TMCnet - World's Largest Communications and Technology Community



Global Fight Against Fake Email Intensifies, But Many Domains Still Aren't Implementing Standard Protections - Report
[February 01, 2019]

Global Fight Against Fake Email Intensifies, But Many Domains Still Aren't Implementing Standard Protections - Report

SAN FRANCISCO, Feb. 1, 2019 /PRNewswire/ -- U.S. federal government agencies and many major enterprises have made significant strides to thwart the spread of fake emails, a major cybersecurity attack vector. But many organizations remain susceptible because they're still not using readily available open standards-based technologies that prevent these fakes from reaching end-user inboxes.

Valimail logo (PRNewsfoto/Valimail)

That's the main conclusion of an exhaustively researched report released today by Valimail, the world's only provider of fully automated email authentication. Valimail's "Email Fraud Landscape, Q4 2018" indicates that the fight against fake email is advancing around the world — but email fraud remains a widespread and pernicious problem. In fact, the report notes, fake emails were a key driver in the 60 percent jump in business email compromise (BEC) losses in 2018 as reported by the FBI.

The Valimail report — now in its third year — distilled and analyzed proprietary data based on billions of email message authentication requests, along with an analysis of millions of publicly accessible domain name system (DNS) records. It found that many organizations and agencies aren't implementing basic preventive measures, starting with Domain-based Message Authentication Reporting & Conformance (DMARC) and Sender Policy Framework (SPF) records.

Email authentication standards need more adoption

The Valimail report discovered several encouraging signs regarding the adoption of email authentication standards, including:

  • 80 percent of all U.S. federal domains have published a DMARC record — up from 50 percent in 2018 (the result of a federal mandate).
  • 87 percent of federal domains that deploy DMARC have successfully configured it to enforcement — a standout success rate.
  • At least 50 percent of Fortune 500 and large U.S. tech companies have adopted DMARC.
  • Nearly 30 percent of healthcare companies are using DMARC — more than double the rate in late 2017.
  • Global media entities, NASDAQ-listed companies and global billion-dollar public companies rank the lowest in DMARC enforcement among the 11 categories surveyed.

Email lacks built-in authentication provisions that can authenticate a legitimate sender's identity. That makes it easy to 'spoof' the sender's address. Without email authentication standards such as DMARC, malicious actors don't need to compromise accounts to send emails that impersonate friends, coworkers, banks, government agencies and other trusted sources.

DMARC — properly configured — prevents fake emails from reaching inboxes
Popularly known as "spear phishing," identity deception is used in at least 90 percent of all cyberattacks, according to several sources cited in the Valimail report. The sender uses a fake "from" address, a deceptive domain or a display name that usually impersonates someone else — even the email recipient. When DMARC is configured to quarantine or reject suspicious emails, anyone who attempts to send email "as" a DMARC-enforced domain will fail unless that sender has been authorized by the owner of that domain. In other words, the messages won't reach the intended user inboxes.

The entire Valimail "Email Fraud Landscape, Q4 2018" report can be accessed here.

About Valimail
Valimail is the trusted leader in fully automated email authentication, with the only comprehensive platform for anti-impersonation, brand protection, and compliance used by corporations and federal agencies such as Uber, Fannie Mae, WeWork, and the U.S. Agency for International Development. Valimail's patented, standards-compliant technology provides an unrivaled solution to stop phishing attacks, improve deliverability, provide comprehensive visibility of legitimate as well as unauthorized email senders, and protect organizations' reputations. Valimail authenticates billions of messages a month for some of the world's biggest companies, in finance, government, transportation, health care, manufacturing, media, technology, and more. Valimail is based in San Francisco. For more information visit

Dylan Tweney, Head of Communications,, +1 650.605.3348


Cision View original content to download multimedia:

SOURCE Valimail

[ Back To's Homepage ]

Technology Marketing Corporation

35 Nutmeg Drive Suite 340, Trumbull, Connecticut 06611 USA
Ph: 800-243-6002, 203-852-6800
Fx: 203-866-3326

General comments:
Comments about this site:


© 2019 Technology Marketing Corporation. All rights reserved | Privacy Policy