Domain spoofing declines as protective measures grow (research part 3)

Valimail’s data shows a slow decline in the rate of email spoofing through exact-domain impersonation over the past several years. In the last year it’s remained roughly level at about 1% of all email volume authenticated by Valimail. This is significantly down from 2.3% in the first half of 2018, and 5% in 2017.

One thing to note is that, as Valimail’s customer base has grown, so too has the number of domains at enforcement that we manage.

To put this another way: The domains that Valimail manages have a much, much higher rate of enforcement than the global average — and indeed our customers’ enforcement success rate is far higher than that of every private sector industry.

Since domains at enforcement are less likely to be spoofed (fraudsters give up on spoofing a domain once they notice that spoofing no longer works), we have observed that the rate of fraudulent activity for a domain almost always declines towards zero within a few months after a domain gets to enforcement.

In fact, comparing the volume of fraudulent email during H2 2019, Valimail found that domains without DMARC enforcement were spoofed 3.93x more often compared with domains at DMARC enforcement.

Additionally, the domains that Valimail manages include some high-volume senders of legitimate mail, further skewing the statistics.

The result: The true global rate of fraud for unprotected domains is almost certainly higher than what is shown in this dataset, as it is drawn from a subset of Valimail-managed domains.

However, from this dataset we can get a reasonable picture of where in the world fraudulent email originates, both by overall volume and by which percentage of a country’s email is fraudulent.

Top 10 sources of spoofed email (H2 2019)

This post is part 2 in a 3-part series highlighting Valimail’s latest research. Download the full report for free: Winter 2020 Email Fraud Landscape: Domain spoofing declines as protective measures grow.