Over three billion fake emails sent out daily
At least 3.4 billion fake emails are sent around the world every day, according to a new report from email verification company Valimail, with the majority of suspicious emails coming from US-based sources.
The report shows that email impersonation -- accounting for 1.2 percent of all email sent in the first quarter of 2019 -- is a phishing attacker's primary weapon to gain access into an organization's network, systems, intellectual property and other sensitive assets.
The fake email problem -- which is not easily blocked by traditional cybersecurity defenses -- can be tackled by implementing widely accepted email authentication standards. These include Domain-based Message Authentication, Reporting, and Conformance (DMARC), Sender Policy Framework (SPF) and DomainKeys Identified Mail (DKIM) as well as newer standards such as Authenticated Received Chain (ARC) and Brand Indicators for Message Identification (BIMI).
Where it's used DMARC is particularly effective. The study shows that nearly 80 percent of all inboxes (5.34 billion) around the world perform DMARC checks on inbound email, and nearly 740,000 domains now use DMARC.
However, enforcement rates with DMARC continue to hover around 20 percent in most industries, largely because the solution is difficult to configure and maintain for large enterprises. For that reason, many domain owners have turned to third-party DMARC vendors, such as Valimail, to implement the solution for them.
"It remains clear that fake emails from hackers, phishers and other cyber criminals constitute the major source of cyberattacks," says Alexander García-Tobar, CEO and co-founder of Valimail. "As more companies recognize and respond to email vulnerabilities, we expect to see organizations continue to deploy authentication technologies to protect against untrusted and fraudulent senders. The fact is that too many attackers are using impersonation to get through existing email defenses. A robust approach to sender identification and authentication is needed to make email more trustworthy, once and for all."
The full report is available from the Valimail site.