How Return Path Helped a Financial Services Giant Block 96% of Suspicious Messages

Too often, brands lack visibility into the widespread phishing attacks plaguing their email program. As a result, they must rely on a small volume of customer abuse reports to identify attacks.

This reactive approach can wreak havoc on brand reputation and revenue. In 2012, a global financial services leader was experiencing these dangerous consequences and needed help—fast.

The threat
Cybercriminals were launching aggressive phishing and malware email attacks from legitimate sending domains, tricking customers into giving up email addresses and passwords. But this organization had little visibility into the size and scale of these attacks. The only malicious behavior they could detect was the number of suspicious emails reported directly by customers, knowing full well that most customers will not take the time or know how to report phishing or spoofing attacks, especially with helpful header data for forensic investigations.

Blocking bad email before it hits the inbox
The first thing Return Path did to support this organization was implement the email authentication specification DMARC (Domain-based Message Authentication, Reporting & Conformance).

DMARC ensures that legitimate email is properly authenticating against established DKIM and SPF standards, and that fraudulent activity appearing to come from domains under the organization’s control (active email domains, non-sending domains, and defensively registered domains) is blocked.

In partnership with the world’s largest consumer mailbox providers, Return Path interprets regular DMARC authentication reports for its customers to reveal what email is authenticating correctly, what email is not, and why, (i.e., is it a legitimate message or a malicious one).

Thanks to Return Path, this financial company gained full visibility into its email ecosystem, and can now block email attacks purporting to be from their domains before they reach the inbox.

Beyond DMARC
While a DMARC policy is effective at blocking attacks from domains owned by the organization, it cannot help prevent attacks coming from “cousin” domains that are not owned by the organization. Up to 70% of all phishing attacks leverage cousin domains and after implementing DMARC, this organization realized they were not immune.

Return Path’s data detected malicious URLs in email campaigns that used misspellings of the brand’s domain name, and spoofed the brand in the Display Name field (which is easy to forge and highly effective). Return Path notified the brand’s takedown vendor in real time, ensuring malicious landing pages were deactivated before they could do significant harm.

No matter how sophisticated email authentication protocols become, the reality is, some fraudulent email will still reach the inbox. Brands need to prepare for that reality if they haven’t already.

The results

  • After implementing a DMARC reject policy, this organization successfully blocked millions of phishing emails sent over a two-day attack period.
  • Today, all of the organization’s main sending domains deploy a DMARC reject policy with 99% of its active sending traffic now protected.
  • The company now has true visibility into cousin domain trends, allowing them to protect their customers and their brand outside of DMARC.
  • With Return Path, the percent of suspicious messages that this company blocked grew from 13% to 96%a 600% increase and a major benefit for its customers who can now trust the messages they receive in their inbox from the brand’s domains are legitimate.

Check out more stories of how Return Path helps the world’s leading companies fight email fraud on our customer success page.

minute read

Popular stories



BriteVerify email verification ensures that an email address actually exists in real-time


The #1 global data quality tool used by thousands of Salesforce admins


Insights and deliverability guidance from the only all-in-one email marketing solution

GridBuddy Cloud

Transform how you interact with your data through the versatility of grids.

Return Path

World-class deliverability applications to optimize email marketing programs

Trust Assessments

A revolutionary new solution for assessing Salesforce data quality


Validity for Email

Increase inbox placement and maximize subscriber reach with clean and actionable data

Validity for Data Management

Simplify data management with solutions that improve data quality and increase CRM adoption

Validity for Sales Productivity

Give your sales team back hours per day with tools designed to increase productivity and mitigate pipeline risks in real-time