Email Security Blog

DMARC identifies 90% of Top Malicious Attacks

Agari November 22, 2013 DMARC
Fallback Featured Image

“A 3 month analysis of the top US malicious email campaigns shows DMARC would have identified 90% of these malicious attacks”

Over 20 months ago, industry titans including Paypal, Google, Microsoft, Yahoo!, AOL, and Facebook banded together to launch DMARC, a new approach to reducing email phishing/spamming. In the short period since, DMARC has deployed rapidly and now covers 80% of US consumers and over 60% of consumers globally.

A known issue is that DMARC only reports back to the owner of a domain, thereby opening up a brand to phishing attacks on its consumers from domains it does not own but that appear visually similar, sometimes referred to as cousin domains. For example, a spammer could use Fceboook.com and carry out an attack, pretending to be Facebook. Even if Fceboook.com were DMARC-enabled, DMARC authentication would be sent to the owner of Fceboook.com, presumably the criminal, and would not be stopped. This has led some to question the effective coverage DMARC provides, i.e. “how big of a net does DMARC cast?”

Agari’s DMARC-based service uses several additional techniques & partners to address the cousin domain issue, but being the data geeks we are, decided to study this issue more closely. Working with our partner Malcovery, Agari studied the top US email-based phishing, spam and malware campaigns during the July-September 2013 period*. Of the 83 unique campaigns observed, DMARC would have addressed 77, or 90%, of these attacks.

While these results are encouraging, Agari also wondered how this would change moving forward. How would criminals respond to DMARC protected brands? We studied our early adopter clients who have had DMARC in place for more than 2 years. By looking at their abuse statistics, it seems that criminals have indeed tried to “go around” DMARC and have used domains not covered by Agari’s service, but only in small quantities. The overall level of attacks is still down 90% on average compared to prior to their DMARC deployments. It therefore appears that from both a frequency and effectiveness perspective, criminals have not been as successful using cousin domains. One line of questioning we hope to explore in future studies is, why this is the case?

Read more here

Leave a Reply

Your email will not be published. All fields are required.

Agari Blog Image

February 26, 2019 Armen Najarian

Retail Trails Other Sectors in Adopting DMARC for Phishing Prevention

Recent research by the Agari Cyber Intelligence Division finds that the retail industry is dead…

Person Looking at DMARC Protected Email

February 19, 2019 Fareed Bukhari

DMARC Adoption Up, But 85% of Fortune 500 Remains Vulnerable to Brand Hijacking

Adoption of Domain-based Message Authentication, Reporting, and Conformance (DMARC) has seen modest growth in recent…

Agari Blog Image

October 16, 2018 Fareed Bukhari

One Year Later: Federal Mandate for Email Authentication Huge Success

Responding to BOD 18-01, agencies rally to complete the fastest sector-wide adoption of DMARC One…

Agari Blog Image

October 16, 2018 Patrick Peterson

DMARC: A 12-Month Triumph for DHS—and the Nation

Today is the deadline set by the Department of Homeland Security for all executive branch…

Agari Blog Image

August 10, 2018 Patrick Peterson

Half of Federal Agencies Racing to Meet DMARC Active Enforcement Deadline

Executive branch DMARC adoption hits 81%—but with roughly 90 days to go, most have yet…

mobile image