Email Fraud Protection Needs to be on the CISO’s Agenda

We recently attended a CISO Summit in Scottsdale, AZ where I had the pleasure to deliver a keynote address on the topic of “Protecting the Email Channel, Your Customers and Your Brand”.

As part of my presentation, I noted that Return Path has analyzed the sending domains of the Fortune 500 and found that only 10% of those companies have adopted a DMARC record of any sort (much less, a DMARC reject policy) and similarly, in expanding our research to 1,000 top global brands, we found a similarly bleak situation, with only 11% DMARC record adoption overall.  My informal survey of conference attendees tracked along the same lines, with only a few people in a crowded room raising their hands to indicate that their organization published DMARC records.

Percentage of mailboxes protected by DMARC:

 usa_dmarc_protected            uk_dmarc_protected          global_dmarc_protected

Clearly, there is a vast area of opportunity for top brands to control what they can today with their sending identity in implementing DMARC at the very least.  DMARC should be considered table stakes; a must-have for any serious security-minded organization.  What is sobering is to think that even if DMARC adoption increases 100% YOY in 2015, still less than 25% of global brands will support DMARC by the end of the year.  From a geographical perspective, our data shows that North America “leads” in DMARC adoption, followed by EMEA, APAC and then Latin America bringing up the rear.

Even more concerning than these statistics is the fact that a detailed analysis of a comprehensive set of phishing attacks, published in Return Path’s recent Email Fraud Protection whitepaper , points out that most spoofing occurs on domains that are not directly owned by the brand, and for which DMARC protection is therefore not possible.

Detecting abuse for domains that are not under a brand’s control is indeed possible today and since Return Path has the largest email data repository, we can accelerate the mitigation of these malicious attacks by providing real-time threat intelligence to reduce the impact of those broad-based threats.

Ready to take action against email fraud? Check out our white papers and guides on how to get started.

minute read

Popular stories



BriteVerify email verification ensures that an email address actually exists in real-time


The #1 global data quality tool used by thousands of Salesforce admins


Insights and deliverability guidance from the only all-in-one email marketing solution

GridBuddy Cloud

Transform how you interact with your data through the versatility of grids.

Return Path

World-class deliverability applications to optimize email marketing programs

Trust Assessments

A revolutionary new solution for assessing Salesforce data quality


Validity for Email

Increase inbox placement and maximize subscriber reach with clean and actionable data

Validity for Data Management

Simplify data management with solutions that improve data quality and increase CRM adoption

Validity for Sales Productivity

Give your sales team back hours per day with tools designed to increase productivity and mitigate pipeline risks in real-time