The Valimail Q2 2018 Email Fraud Landscape shows that fake email continues to be a serious problem, with an estimated 6.4 billion fake emails sent every day.
That total includes only exact-domain sender spoofing, in which senders put a fake email address in the From: field of their messages. This is one of the most difficult to detect and damaging types of fake emails. For example, the FBI recently reported that business email compromise (BEC) costs have reached $12 billion over the past several years.
Valimail’s study underscores the scope of the fake email problem. Far from being merely a social engineering issue, fake email is a direct result of technical issues with the way email is implemented: It lacks a built-in authentication mechanism, making it all too easy to spoof senders.
However, the fake email crisis is also amenable to a technical solution, starting with the email authentication standards DMARC, SPF, and DKIM.
“There are encouraging signs of progress in the fight against fake email, starting with the U.S. federal government, where we’ve seen an unprecedented deployment of anti-impersonation technologies, thanks to a mandate by the Department of Homeland Security. There’s still a long way to go, but the DHS example shows that stopping email impersonation is both critical to our highest institutions and achievable,” said Alexander García-Tobar, CEO of Valimail.
For the purposes of this report, Valimail used proprietary data from its analysis of billions of email message authentication requests, plus an analysis of more than 3 million publicly accessible DMARC and SPF records.
Notably, the U.S. federal government leads all other sectors in DMARC usage and DMARC enforcement, thanks to an October 2017 mandate from the Department of Homeland Security. Over 70 percent of federal domains have DMARC records and 43 percent are configured in a way that protects agencies from impersonation.
Other findings from the report:
- The United States continues to lead the world as a source of fake email
- The rate of DMARC implementation continues to grow in every industry
- DMARC enforcement remains a major challenge, with a failure rate of 75-80 percent in every industry
- The rate of SPF usage continues to grow in every industry, despite a high rate of implementation problems.