Get ahead of the attacks costing organizations around the globe billions in fraud losses. The H2 2020 Email Fraud and Identity Deception Trends report highlights current attack trends and provides insights including:

  • 66% of malicious emails employed identity deception tactics that impersonated well-known brands including the World Health Organization (WHO) and Centers for Disease Control (CDC).
  • SOC teams are rapidly becoming overwhelmed by a 67% false positive rate for employee-reported phishing incidents.
  • On average 90 undetected attacks make it to employee inboxes for every verified malicious email reported by an employee.

This new report by the Agari Cyber Intelligence Division is available now for immediate download.

Consumer Phishing and DMARC Trends

  • 80%
    Percentage of Fortune 500 companies that continue to leave customers, partners, investors and the general public at risk of phishing-based brand impersonation scams
  • 3.8X
    As of June 30, an impressive 5,282 brand domains have BIMI records, up 3.8X in just six months
  • 78%
    Percentage of Agari healthcare customers with domains protected by DMARC set to its strictest, enforcement policy to protect against attacks impersonating these brands—a 10% jump in six months

DMARC Adoption Snapshot
The Industry’s Largest Ongoing Study of Adoption Trends Worldwide

In a snapshot of more than 477+ million Internet domains, we assess adoption trends for Domain-based Message Authentication, Reporting, and Conformance (DMARC) from January through June 2020.

8 Million

At Mid-Year, 8,074,377 Domains Possessed Recognizable DMARC Policies Worldwide

2 Million

Just 2,041,442 Domains Have DMARC Set to Its Highest Enforcement Level

Failure to implement DMARC with the p=reject enforcement leaves organizations at risk from cybercriminals seeking to pirate their brand and domains to target phishing attacks at their customers and other consumers and businesses. These domains may also be blacklisted by receiver systems, or experience reduced deliverability rates for the brand’s legitimate email messages, resulting in costly disruptions to their email-based marketing and revenue streams.

DMARC Breakout Session
US Continues to Lead in DMARC Adoption

As part of this mid-year report, ACID examines the state of DMARC adoption by key geographies. Across the board, rising numbers of new domains are causing slippage in the total percentage of domains with DMARC policies, as well as those with DMARC policies at full enforcement.


The Netherlands Tops in DMARC Policies Set to p=reject

The US continued to dominate in the total number of domains with DMARC policies set to the strictest possible enforcement level. But on a percentage basis, the Netherlands leads the pack, even after seeing a drop year-over-year relative fto total domains registered there.


Percentage Increase in Canadian Domains with DMARC policies at Enforcement Jumps 12%

As of June 30, Canada has seen the sharpest rise in domains with DMARC policies set to p=reject so far this year, though Germany saw significant gains, as well. Meanwhile, the US saw only tepid increases on a percentage basis.

DMARC Adoption Trends Among the World’s Largest Companies

This mid-year report captures DMARC adoption trends among some of the world’s most prominent companies. It’s important to note that even when organizations have assigned DMARC records to their domains, they are not truly protected unless they are set to a level of enforcement. The sizable proportion of “no record” and “monitor only” policies highlights the fact that these organizations can still be impersonated in phishing campaigns that put their customers, partners, investors, and the general public at risk of serious financial harm.


Fortune 500 Companies with DMARC Records Set at Full Enforcement—Up 66% YoY


Fortune 500 Companies Remaining at Risk of Being Impersonated in Email Scams Targeting Their Customers, Partners, and More


FTSE 100 Companies That Continue to Put Customers at Risk

During the first half of 2020, only 20% of the UK’s FTSE 100 had domains protected by DMARC set to p=reject— up just 2% in the last six months. As of mid-year, 80% of organizations in the FTSE 100 do not yet have protections in place to block fraudsters from impersonating their brands in email attacks.

1 in 10

Number of Australia’s ASX 100 Companies Now Protected from Brand Impersonation

The number of Australia’s ASX 100 companies with DMARC deployed at its top enforcement level grew by 5% over the last six months, and is up 87.5% YoY. But that means 9 in 10 ASX 100 organizations remain defenseless against crime rings seeking to hijack their brands and email domains.

DMARC Adoption by Industry Vertical

Data in our H2 2020 report includes DMARC adoption across key industry verticals is based on public DNS records for primary corporate website domains of large companies with revenues above $1 billion. Every vertical has shown incremental improvements in the percentage of their DMARC-enabled domains at p=reject since our last report.

The Agari Advantage
Industry Enforcement Comparison

Data in the Agari Email Threat Center enables us to understand how enforcement rates across industries compare with those of Agari customers. Aggregating
real-time DMARC statistics from the domains of top banks, social networks, healthcare providers, major government agencies and thousands of other organizations, the Agari Email Threat Center is the largest set of detailed DMARC data in the world both in terms of email volume and domains. To generate realtime threat intelligence, the Agari Email Threat Center analyzed more than 233 billion emails from more than 25,017 domains from January through June 2020


Increase in Agari Healthcare Industry Customers with Domains at Full Enforcement

Amid a dramatic surge in phishing campaigns impersonating the Centers for Disease Control (CDC), Vanderbilt University Medical Center, Magellan Health, and
other healthcare authorities, Agari customers in the sector redoubled their DMARC implementation efforts, climbing to 78% of domains at p=reject enforcement,
compared to 68% at the end of 2019—a 10% jump in six months.

Brand Indicators Adoption
From G Suite, With Love: BIMI Gains Momentum

Brand Indicators for Message Identification (BIMI) benefits the entire email ecosystem by providing businesses with a standardized method for publishing their brand logos next to email messages within a recipient ‘s inbox, with built-in protections against brand spoofing.


The Total Number of Brand Domains with BIMI Records as of June 30

BIMI only works with email that has been authenticated through the DMARC standard and for which the domain owner has specified a DMARC policy of enforcement, so only authenticated messages can be delivered.


Increase in Brand BIMI Adoption In the Last 90 Days

In July, Google officially launched its BIMI pilot, which allows organizations who authenticate their emails using DMARC to validate ownership of their corporate logos and securely use them in email messages. Once these authenticated emails pass Google’s anti-abuse checks, Gmail will start displaying the logo in existing avatar slots in the Gmail interface.

About This Report

Taxonomy of Advanced Email Threats

ACID has established a classification system for cyber threats—a threat taxonomy—that breaks down common email- based attacks in terms of how they are carried out and what the perpetrators aim to achieve. This taxonomy helps readers understand the terms used in this report and what they mean to email security.

The metrics and data analyzed in this report are collected from the sources indicated below.

Aggregate Advanced Email Attack Data

For inbound threat protection, Agari uses machine learning—combined with knowledge of an organization’s email environment—to model good, legitimate traffic. Each message received by Agari is scored and plotted in terms of email senders’ and recipients’ identity characteristics, expected behavior, and personal, organizational, and industry-level relationships. For the attack categorization analysis, we leveraged anonymous aggregate scoring data that automatically breaks out identity deception-based attacks that bypass upstream Secure Email Gateways (SEGs) into distinct threat categories, such as display name deception, compromised accounts, and more. See section on “Taxonomy of Advanced Email Attacks” on the preceding page.

Phishing Incident Response Trends

This report presents results from a survey of six large organizations in a cross-section of industries conducted by Agari in June 2020.

Global DMARC Domain Analysis

For broader insight into DMARC policies beyond what we observed in email traffic targeting the Agari customer base, we analyzed 477 million+ domains, ultimately observing 8,074,377 domains with recognizable DMARC policies attached. This constantly updated list of domains serves as the basis for trend tracking in subsequent reports.

Close button
Mail Letter

Would you like the confidence to trust your inbox?