Support for email authentication continues to grow among email receivers (Gmail, Microsoft Office 365, and other global mailbox providers). However, too few organizations are taking advantage of this global infrastructure by deploying authentication for messages sent from (or apparently sent from) their own domains.The result: A worldwide crisis of spear phishing and impersonation, causing untold billions in monetary losses, cybersecurity mitigation costs, and brand damage. Multiple studies have found that at least 90 percent of cyberattacks start with phishing. The majority use impersonation techniques to fraudulent pose as a trusted sender. These attacks are especially difficult for companies to stop, since they often lack malware or malicious links that would normally be caught by security systems.It doesn’t have to be this way. By deploying email authentication through the Domain-based Message Authentication, Reporting, and Conformance (DMARC) standard, and by configuring DMARC to a policy of enforcement, companies can substantially improve their cybersecurity defense posture. The enforcement policy is key, because it directs receiving mail servers to reject or quarantine unauthorized messages. This protects companies against phishing and shuts down email-based impersonation and fraud.Key Findings:1 out of 20 emails sent in 2017 was unauthorized and possibly fraudulent5 billion inboxes support DMARC (75% of the world’s total)The U.S. government far surpasses any private sector industry in use of DMARC for email authenticationDenmark and the Netherlands lead globally in corporate use of email authenticationSPF is widely used but implementations have a high error rate, damaging its effectiveness
Valimail Report 2018 Q1
