New Research: Insights into Brand Spoofing Tactics

Email fraud is rife—up more than 162% from 2010-2014—and costs companies like yours millions every year.

Implementing the authentication standard DMARC (Domain-based Authentication Reporting and Conformance) to block bad email before it reaches consumer inboxes is a great first step. But DMARC is not enough, protecting your brand from only 30% of email-borne attacks.

We know there is no silver bullet solution to combat against the other 70% of email attacks. But we also know the only way to build a comprehensive defense is through comprehensive understanding.

To gain that understanding, we tapped into the Return Path Data Cloud and analyzed more than 760,000 email threats associated with 40 top global brands.


Our objective for this project was not to surface every tactic fraudsters use to spoof brands. Instead, we sought to test some of our reigning assumptions about how they cheat email filters, namely that:

  1. Fraudsters use snowshoe spamming in large phishing attacks.
  2. Fraudsters rotate elements of subject lines to appear personalized.
  3. Fraudsters spoof the display name.

The data confirmed some of our assumptions and decidedly disproved others:

  • While there is no discernible pattern to snowshoe spamming, this method is still rife and monitoring IP address reputations needs to be part of a multi-faceted email fraud protection strategy.
  • Fraudsters do not go to the trouble of rotating elements of their subject lines, preferring a more template-based approach. Access to message-level data from email threat intelligence sources should help you prioritize your efforts around attack mitigation.
  • The most frequently spoofed Header From field is the display name, for which there is currently no authentication mechanism. Visibility into display name spoofing is critical in identifying and responding to phishing attacks leveraging your brand.

These learnings revealed the unpredictable variety of brand spoofing tactics, and can inform how to fight email fraud in two key ways:

First, prioritize DMARC implementation—it’s the most direct way to keep bad email out (and the good email in) of consumer inboxes.

Second, the more you know about the nature of email attacks spoofing your brand, the better. As our analysis proves, fraudsters like to mix and match tactics to reach their victims. While DMARC is a great first step, it is not enough. Protect your brand from the 70% of email threats beyond DMARC by studying their anatomy. Only then can you implement the right suite of solutions to fight back.

You can download our full report here.



minute read

Popular stories



BriteVerify email verification ensures that an email address actually exists in real-time


The #1 global data quality tool used by thousands of Salesforce admins


Insights and deliverability guidance from the only all-in-one email marketing solution

GridBuddy Cloud

Transform how you interact with your data through the versatility of grids.

Return Path

World-class deliverability applications to optimize email marketing programs

Trust Assessments

A revolutionary new solution for assessing Salesforce data quality


Validity for Email

Increase inbox placement and maximize subscriber reach with clean and actionable data

Validity for Data Management

Simplify data management with solutions that improve data quality and increase CRM adoption

Validity for Sales Productivity

Give your sales team back hours per day with tools designed to increase productivity and mitigate pipeline risks in real-time