Top retailers remain vulnerable to email brand spoofing

Retailers in 2020 are leaning heavily on e-commerce, thanks to the pandemic, and during the holiday season that means they are redoubling their email efforts. There is a problem, however: Most retailers have not devoted the same level of effort to securing email as they have to optimizing its effectiveness.

The result, in one crucial sphere of email security, is a surprising, industry-wide vulnerability.

Our key finding: Only 22 of the top 100 retailers are protected by DMARC with an enforcement policy that will block unauthorized use of the domain. The remaining 78 are vulnerable to being spoofed by fake emails, sent from anywhere in the world, to any recipient, using the retailer’s exact domain in the “From” field — without any authorization.

Get Your Guide

Related resources

Beyond The Basics: An Email Requirements Roundtable with Google, Yahoo and Valimail

Read more


What is DKIM?

Read more

What Is a DKIM Selector

Read more

Get started for free
with Monitor

Start your path to DMARC enforcement with a panoramic view of the traffic being sent on your behalf.
No trial offers, credit cards, or obligations.

Explore all Valimail
has to offer

Go one step further than visibility…Take action! Reach DMARC enforcement faster. Stay compliant with evolving sender requirements. All while protecting your brand.

Phishing and BEC protection starts with your domain — verify your DMARC status with the Valimail Domain Checker.