Chinese and other small European email providers remain outliers to global DMARC adoption trends.
A new report from Valimail found that email remains one of the leading modes of cybercrime, used in over 90% of all cyberattacks. The pandemic has provided a new leverage point for these attacks. Valimail’s study reveals that since the beginning of COVID-19, email security providers (ESPs) reported a surge in pandemic-themed phishing attacks. These scams took advantage of people adjusting to working from home, in environments where they are easily distracted, with less-secure computer hardware and networks.
Indeed, phishers continue to deploy attacks readily. The average phishing campaign lasts a mere 12 minutes, according to Google, which has stated that it blocks over 100 million phishing emails per day and that 68% of them are new, never-before-seen scams. And, according to research by Barracuda, 89% of all email attacks utilize impersonation, primarily of trusted brands (83%) but also of individuals (6%).
Also Read: Not Another Typical Lifecycle Email Article
Understanding the Threat Landscape for Emails
To get a read on the rate of domain spoofing among email traffic as a whole, Valimail examined consolidated data from millions of  Domain-based Message Authentication, Reporting and Conformance (DMARC)Opens a new window aggregate reports collected on behalf of customers during 2020. Taken together, these represent hundreds of billions of individual email messages originating from tens of thousands of domains, sent to recipients using a wide variety of mailbox providers worldwide.
Valimail found that, throughout 2020, about 1% of all messages originated from suspicious and likely fraudulent senders. This is about the same as the rate it found in the second half of 2019. Given Radicati’s estimate of overall email traffic worldwide, that translates to an average of 3 billion email messages using spoofed sender identities sent every day.
Overall, the rate of domain spoofing appears to have leveled off after a period of decline over several years.
Interestingly, moving to DMARC enforcement not only stops these spoofs from being delivered but also cuts down on the overall rate of attempted spoofing. Valimail found that 1.9% of email from domains without DMARC enforcement is suspicious, while just 0.4% of email from domains with DMARC enforcement is suspicious.
In other words, domains without DMARC enforcement are 4.75x more likely to be the target of spoofing attempts than domains with DMARC enforcement. Given that domains with DMARC enforcement are over-represented in the Valimail dataset, this means the estimate that 1% of the world’s email traffic is using spoofing is almost certainly a conservative figure.
Given its benefits, it is no surprise that the growth of the DMARC standard has been impressive.
On the receiving side, major email receivers have been supporting the standard for several years. Valimail’s data shows that about 80% of the world’s inboxes (including virtually all U.S.- based email providers) do DMARC checks on inbound email messages, enforcing the domain owner’s stated policies. This includes such well-known mailbox providers as Google (for both Gmail and Google Workspace, formerly known as G Suite), Microsoft (for both Outlook.com and Microsoft 365 accounts), Verizon Media (including Yahoo Mail and AOL), and many others. Additionally, all the major enterprise gateways and secure email gateways (SEGs) do DMARC checks on inbound mail, usually by default.
Valimail found that this 80% figure has remained fairly consistent over the past two years. There have been no major additions to the list of mail receivers doing DMARC checks on inbound mail. The most significant remaining outliers include a few large email providers in China and a number of smaller regional providers in Europe.
In short, DMARC checking — if enabled by domain owners — will be performed on inbound mail for the overwhelming majority of the world’s estimated 7 billion active email inboxes.
Also Read: 7 Tips to Reach Gen Z Through Email MarketingOpens a new window
Conclusion
DMARC usage is growing, and rates of enforcement are increasing, as domain owners recognize the utility of this widely accepted standard for curtailing one of the most pernicious types of email-based attacks.
Deploying DMARC is typically a two-step process in which domain owners first publish a DMARC record in monitoring mode, then later move to enforcement. While monitoring mode provides visibility into which services (and attackers) may be using your domain to send an email, it is only with enforcement that you can shut down unauthorized senders and prevent them from reaching recipients’ inboxes.
“Privacy laws already exist in Europe and parts of the United States, and if a company does any business in those areas, a DMARC policy at enforcement is essential,†said Alexander GarcÃa-Tobar, CEO and co-founder, Valimail. “DMARC is not going away and the best thing a company can do is understand the potential exposure without it. By having valid email authentication in place, companies protect themselves and their customers from privacy violations. Without it, emails are sent without permission, fines are issues, confidential information is obtained and reputations sink. This wave is only a starting point. Companies must step up as the risk of going without enforcement will only get worse.â€
Overall, the vast majority of domains with DMARC are not yet at enforcement, but this rate is much higher among larger organizations and is growing. As awareness grows about DMARC’s effectiveness in locking down domains, we expect that these numbers will continue to increase.