U.S. Federal Trade Commission recommends it for companies, and the Mobile, Messaging, and Malware Anti-Abuse Working Group (M3AAWG), which is the leading industry organization devoted to stopping phishing, spam, and email abuse, calls it a "crucial" tool in the fight against COVID-19-related phishing attacks.
Valimail's report finds that only 13.9% of all DMARC records are configured with enforcement policies that reject or quarantine non-authenticating email. This rate is higher among large organizations: 30% of the Fortune 500 domains using DMARC are using enforcement policies, for example. The rate of enforcement has been steadily rising in most industries, Valimail's research has found.
"The benefits of email authentication are clear, which is why it's so encouraging to see so many domains adopting the DMARC standard," said Alexander García-Tobar, CEO and co-founder, Valimail. "Now they will need to get to enforcement — the point at which they're actually protected from being spoofed by bad actors. But it's not just about self interest: DMARC with enforcement is increasingly mandated by a variety of organizations and standards, such as BIMI, because it is such a strong, reliable signal of domain identity. Authentication with enforcement will be even more critical in the coming months as the world begins to adopt a zero-trust approach to email security."
Additional key findings from Valimail's research include:
- 79% of Fortune 500 domains can still be spoofed, because they either have no DMARC, are using DMARC in "monitor mode," or have DMARC configuration problems
- 86% of global companies with $1B or more in revenues can be spoofed
- On the positive side, 75% of U.S. federal domains are protected from spoofing by DMARC enforcement (whitehouse.gov, however, is not one of them)
- 60% of utility domains now have DMARC records. However, because enforcement rates remain low, these parts of our critical infrastructure are still unprotected: Only 8% of all utilities have achieved DMARC enforcement.
The research was compiled by analyzing a broad cross-section of company sizes and revenues across eight different verticals. To download the full report, please visit: https://www.valimail.com/resources/email-fraud-landscape-summer-2020/
Valimail is a pioneering zero-trust identity-based anti-phishing company that has been ensuring the global trustworthiness of digital communications since 2015. It delivers the only complete, cloud-native platform for validating and authenticating sender identity to stop phishing, protect and amplify brands, and ensure compliance to companies worldwide. The company has won more than a dozen prestigious cybersecurity technology awards and authenticates billions of messages a month for some of the world's biggest companies and organizations, including Uber, Splunk, Yelp, Fannie Mae, Mercedes Benz USA, and the U.S. Federal Aviation Administration. For more information visit www.valimail.com.
Dylan Tweney, VP of Communications