Three billion spoofed emails sent each day
A new report looking at trends in DMARC adoption shows that while take up of the identity verification technology is increasing, three billion messages per day are still spoofing the sender's identity.
The study from Valimail shows that email remains a favourite attack route, implicated in over 90 percent of all cyberattacks with the pandemic providing a new focus.
"Privacy laws already exist in Europe and parts of the United States, and if a company does any business in those areas, a DMARC policy at enforcement is essential," says Alexander García-Tobar, CEO and co-founder of Valimail. "DMARC is not going away and the best thing a company can do is understand the potential exposure without it. By having valid email authentication in place, companies protect themselves and their customers from privacy violations. Without it, emails are sent without permission, fines are issues, confidential information is obtained and reputations sink. This wave is only a starting point. Companies must step up as the risk of going without enforcement will only get worse."
The report shows the US federal government leading with DMARC usage, with 74 percent of domains protected, while global media companies and US healthcare companies have the lowest rates of DMARC deployment and protection.
Domains without DMARC enforcement are 4.75 times more likely to be the target of spoofing compared to domains with DMARC. 80 percent of all email inbox providers now do DMARC checks on inbound email.
There's still room for improvement though, while more than 1.28 million domain owners worldwide have configured DMARC for their domains, only 14 percent of those are protected from spoofing by an enforcement policy. Among large organizations, 43.4 percent of domains have a DMARC policy at enforcement. This is two percent higher than in early 2020 and 3.5 percent higher than in early 2019.
The full Spring Email Fraud Landscape report is available from the Valimail site.