Sign in
  • Home
  • Products
    • Enforce
    • DMARC Monitor
    • Instant SPF
    • Amplify
  • Solutions
    • Anti-phishing
    • Brand protection
    • Compliance
    • Government
    • Marketing
    • Microsoft
    • Shadow IT
  • About
    • News + awards
    • Partners
    • Team
    • Careers
    • Industry leadership
    • Customer support
  • Learn
    • Resources
    • Blog
    • Customers
  • Support
Request phishing analysis
  • Products
    • Enforce
    • DMARC Monitor
    • Instant SPF
    • Amplify
  • Solutions
    • Anti-phishing
    • Brand protection
    • Compliance
    • Government
    • Marketing
    • Microsoft
    • Shadow IT
  • About
    • News + awards
    • Partners
    • Team
    • Careers
    • Industry leadership
    • Customer support
  • Learn
    • Resources
    • Blog
    • Customers
  • Get started for free
  • Support
  • Sign in
Check to see if you’re protected
☰
Check to see if you’re protected
Share this article
Related posts
  • Blog
    Research: Only 22 of the top 100 retailers are protected by DMARC
  • Blog
    DMARC authentication gets you the deliverability you deserve
  • Blog
    How vulnerable are U.S. election operations to email spoofing?
Valimail blog

76 percent of inboxes worldwide now enforce email authentication — if senders enable it

Author: Valimail
DMARC-support-among-ISPs-2015-2017

Note: This post is being jointly published by the Global Cyber Alliance and Valimail. 

Support for email authentication among the world’s ISPs has surged significantly in the past two years, new data shows. 

Email authentication, if enabled by both senders and receivers, is a powerful tool in stopping the growing phishing crisis. Ninety-one percent of cyberattacks start with a phishing email, according to PhishMe, making it by far the preferred starting point for hacks of all types. Additionally, business email compromise scams (email impersonation attacks) have cost businesses $5.3 billion since 2013, according to the Federal Bureau of Investigation. The majority of such attacks use direct spoofing (impersonating the sender).

Email authentication through the DMARC standard prevents this, by giving domain owners the power to specify who is allowed to use their domain names in the From field of email messages. Non-authorized senders will fail the authentication checks performed by ISPs receiving email messages, thus protecting recipients from phish, hack attempts, and spam, and protecting domain owners from brand-damaging impersonations.

About 4.8 billion inboxes now support email authentication through DMARC, representing 76 percent of the current total number of worldwide email accounts (6.3 billion, according to Radicati’s 2017 Email Statistics Report).

The new total of ISPs is a dramatic increase from the 2.7 billion inboxes protected by DMARC support in 2015, representing 62 percent of the then-total number of inboxes (4.3 billion).

To put it another way, in the past two years the number of inboxes enforcing email authentication policies has grown by 2.1 billion.

“DMARC support” means that the ISPs will determine if a sending organization has a DMARC policy in place, and enforce “quarantine” or “reject” policies, if domain owners have specified them. These ISPs will not deliver messages that fail authentication. Note that if domain owners have specified a policy of “none,” message delivery will not be affected, even for messages failing authentication, and receiving mail servers will only send reports if requested by the sending domain owners.

With such widespread support, DMARC at enforcement is a potent, globally-effective tool for preventing the most common and most pernicious kinds of phishing attacks: Same-domain impersonation.

The recent growth in DMARC support is largely attributable to several large Chinese ISPs, including Netease and Tencent, enabling enforcement within the past 18 months.

The list of email account providers supporting DMARC enforcement now includes most of the major global ISPs, including Gmail, Oath, Microsoft, Tencent, Mail.ru, Comcast, AT&T, British Telecom, Virgin Media, and Italia Online.

Country-by-country DMARC support remains variable, with support well over 80 percent in some countries, such as the U.S., U.K., Brazil, Mexico, and Canada; while it lags in a few countries, such as Germany and Japan. However, the overall picture is clear: The vast majority of ISPs around the world will enforce email authentication for those domains that have published a DMARC record and set it to enforcement.

About the study: Valimail examined millions of DMARC aggregate reports from ISPs around the world over a two-year timespan to determine which ISPs were reporting having taken enforcement actions.

ISP subscriber counts were taken from a variety of published sources, including the ISPs’ own annual reports.

Note that the totals for DMARC support include primarily ISPs, not enterprise mail servers or secure email gateways (SEGs) except when those are provided as services by ISPs. For instance, Gmail is the email provider for Google’s G Suite, and Google includes G Suite subscribers in its total number of Gmail users. One exception: The total does include Microsoft Office 365, both enterprise and consumer editions.

Enterprise mail servers are included in Radicati’s total number of worldwide email accounts, so the percentage of global inboxes supporting DMARC is probably higher than 76 percent.

See here for the GCA’s version of this blog post.

Back to blog
Published October 10, 2017
Author: Valimail
Valimail is the global leader in zero-trust email security. The company’s full line of cloud-native solutions authenticate sender identity to stop phishing, protect brands, and ensure compliance; they are used by organizations ranging from neighborhood shops to some of the world's largest organizations, including Uber, Splunk, Yelp, Fannie Mae, Mercedes Benz USA, and the U.S. Federal Aviation Administration. Valimail is the fastest growing DMARC solution, with the most domains at DMARC enforcement, and is the premier DMARC partner for Microsoft 365 environments. For more information visit www.valimail.com.
Resources
Top retailers remain vulnerable to email brand spoofing
Learn more
Email security with Microsoft and Valimail
Learn more
Election email security
Learn more
Email fraud landscape, Summer 2020
Learn more
Preparing for BIMI: A Marketer’s Guide
Learn more
Latest news
Trump’s refusal to concede the election is creating an opening for cy...
Learn more
2020 General Election Results to Directly Impact Tech Industry
Learn more
Why Email Is Still an Election Day Disinformation Risk
Learn more
US elections are still vulnerable to email spoofing
Learn more
Security Gaps Persist, Report Warns, After U.S. Blames Iran In Election Sch...
Learn more
Press releases
Valimail Triples Customer Base, Becomes Top Global DMARC Provider in 2020
Learn more
Valimail: 2020 election infrastructure still vulnerable to email hackers
Learn more
Valimail Announces Selection by ASG for Anti-Phishing and BEC Protection
Learn more
Valimail DMARC Monitor and Valimail Enforce Now Available in the Microsoft ...
Learn more
Valimail Research Finds More Than 1 Million Domains Using Crucial Email Aut...
Learn more
Follow us
Contact us

P: 888.354.6179
E: info@valimail.com

Headquarters

180 Montgomery Street
20th Floor
San Francisco, CA 94104

Valimail Mountain Office

1550 Larimer Street
Suite 271
Denver, CO 80202

Request a full phishing analysis
© Valimail
  • Terms of use
  • Privacy Policy
  • Website terms of use
  • Do not sell my personal information
  • Phishing Analysis
  • Domain Checker
  • Products
  • Enforce
  • DMARC Monitor
  • Instant SPF
  • Amplify
  • Solutions
  • Anti-phishing
  • Brand protection
  • Compliance
  • Government
  • Marketing
  • Microsoft
  • Shadow IT
  • About
  • News + awards
  • Partners
  • Team
  • Careers
  • Industry leadership
  • Customer support
  • Learn
  • Resources
  • Blog
  • Customers
Subscribe to our newsletter

Get exclusive content on improving email security and deliverability from the experts at Valimail.

  • *
    I understand that I may proactively manage my preferences, or opt-out of Valimail communications at any time using the unsubscribe link provided in Valimail email communication. I confirm that I am over the age of 16. The information that you provide will be used in accordance with the terms of our Privacy Policy.
  • This field is for validation purposes and should be left unchanged.