Research: Crisis of Fake Email Continues to Plague Industries Worldwide

6.4 Billion Fake Emails Sent Every Day — Most Industries Making Gradual Progress in Protecting Themselves Against Fake Email — U.S. Government Shows Leadership

Valimail, provider of fully automated email authentication, announced the results of its quarterly research on the
state of email fraud. The Valimail Q2 2018 Email Fraud Landscape shows that fake email continues to be a serious problem, with an estimated 6.4 billion fake emails sent worldwide every day. That total includes only exact-domain sender spoofing, in which senders put a fake email address in the From: field of their messages. This is one of the most difficult to detect and damaging types of fake emails. For example, the Federal Bureau of Investigation recently reported that business email compromise (BEC) costs have reached $12 billion over the past several years.

Elvis, Marilyn and Elvis (again!) at the Valimail booth at Black Hat 2018 – illustrating the dangers of impersonators…

Valimail’s study underscores the scope of the fake email problem. Far from being merely a “social engineering” issue, fake email is a direct result of technical issues with the way email is implemented: It lacks a built-in authentication mechanism, making it all too easy to spoof senders. At Black Hat 2018, Valimail offered visitors the company of several Elvis Presley and Marilyn Monroe impersonators (shown in the photo) to drive home the issue of impersonation in email.

However, the fake email crisis is also amenable to a technical solution, starting with the email authentication standards DMARC, SPF, and DKIM. “Valimail’s research shows that fake email continues to be a major problem worldwide,” said Alexander García-Tobar, CEO and co-founder of Valimail. He added: “There are encouraging signs of progress in the fight against fake email, starting with the U.S. federal government, where we’ve seen an unprecedented deployment of anti-impersonation technologies, thanks to a mandate by the Department of Homeland Security. There’s still a long way to go, but the DHS example shows that stopping email impersonation is both critical to our highest institutions and achievable.”

For the purposes of this report, Valimail used proprietary data from its analysis of billions of email message authentication requests, plus an analysis of more than 3 million publicly accessible DMARC and SPF records.
Now in its third consecutive quarter, Valimail’s research able to show how the fight against fake email is progressing worldwide, in a variety of industry categories. Notably, the U.S. federal government leads all other sectors in DMARC usage and DMARC enforcement, thanks to an October 2017 mandate from the Department of Homeland Security. Over 70 percent of federal domains have DMARC records and 43 percent are configured in a way that protects agencies from impersonation.

Other findings from the report:
● The United States continues to lead the world as a source of fake email
● The rate of DMARC implementation continues to grow in every industry
● DMARC enforcement remains a major challenge, with a failure rate of 75-80
percent in every industry
● The rate of SPF usage continues to grow in every industry, despite a high rate of
implementation problems

To view Valimail’s full Email Fraud Landscape report visit
https://www.valimail.com/resources/report/email-fraud-landscape-q2-2018/ 

About Valimail
Valimail is the trusted leader in automated email authentication, with a comprehensive
platform for anti-impersonation, brand protection, and anti-fraud defense. Valimail’s
patented, standards-compliant technology provides an unrivaled, fully automated
solution for DMARC enforcement to stop phishing attacks, improve deliverability,
provide comprehensive visibility of legitimate as well as unauthorized email senders,
and protect organizations’ reputations. Valimail authenticates billions of messages a
month for some of the world’s biggest companies, in finance, government,
transportation, health care, manufacturing, media, technology, and more. Valimail is
based in San Francisco. For more information visit www.valimail.com