The Threat Center provides real-time aggregate DMARC statistics from Agari customer data, which is the largest set of detailed DMARC data in the world based both on email volume and domains. In effect, given Agari’s broad customer base, the Agari Email Threat Center can consolidate and aggregate all DMARC statistics from the domains of top US banks, social networks, healthcare providers, major government agencies, and hundreds of other organizations. It analyzed more than 571 billion emails over 16,000 domains in Q3 2018.
Note: The Threat Center tracks authentication statistics across active domains belonging to Agari’s customers. Passive or defensive domains that don’t process an email will not be reflected in the totals. Overall, as indicated previously, the Agari reject rate across all industries in the global domain snapshot is 82%.
Using the same industry grouping cohorts presented in the previous section, we compared the respective enforcement levels for each vertical category with Agari customers. Matching the larger industry dynamics we reported, the government sector (heavily weighted towards US government) took top prize for enforcement levels within the Threat Center rankings. Following this sector, healthcare and technology were tied as the next-ranked vertical for the percentage of domains at enforcement.
Notably, healthcare as a vertical moved from the lowest enforcement rate in the Threat Center to this second-ranked position. It’s notable that following publicized Binding Operational Directive (BOD) 18-01 which shepherded in the DMARC attainment process for the US government, National Health ISAC issued a companion “pledge” for member organizations to similarly adopt the standard.
To see detailed industry authentication statistics and trends, visit agari.com/threatcenter
For more information on the NH-ISAC DMARC pledge and healthcare adoption, visit agari.com/healthreport
For the latest on US Government adoption and BOD 18-01, visit agari.com/fedreport
For instance, a bank could use BIMI to display its logo next to its messages, providing brand exposure as well as an assurance to recipients that the message really did come from that bank. BIMI will work only with an email that has been authenticated through DMARC standard and for which the domain owner has specified a DMARC policy of enforcement, so only authenticated messages can be delivered.
Based on our Q3 dataset, Agari determined that BIMI adoption reflected 48 distinct brands or email-sending domains. Given the promise of the proposed standard, which delivers free brand impressions to organizations combined with the boost in email trust, we expect this figure to grow in subsequent quarters.
For more information on BIMI, visit brandindicators.org
Below is an example of a customer experience over the course of Q3 2018. This customer, a global, publicly traded e-commerce firm, was receiving a tremendous volume of phishing and unauthenticated emails—at times more than 100 million per day impersonating its brand. These emails were being viewed by existing and potential customers, spoofing the company domain in the “From:” header of emails.
At the end of the day on September 26, 2018, the customer implemented a DMARC Reject policy, resulting in millions of spoofed messages that were no longer being delivered. Specifically, in the days following the configuration change, 99% of fraudulent/ unauthenticated messages were immediately blocked, unviewed by the intended victims.