Research: Crisis of Fake Email Continues to Plague Industries Worldwide
6.4 Billion Fake Emails Sent Every Day — Most Industries Making Gradual Progress in Protecting Themselves Against Fake Email — U.S. Government Shows Leadership
SAN FRANCISCO, August 22, 2018 — Valimail, the world’s only provider of fully automated email authentication, announced the results of its quarterly research on the state of email fraud.
That total includes only exact-domain sender spoofing, in which senders put a fake email address in the From: field of their messages. This is one of the most difficult to detect and damaging types of fake emails. For example, the Federal Bureau of Investigation recently reported that business email compromise (BEC) costs have reached $12 billion over the past several years.
Valimail’s study underscores the scope of the fake email problem. Far from being merely a “social engineering” issue, fake email is a direct result of technical issues with the way email is implemented: It lacks a built-in authentication mechanism, making it all too easy to spoof senders.
However, the fake email crisis is also amenable to a technical solution, starting with the email authentication standards DMARC, SPF, and DKIM.
“Valimail’s research shows that fake email continues to be a major problem worldwide,” said Alexander García-Tobar, CEO and co-founder of Valimail. He added: “There are encouraging signs of progress in the fight against fake email, starting with the U.S. federal government, where we’ve seen an unprecedented deployment of anti-impersonation technologies, thanks to a mandate by the Department of Homeland Security. There’s still a long way to go, but the DHS example shows that stopping email impersonation is both critical to our highest institutions and achievable.”
For the purposes of this report, Valimail used proprietary data from its analysis of billions of email message authentication requests, plus an analysis of more than 3 million publicly accessible DMARC and SPF records.
Now in its third consecutive quarter, Valimail’s research able to show how the fight against fake email is progressing worldwide, in a variety of industry categories.
Notably, the U.S. federal government leads all other sectors in DMARC usage and DMARC enforcement, thanks to an October 2017 mandate from the Department of Homeland Security. Over 70 percent of federal domains have DMARC records and 43 percent are configured in a way that protects agencies from impersonation.
Other findings from the report:
- The United States continues to lead the world as a source of fake email
- The rate of DMARC implementation continues to grow in every industry
- DMARC enforcement remains a major challenge, with a failure rate of 75-80 percent in every industry
- The rate of SPF usage continues to grow in every industry, despite a high rate of implementation problems
To view Valimail’s full Email Fraud Landscape report visit https://www.valimail.com/resources/report/email-fraud-landscape-q2-2018/.