Just 0.5 Percent of The Top Million Domains Have Protected Themselves From Impersonation by Email Authentication, According to ValiMail Report
Research released by ValiMail, a provider of automated email authentication, reveals the overwhelming majority of company domains that are vulnerable to rampant email impersonation attacks. ValiMail’s 2017 Email Fraud Landscape Report shows that most domain owners have not attempted to implement fraud protection through the latest and most complete form of protection, DMARC (Domain-based Message Authentication, Reporting & Conformance), a widely used standard that ensures only authorized senders can use an organization’s domain name in their emails.
“Email has been weaponized by hackers as the leading way to infiltrate networks, and the vast majority of businesses are leaving themselves vulnerable by either incorrectly configuring their authentication systems or forgoing protection entirely. Businesses are asking their employees to complete an impossible task: identifying who is real and who is an impersonator, by closely examining every message in their inboxes. The only sustainable solution is for companies to take control of their email security at the technology level and stop placing the onus on employees to prevent phishing attacks,” said Alexander García-Tobar, CEO and Co-founder, ValiMail.
Key findings from the report:
- Email fraud is a pervasive threat. One in five messages sent today come from unauthorized senders, indicating massive amounts of fraudulent activity.
- Virtually all domains lack adequate protection. Just 0.5 percent of the top million domains have protected themselves from impersonation by email authentication, leaving 99.5 percent vulnerable.
- Incorrect DMARC deployments prevent email protection. Over three-fourths (77 percent) of domains that have deployed DMARC records remain unprotected from fraud, either through misconfiguration or by setting a permissive DMARC policy.
- The difficulty of fully implementing and maintaining DMARC leads to inadequate protection. Only 15 to 25 percent of companies that attempt DMARC succeed at achieving protection from fraud, depending on category.
- DMARC is accessible to most domains. Over three-fourths (76 percent) of the world’s email inboxes support DMARC and will enforce domain owners’ authentication policies, if those policies exist.
Implementing email authentication would save the average company $8.1 million per year in cybercrime costs — $16.2 billion annually across the Fortune 2000.
“ValiMail’s research demonstrates the volume of email fraud threats faced by companies today and highlights the alarming lack of understanding of how to combat these threats. These findings highlight that a lack of email authentication is the most prevalent security vulnerability companies face. In order to truly protect our inboxes, we must drive greater adoption of cybersecurity technologies and protocols such as DMARC,” said Shehzad Mirza, the Director of Operations for the Global Cyber Alliance.
DMARC’s influence and adoption rates are steadily growing. In October 2017, the Department of Homeland Security announced it would begin requiring federal agencies to implement DMARC within 90 days. Currently only 38 percent of the top government agencies have DMARC records and only 14 percent have reject/quarantine enforcement in advance of the January 14, 2018 deadline.
ValiMail, the world’s first provider of Email Authentication as a Service, enables automated email authentication for 4.8 billion email inboxes globally. Using the DMARC, SPF, and DKIM protocols, ValiMail gives enterprises full visibility and control over who sends messages using their domains, eliminates phishing impersonation attacks, and improves email deliverability.