Email fraud is rife—up more than 162% from 2010-2014—and costs companies like yours millions every year.
Implementing the authentication standard DMARC (Domain-based Authentication Reporting and Conformance) to block bad email before it reaches consumer inboxes is a great first step. But DMARC is not enough, protecting your brand from only 30% of email-borne attacks.
We know there is no silver bullet solution to combat against the other 70% of email attacks. But we also know the only way to build a comprehensive defense is through comprehensive understanding.
To gain that understanding, we tapped into the Return Path Data Cloud and analyzed more than 760,000 email threats associated with 40 top global brands.
Our objective for this project was not to surface every tactic fraudsters use to spoof brands. Instead, we sought to test some of our reigning assumptions about how they cheat email filters, namely that:
The data confirmed some of our assumptions and decidedly disproved others:
These learnings revealed the unpredictable variety of brand spoofing tactics, and can inform how to fight email fraud in two key ways:
First, prioritize DMARC implementation—it’s the most direct way to keep bad email out (and the good email in) of consumer inboxes.
Second, the more you know about the nature of email attacks spoofing your brand, the better. As our analysis proves, fraudsters like to mix and match tactics to reach their victims. While DMARC is a great first step, it is not enough. Protect your brand from the 70% of email threats beyond DMARC by studying their anatomy. Only then can you implement the right suite of solutions to fight back.
You can download our full report here.