Study: U.S. Government Leads Private Industry in Email Fraud Prevention Efforts

SAN FRANCISCO, April 26, 2018 — Valimail, the world’s only provider of fully automated email authentication, today released research showing that federal agencies in the United States are far ahead of their private sector counterparts when it comes to email fraud prevention. In examining the DNS records of thousands of domains across several industry cohorts including Fortune 500 companies, healthcare firms, and global media companies, Valimail found that the overwhelming majority of organizations remain completely susceptible to “spoofing” of their own email domains, also known as impersonation attacks.

Valimail’s Email Fraud Landscape report for Q1 2018 specifically looks at how organizations have adopted the Domain-based Message Authentication, Reporting and Conformance (DMARC) authentication standard, which detects and prevents email spoofing. By deploying email authentication through DMARC, and by configuring DMARC to a policy of enforcement (which directs receiving mail servers to reject or quarantine unauthorized messages), companies can substantially improve their cybersecurity defense posture, protect themselves against phishing, and shut down email-based impersonation and fraud.

The U.S. federal government leads the way in DMARC adoption with 68 percent usage, in large part due to the Department of Homeland Security’s October 2017 directive mandating that all federal agencies adopt the standard. However, while some organizations in both the private and public sectors have taken the initial step of implementing DMARC, very few are actually able to prevent phishing attacks because they have not set their DMARC policies to enforcement. In fact, of all the industry cohorts that Valimail examined, no category has even achieved a 20 percent enforcement rate.

Other findings from the report include:

• Suspicious email comes from all over the globe, but the leading source by far is the United States
• 14 billion fraudulent messages are sent worldwide every day — one out of every 20 emails
• Five billion inboxes support DMARC (75 percent of the world’s total)
• U.S. media companies have the lowest rates of DMARC adoption
• Denmark and the Netherlands lead globally in corporate use of email authentication

“Rarely a week goes by when we don’t read about a successful phishing campaign costing businesses and even governments untold sums of money and breaches of trust with customers,” said Alexander García-Tobar, CEO and co-founder of Valimail. “The results of our study are clear: without real policies in place to ensure that email senders are who they claim to be, businesses and consumers remain wide-open to impersonation and fraud.”

“While we’re encouraged by the increase in DMARC adoption, particularly within the U.S. federal government, overall there is still much work to do,” said Shehzad Mirza, Director of Operations at the Global Cyber Alliance. “All industries need to understand how vulnerable they are to simple-to-execute phishing attacks and embrace email authentication to prevent them from happening. Domain owners adopting DMARC with enforcement will be critical for increasing the security of the email ecosystem worldwide.”