Email Security Blog

Just Published – Email Fraud and DMARC Adoption Trends Report

Fareed Bukhari February 7, 2018 DMARC
Fallback Featured Image

We recently teamed up with Farsight Security to analyze data on the current state of email security, email fraud and DMARC adoption. Our inaugural “Email Fraud and DMARC Adoption Trends Report” summarizes the state of email authentication across industries from the second half of 2017. This is the only DMARC focused report that incorporates data from Agari’s Email Threat Center as well as Farsight DNSDB, the world’s largest real-time and historical database of DNS records.

The report exposes some distinct email security trends, confirmed many theories and revealed some surprising facts. A few examples:

  • Low Global Enforcement Rates – Farsight Security DNS intelligence reveals global DMARC enforcement rates are approximately 26 percent or lower across the universe of internet domains. Agari customers (tracked by the Agari Threat Center) have achieved much higher protection rates: 99 percent in retail, 95 percent in technology and 89 percent in finance.
  • Healthcare is Most Targeted Industry – Among Agari customers, 92 percent of healthcare industry domains are targeted by domain name spoofing. The majority of messages (58 percent threat rate) sent on behalf of the healthcare industry are malicious or unauthorized, undermining the trust in medical providers, insurance companies and pharmaceutical brands. It is not surprising that healthcare is the most targeted industry since it is also the vertical least protected by DMARC, with protected domains hovering only between 10 – 20 percent.
  • Government Domains are Under Attack – The government sector is the second most attacked industry, with 87 percent of domains target. One out of ten messages (12 percent threat rate) sent on behalf of federal domains are malicious or unauthorized – significantly higher than the global average of three percent.

The breadth of the data available from Farsight DNSDB also gave an illuminating peek into the relative market share of DMARC implementation services vendors. When we tallied up the aggregate reporting email addresses used of DMARC-carrying domains identified in Farsight DNSDB, we were pleased to see that Agari was by far the leader in terms of domains protected or monitored.

Domains protected by DMARC vendor - the state of email security

More importantly, Agari also led the pack when it came to the percentage of domains with enforcement policies. Over 70% of domains using Agari were at a p=reject policy, versus 40% with the next nearest vendor.

To learn more about the state of email security, email fraud and DMARC adoption trends get the report.

Get the Email Fraud & DMARC Adoption Trends Report

Leave a Reply

Your email will not be published. All fields are required.

Agari Blog Image

April 17, 2019 Fareed Bukhari

The Time is Now: Underscoring the Importance of DMARC for State and Local Governments

Scammers know that impersonating a trusted government agency is an extremely effective way to trick…

Agari Blog Image

February 26, 2019 Armen Najarian

Retail Trails Other Sectors in Adopting DMARC for Phishing Prevention

Recent research by the Agari Cyber Intelligence Division finds that the retail industry is dead…

Person Looking at DMARC Protected Email

February 19, 2019 Fareed Bukhari

DMARC Adoption Up, But 85% of Fortune 500 Remains Vulnerable to Brand Hijacking

Adoption of Domain-based Message Authentication, Reporting, and Conformance (DMARC) has seen modest growth in recent…

Agari Blog Image

October 16, 2018 Fareed Bukhari

One Year Later: Federal Mandate for Email Authentication Huge Success

Responding to BOD 18-01, agencies rally to complete the fastest sector-wide adoption of DMARC One…

Agari Blog Image

October 16, 2018 Patrick Peterson

DMARC: A 12-Month Triumph for DHS—and the Nation

Today is the deadline set by the Department of Homeland Security for all executive branch…

mobile image