top of page



Spring 2019 Email Fraud Landscape reveals steady uptake of DMARC protocol as organizations look to prevent costly phishing attacks.

At least 3.4 billion fake emails are sent around the world every day — with most industries remaining vulnerable to spear-phishing and "spoofing" cyberattacks simply because they're not implementing industry-standard authentication protocols, according to Valimail's Spring 2019 Email Fraud Landscape. This original research report, released, also found that the vast majority of suspicious emails emanate from U.S.-based sources.

It's not all bad news, however. Ongoing research by Valimail also indicates that many industries are making progress in the fight against impersonation, some more quickly than others.

To compile this global view of the email fraud landscape, Valimail used proprietary data from an internal analysis of billions of email authentication requests and nearly 20 million publicly accessible records. The report confirms that email impersonation — accounting for 1.2% of all email sent in the first quarter of 2019 — is a phisher's primary weapon to gain access into an organization's network, systems, intellectual property and other sensitive assets.

Valimail notes that the fake email problem — which is not easily blocked by traditional cybersecurity defenses — can be ameliorated by implementing widely accepted email authentication standards. These include Domain-based Message Authentication, Reporting, and Conformance (DMARC), Sender Policy Framework (SPF) and DomainKeys Identified Mail (DKIM) as well as newer standards such as Authenticated Received Chain (ARC) and Brand Indicators for Message Identification (BIMI).

DMARC in particular has proven to be especially effective in preventing fake emails from reaching inboxes. The study shows that nearly 80% of all inboxes (5.34 billion) around the world perform DMARC checks on inbound email, and nearly 740,000 domains now use DMARC.

However, enforcement rates with DMARC continue to hover around 20% in most industries, largely because the solution is difficult to configure and maintain for large enterprises. For that reason, many domain owners have turned to third-party DMARC vendors to implement the solution for them.

"It remains clear that fake emails from hackers, phishers and other cyber criminals constitute the major source of cyberattacks," said Alexander García-Tobar, CEO and co-founder of Valimail. "As more companies recognize and respond to email vulnerabilities, we expect to see organizations continue to deploy authentication technologies to protect against untrusted and fraudulent senders. The fact is that too many attackers are using impersonation to get through existing email defenses. A robust approach to sender identification and authentication is needed to make email more trustworthy, once and for all."

To download the full report, please visit

About Valimail

Valimail is an email anti-impersonation company that has been driving the global trustworthiness of digital communications since 2015, with the only comprehensive platform for stopping fake email, protecting brands, and helping ensure compliance. Valimail has won multiple cybersecurity technology awards and authenticates billions of messages a month for some of the world's biggest companies, including Uber, Fannie Mae, WeWork, and the U.S. Agency for International Development. Valimail is based in San Francisco. For more information visit

bottom of page