Valimail Research Finds Domains Without DMARC Enforcement Are Spoofed at Nearly Four Times the Rate of Domains with DMARC Enforcement

By Associated Press 05 March 2020, 12:00AM


Valimail, the leading provider of identity-based anti-phishing solutions, today released findings from its Email Fraud Landscape: Winter 2020 Report. The research analyzes trends in fraudulent email as well as the adoption of Domain-based Message Authentication, Reporting and Conformance (DMARC), a vendor-neutral authentication protocol that allows email domain owners to protect their domain from unauthorized use, or “spoofing.”

This press release features multimedia. View the full release here:

Valimail's Email Fraud Landscape: Winter 2020 Report (Graphic: Business Wire)

As of January 2020, nearly 1 million (933,973) domains have published DMARC records — an increase of 70% compared to last year, and more than 180% growth in the last two years. In addition, 80% of all inboxes worldwide do DMARC checks and enforce domain owners’ policies — if domain owners have configured DMARC.

However, just 13% of all DMARC records are configured with enforcement policies, demonstrating that interest in DMARC is increasing but DMARC expertise is not keeping pace.

“Given DMARC’s benefits, it comes at no surprise its rate of adoption has been growing consistently,” said Alexander García-Tobar, CEO and co-founder, Valimail. “But publishing a DMARC record is just the first step — enforcement must be reached before a domain is protected, and trust can be restored to email. There’s an additional downside to not getting to enforcement: Our research demonstrates that domains without DMARC policies at enforcement are spoofed nearly four times more often compared to domains with DMARC at enforcement. This is because fraudsters give up trying to spoof a domain once they realize it doesn’t work, and move on to easier targets.”

Additional key data points from Valimail’s research includes:

  • At a minimum, 1% of global email volume is sent using a spoofed domain.
  • The United States remains the largest source of spoofed email by volume.
  • Russia, China, Vietnam and India continue to have a proportionally high number of spoofs among email originating from these countries.
  • 79% of US federal domains have DMARC records and 93% of those are at enforcement, a tribute to the success of a 2017 directive from the Department of Homeland Security, BOD 18-01.
  • 23% of billion-dollar companies’ domains are at DMARC enforcement.

The research was compiled by analyzing a broad cross-section of company sizes and revenues across eight different verticals. To download the full report, please visit:

About Valimail

Valimail is a pioneering identity-based anti-phishing company that has been ensuring the global trustworthiness of digital communications since 2015. Valimail delivers the only complete, cloud-native platform for validating and authenticating sender identity to stop phishing, protect and amplify brands, and ensure compliance. Valimail has won more than a dozen prestigious cybersecurity technology awards and authenticates billions of messages a month for some of the world’s biggest companies, including Uber, Fannie Mae, WeWork, and the U.S. Agency for International Development.

View source version on

CONTACT: Dylan Tweney

VP of Communications at Valimail

[email protected]




SOURCE: Valimail

Copyright Business Wire 2020.

PUB: 03/04/2020 07:00 AM/DISC: 03/04/2020 07:01 AM

By Associated Press 05 March 2020, 12:00AM

Trending Stories

Samoa Observer

Upgrade to Premium

Subscribe to
Samoa Observer Online

Enjoy unlimited access to all our articles on any device + free trial to e-Edition. You can cancel anytime.