From the Field: How Effective Is DMARC at Reducing Email Fraud?

As a Strategic Project Manager for the Email Fraud Protection Team at Return Path, I get this question a lot: How effective is DMARC at blocking phishing attacks?

To help answer it, I thought it would be interesting to publish a brief analysis of three large global financial companies in different stages of the DMARC (Domain-based Authentication Reporting and Conformance) implementation journey.

As a reminder, there are three possible DMARC implementation stages: monitor, quarantine, and reject:

  1. MonitorIf the DMARC policy is in monitor mode, the domain owner has requested no specific action be taken on mail that fails DMARC authentication and alignment.

  2. Quarantine: If the DMARC policy is in quarantine mode, the domain owner has requested that mail failing the DMARC authentication checks be treated as suspicious by mail receivers (i.e. sent to the spam/junk folder and/or flagged as suspicious for the user).

  3. Reject: If the DMARC policy is in reject mode, the domain owner requests that mail receivers reject the email that fails the DMARC before delivering it to the user inbox.

Meet the Companies
Company one in our analysis has successfully implemented a DMARC reject policy on all of their owned top-level domains and subdomains.

Company two has not yet implemented DMARC reject on any of their top-level domains. They have moved their non-sending (defensively registered) domain portfolio to reject, but none of their branded sending domains are protected in the same way.

Company three has implemented DMARC reject on about half of their sending domain portfolio, which includes some, but not all, of their top level domains.

The Analysis
To understand the effect DMARC has on reducing email fraud, we compiled the total number of phishing threats over a 60-day period against all company-owned domains (i.e. domain-spoofing threats) and domains not owned by the company (i.e. brand spoofing threats).

Domain spoofing threats leverage the owned domain of a brand in order to send malicious emails. Owned domains can be spoofed in the:

  • Header From address (what users see in their email clients)
  • Envelope From address (the technical header of the email)

Brand spoofing threats use tactics that trick customers into thinking an email is legitimate. These tactics include:

  • Using a “look-alike” domain not owned by the brand (e.g.,
  • Spoofing the brand in the subject line
  • Spoofing the brand in the Display Name

The Results
Company one, whose domains were fully protected by a DMARC reject policy, had significantly less domain spoofing phishing attacks than the other two companies. Out of all the threats targeting this brand, only 20 percent were domain spoofing threats. In comparison, 93 percent of overall threats targeting company two and 87 percent of overall threats targeting company three were domain spoofing threats.

image00 (1)

Company one’s DMARC reject policy also helped reduce the total phishing threat count as well. When looking at the overall number of email threats (both domain spoofing and brand spoofing) across all three companies, company one had the lowest amount of overall threats at only ten percent of what company two had in the same time period.

image01 (1)

This brief analysis clearly shows the significant impact of moving all owned domains into DMARC reject. Doing so not only helps reduce domain spoofing threats but also can result in fewer threats spoofing the brand in other ways.

The next logical question is how can brands eliminate these threats even further. To gain insight into top tactics cybercriminals are using to bypass email authentication and best practices for fighting back, download our whitepaper, The Email Threat Intelligence Report.

minute read

Popular stories



BriteVerify email verification ensures that an email address actually exists in real-time


The #1 global data quality tool used by thousands of Salesforce admins


Insights and deliverability guidance from the only all-in-one email marketing solution

GridBuddy Cloud

Transform how you interact with your data through the versatility of grids.

Return Path

World-class deliverability applications to optimize email marketing programs

Trust Assessments

A revolutionary new solution for assessing Salesforce data quality


Validity for Email

Increase inbox placement and maximize subscriber reach with clean and actionable data

Validity for Data Management

Simplify data management with solutions that improve data quality and increase CRM adoption

Validity for Sales Productivity

Give your sales team back hours per day with tools designed to increase productivity and mitigate pipeline risks in real-time