Most industries are still vulnerable to fake emails and email addresses despite using Domain-based message Authentication, Reporting & Conformance (DMARC) protocols. A Valimail report released today found that nearly 80 percent of all inboxes worldwide do DMARC checks on inbound emails, but success rates remain close to 20 percent in most categories.
While the percentage of suspicious and fake email is seemingly small at 1.2 percent, that represents 3.4 billion fake emails every day, according to the report. The majority of suspicious email comes from Germany, Vietnam, and Russia who have the largest percentages of their overall email being suspicious at 76.8 percent, 99.8 percent, and 93 percent, respectively.
Valimail cites that only the U.S. government and U.S. tech companies have DMARC rates of protection that exceed 20 percent. Over 75 percent of Federal government domains are protected at enforcement, leading all sectors.
“The U.S. government, spurred on by the Department of Homeland Security’s order BOD 18-01, has posted unprecedented, industry-leading success rates,” Valimail said.
The number of domains with DMARC records has roughly doubled over the past two years, the report says, but also says that it’s the enforcement that lags as only one in five DMARC records is actually protecting domains from fake or suspicious emails.
The rate of fake or suspicious emails leaves many domains and businesses vulnerable to phishing attacks, but the number of unprotected domains might actually be higher than the report found.
“The real total is almost certainly higher, given that our sample is heavily weighted towards Valimail customers who are protected from fakes,” the report said.