RH-ISAC BLOG

Progress in the Global Fight against Fake Emails

Author: Dylan Tweney, VP of Research and Communications, Valimail

Valimail has been doing rigorous analysis on the data behind email frauds since the company’s earliest days. And we’ve been publishing research reports based on that deep insight for several years. Valimail’s research program now sets the industry standard for reliable, hype-free data on the state of email fraud, email authentication, and identity-based email attacks.

During that time, phishing has continued to grow in significance, with multiple independent studies noting that it is implicated in over 90% of all cybersecurity attacks and network/data breaches.

What has driven phishing’s shocking effectiveness is its reliance on advanced impersonation techniques that slip through most companies’ defenses. And that impersonation is exactly what Valimail’s research focuses on.

Our research shows that impersonation continues to be actively used by attackers worldwide, to the tune of billions of fake messages per day. What’s more, we’ve found that standards-based defensive strategies are available, and are being used more and more widely, but are not being deployed to full effectiveness.

The landscape of email fraud

Our latest quarterly report looking at the universe of email impersonation — the Email Fraud Landscape for Spring 2019, published recently — shows that fake identities remain a significant problem in the global email flow.

Valimail used proprietary data from our analysis of billions of email message authentication requests, plus our analysis of nearly 20 million publicly accessible DMARC and SPF records, to compile this unique view of the email fraud landscape.

We found a suspicious email rate (the proportion of all messages that are likely malicious spoofs) of 1.2% during Q1 2019.

While this rate is somewhat lower than the 1.6% rate we noted in Q2 2018, this still represents a huge amount of fake messages. Extended to the full volume of global email, that would represent 3.4 billion fake emails every day.

DMARC continues to grow

There is good news in this report, however. The number of domains deploying DMARC in order to begin addressing the fake-email problem continues to grow, with more than 740,000 DMARC-enabled domains worldwide today. That’s almost twice the number that existed a year ago.

In many industries, the adoption of standards-based email authentication is accelerating. In some categories, such as the Fortune 500, large U.S. technology companies, and the U.S. federal government, DMARC usage is well above 50%.

However, enforcement lags. This is defined as configuring DMARC to a policy of quarantine or reject, which protects the domain from impersonation. Across the board, Valimail found that about 20% of the domains deploying DMARC have actually configured it to enforcement. The other 80% remain unprotected.

As a result, in most categories, fewer than 10% of all companies have DMARC records with enforcement policies. Only the U.S. government and U.S. tech companies have higher rates of protection, at 72% and 24% of domains, respectively.

All this and more data is available in the report. Download the Spring 2019 Email Fraud Landscape to get the details.

Valimail is an Associate Member of the Retail and Hospitality ISAC