The Email Fraud and Identity Deception Trends report is released quarterly based on analysis of approximately 500b emails globally. Trends that dominated from April—June 2019 include:

  • Gift cards are requested in 65% of all BEC scams
  • Employee-reported phishing attacks jump 14% in 90 days
  • DMARC adoption rates across the globe remain slow, but BIMI grows by nearly 400%
  • Elizabeth Warren remains the sole presidential contender following email security best practices



analyst research
Analyst Research
Osterman Research: Solving Phishing, BEC, Account Takeovers and More

Organizations have a dramatically expanded ...

Learn more

About This Report 

This report contains metrics from data collected and analyzed by the following sources:

Aggregate Advanced Threat Protection Data

For inbound threat protection, Agari uses machine learning—combined with knowledge of an organization’s email environment—to model good or authentic traffic. Each message received by Agari is scored and plotted in terms of email senders’ and recipients’ identity characteristics, expected behavior, and personal, organizational, and industry-level relationships. For the attack categorization analysis, we leveraged anonymous aggregate scoring data that automatically breaks out identity deception-based attacks that bypass upstream SEGs into distinct threat categories, such as display name deception, compromised accounts, and more.

Phishing Incident Response Trends

This report presents results from a custom survey conducted by Agari during June 2019. The following charts summarize the demographics and location of the respondents.

Global DMARC Domain Analysis

For broader insight into DMARC policies beyond what we observed in email traffic targeting Agari’s customer base, we analyzed 328,540,568 domains, ultimately observing 7,671,752 domains with recognizable DMARC policies attached. This constantly updated list of domains serves as the basis for trend tracking in subsequent reports.

Q3 Vendor Rankings by Total Share of Domains and Percentage of Domains with Reject Policies

The chart shown on the next page provides a basic ranking of top vendors, corresponding to the number of domains that specify that particular vendor in the “rua” field. We then apply a second filter indicating the all-important percentage of domains at the highest possible DMARC enforcement policy setting of p=reject for each vendor, which is the policy level that will block phishing messages from ever reaching the end use

About the Agari Cyber Intelligence Division (ACID) 

The Agari Cyber Intelligence Division (ACID) is the only counterintelligence research team dedicated to worldwide BEC and spear phishing investigation. ACID supports Agari’s unique mission of protecting communications so that humanity prevails over evil. ACID uncovers identity deception tactics, criminal group dynamics, and relevant trends in advanced email attacks. Created by Agari in 2018, ACID helps to impact the cyber threat ecosystem and mitigate cybercrime activity by working with law enforcement and other trusted partners. Learn more at

About Agari

Agari is transforming the legacy Secure Email Gateway with its next-generation Secure Email Cloud™ powered by predictive AI. Leveraging data science and real-time intelligence from trillions of emails, the Agari Identity Graph™ detects, defends, and deters costly advanced email attacks including business email compromise, spear phishing, and account takeover. Winner of the 2018 Best Email Security Solution by SC Magazine, Agari restores trust to the inbox for government agencies, businesses, and consumers worldwide.

Learn more at

Close button
Mail Letter

Would you like the confidence to trust your inbox?