From July through October 2018, attackers overwhelmingly used display name deception to launch business email compromise attacks, stealing money and credentials from their victims while damaging trust in the brands and domains they impersonated. Among Agari’s findings:

  • 54% of attacks leveraged impersonated brands, particularly Microsoft and Amazon, in the sender display name to convince victims the email was legitimate.
  • Raw DMARC policy adoption rose by 51%, according to the most comprehensive DMARC snapshot to date—but not all DMARC adoption was benevolent.
  • The US federal government sector led DMARC policy adoption, with a 76% DMARC reject rate.

Download your copy of the Q4 2018 Email Fraud and DMARC Adoption Trends report now to learn which brands and identities were targeted most and how DMARC authentication helps businesses protect their brands and domains.

Enforcement Rates Compared:
The Agari Advantage

To see how enforcement rates across industries compared with those of Agari customers, we looked at the data from the Agari Email Threat Center.

The Threat Center provides real-time aggregate DMARC statistics from Agari customer data, which is the largest set of detailed DMARC data in the world based both on email volume and domains. In effect, given Agari’s broad customer base, the Agari Email Threat Center can consolidate and aggregate all DMARC statistics from the domains of top US banks, social networks, healthcare providers, major government agencies, and hundreds of other organizations. It analyzed more than 571 billion emails over 16,000 domains in Q3 2018.


Note: The Threat Center tracks authentication statistics across active domains belonging to Agari’s customers. Passive or defensive domains that don’t process an email will not be reflected in the totals. Overall, as indicated previously, the Agari reject rate across all industries in the global domain snapshot is 82%.

Using the same industry grouping cohorts presented in the previous section, we compared the respective enforcement levels for each vertical category with Agari customers. Matching the larger industry dynamics we reported, the government sector (heavily weighted towards US government) took top prize for enforcement levels within the Threat Center rankings. Following this sector, healthcare and technology were tied as the next-ranked vertical for the percentage of domains at enforcement.

Notably, healthcare as a vertical moved from the lowest enforcement rate in the Threat Center to this second-ranked position. It’s notable that following publicized Binding Operational Directive (BOD) 18-01 which shepherded in the DMARC attainment process for the US government, National Health ISAC issued a companion “pledge” for member organizations to similarly adopt the standard.

More Resources:
To see detailed industry authentication statistics and trends, visit
For more information on the NH-ISAC DMARC pledge and healthcare adoption, visit
For the latest on US Government adoption and BOD 18-01, visit

A Fast Start for BIMI Adoption 

Brand Indicators for Message Identification (BIMI) is a standardized way for brands to publish their brand logo online. It lets the logos be easily incorporated into messaging and social media applications. BIMI does this with built-in protections that safeguard the brand, application providers, and consumers from impersonation attempts.

For instance, a bank could use BIMI to display its logo next to its messages, providing brand exposure as well as an assurance to recipients that the message really did come from that bank. BIMI will work only with an email that has been authenticated through DMARC standard and for which the domain owner has specified a DMARC policy of enforcement, so only authenticated messages can be delivered.


Based on our Q3 dataset, Agari determined that BIMI adoption reflected 48 distinct brands or email-sending domains. Given the promise of the proposed standard, which delivers free brand impressions to organizations combined with the boost in email trust, we expect this figure to grow in subsequent quarters.

For more information on BIMI, visit

A Closing Note:
The Importance of DMARC and a Reject Policy

The importance of a well-configured DMARC enforcement policy with a p=reject blocking policy on all domains cannot be overstated.

Below is an example of a customer experience over the course of Q3 2018. This customer, a global, publicly traded e-commerce firm, was receiving a tremendous volume of phishing and unauthenticated emails—at times more than 100 million per day impersonating its brand. These emails were being viewed by existing and potential customers, spoofing the company domain in the “From:” header of emails.


At the end of the day on September 26, 2018, the customer implemented a DMARC Reject policy, resulting in millions of spoofed messages that were no longer being delivered. Specifically, in the days following the configuration change, 99% of fraudulent/ unauthenticated messages were immediately blocked, unviewed by the intended victims.

Close button
Mail Letter

Would you like the confidence to trust your inbox?