This report contains metrics from data collected and analyzed by the following sources:
For inbound threat protection, Agari uses machine learning—combined with knowledge of an organization’s email environment— to model good or authentic traffic. Each message received by Agari is scored and plotted in terms of email senders’ and recipients’ identity characteristics, expected behavior, and personal, organizational, and industry-level relationships. For the attack categorization analysis, we leveraged anonymous aggregate scoring data that automatically breaks out identity deception-based attacks that bypass upstream SEGs into distinct threat categories, such as Display Name Deception, Compromised Account, and more.
For broader insight into DMARC policies beyond what we observed in email traffic targeting Agari’s customer base, we obtained and analyzed two large snapshots, representing virtually all the publicly accessible domains in DNS over the course of Q3.
Over the course of this period, our base domain list increased by 38 million, mostly in newly detected country code top-level domain (CCTLDs.) These snapshots will form the basis for trend tracking in subsequent reports.
The Agari Threat Center continually aggregates anonymized DMARC reporting data that we track over our customer domains in several industry sectors. Over the period of this report, over 576 trillion emails were visible to the Agari Threat Center, traversing over 14,200 top level and subdomains. Visit agari.com/email-threat-center/ to explore authentication results across various verticals and time frames. To maintain complete confidentiality, the Threat Center database does not store company-specific information of any kind. Threat Center data is primarily representative of business-to-consumer (B2C) email for the countries and industries in which we have significant market penetration.
In order to compare and contrast the global DMARC insights provided by our domain snapshots with the data tracked by Agari, we grouped public data into corresponding vertical categories represented in the Agari Threat Center. Note that for other analyses, such as the Fortune 500, US federal government, and large industry sections, we obtained the domain names from public sources and determined DMARC authentication status using Agari lookup tools.
The Agari Cyber Intelligence Division (ACID) is the only counterintelligence research team dedicated to worldwide BEC and spearphishing investigation. ACID supports Agari’s unique mission of protecting communications so that humanity prevails over evil. ACID uncovers identity deception tactics, criminal group dynamics, and relevant trends in advanced email attacks. Created by Agari in 2018, ACID helps to impact the cyber threat ecosystem and mitigate cybercrime activity by working with law enforcement and other trusted partners.
Learn more at acid.agari.com