Search Close
Email Security Blog

DMARC identifies 90% of Top Malicious Attacks

Agari November 22nd, 2013 DMARC
Fallback Featured Image

“A 3 month analysis of the top US malicious email campaigns shows DMARC would have identified 90% of these malicious attacks”

Over 20 months ago, industry titans including Paypal, Google, Microsoft, Yahoo!, AOL, and Facebook banded together to launch DMARC, a new approach to reducing email phishing/spamming. In the short period since, DMARC has deployed rapidly and now covers 80% of US consumers and over 60% of consumers globally.

A known issue is that DMARC only reports back to the owner of a domain, thereby opening up a brand to phishing attacks on its consumers from domains it does not own but that appear visually similar, sometimes referred to as cousin domains. For example, a spammer could use Fceboook.com and carry out an attack, pretending to be Facebook. Even if Fceboook.com were DMARC-enabled, DMARC authentication would be sent to the owner of Fceboook.com, presumably the criminal, and would not be stopped. This has led some to question the effective coverage DMARC provides, i.e. “how big of a net does DMARC cast?”

Agari’s DMARC-based service uses several additional techniques & partners to address the cousin domain issue, but being the data geeks we are, decided to study this issue more closely. Working with our partner Malcovery, Agari studied the top US email-based phishing, spam and malware campaigns during the July-September 2013 period*. Of the 83 unique campaigns observed, DMARC would have addressed 77, or 90%, of these attacks.

While these results are encouraging, Agari also wondered how this would change moving forward. How would criminals respond to DMARC protected brands? We studied our early adopter clients who have had DMARC in place for more than 2 years. By looking at their abuse statistics, it seems that criminals have indeed tried to “go around” DMARC and have used domains not covered by Agari’s service, but only in small quantities. The overall level of attacks is still down 90% on average compared to prior to their DMARC deployments. It therefore appears that from both a frequency and effectiveness perspective, criminals have not been as successful using cousin domains. One line of questioning we hope to explore in future studies is, why this is the case?

Read more here

Leave a Reply

Your email will not be published. All fields are required.

October 16, 2018 Fareed Bukhari

One Year Later: Federal Mandate for Email Authentication Huge Success

October 16, 2018 Patrick Peterson

DMARC: A 12-Month Triumph for DHS—and the Nation

August 10, 2018 Patrick Peterson

Half of Federal Agencies Racing to Meet DMARC Active Enforcement Deadline

July 17, 2018 AJ Shipley

5 Big Myths about DMARC, Debunked

July 2, 2018 Armen Najarian

Brand Impersonation Scams Skyrocketing—is DMARC Email Security the Answer?

mobile image