Return Path Helps Global Shipping Giant Block 12 Million Suspicious Messages Over 30 days

Implementing a DMARC (Domain-based Message Authentication, Reporting & Conformance) record is a great first step for any brand who wants to protect their brand and customers against email fraud.

It’s the best way to ensure that legitimate email coming from owned domains is properly authenticating against established DKIM and SPF standards, and that fraudulent activity appearing to come from domains under the organization’s control is blocked.

But DMARC alone isn’t enough. This story from a leading global shipping and logistics Return Path client reveals why.

The challenge: Fighting attacks from “cousin” domains
This company was no stranger to email security. The shipping and logistics industry is one of the most highly targeted by email fraud, so, even before working with Return Path, they implemented a robust email security plan, including a DMARC reject policy for all major domains.

But it wasn’t enough. The company soon discovered that their biggest threat actually came from fraudulent emails containing attachments that originated from “cousin” domains, or domains the brand didn’t own.

Since DMARC doesn’t address attacks from cousin domains, forwarded emails from customers were the only way to identify live attacks. Sorting through these reports was a very manual and dangerously slow process. The company knew they needed help.

The solution: Improving fraud detection and mitigating attacks
Improving DMARC coverage: The first thing Return Path helped this client with was improving their DMARC coverage and visibility, cleaning up a number of problem domains, and implementing a more efficient and standardized reporting process for DMARC data with a flexible and cloud-based user interface.

Mitigating attacks in real time: To quickly digest the high volume of potentially fraudulent messages flagged by customers, Return Path created daily reports to show reported abuse trends, including subject lines and URLs.

In addition, Return Path analyzed 7 billion emails daily to look for suspicious URLs and spoofing attacks from cousin domains targeting the brand, notifying their takedown vendor in real time to deactivate malicious websites before they could do significant harm.

Keeping the team informed: Return Path’s unmatched services team continues to work closely with this global organization to help them make sense of the huge data set, keeping them up-to-date on the latest trends, DMARC policies, cousin domains, and potential new threat vectors through standing review meetings.

The results

  • In a 30-day period, more than 12 million suspicious messages from 49 domains were blocked thanks to DMARC.
  • Return Path identified and sent between 400,000 and 500,000 potentially malicious URLs to the company’s takedown vendor.
  • The company now has true visibility into cousin domain  trends, allowing them to protect their customers and their brand outside of DMARC.
  • The company agreed to share their abuse feed, offering a higher degree of collaboration and insight from the Return Path team.

Want to hear more customer success stories from Return Path? Click here.

minute read

Popular stories



BriteVerify email verification ensures that an email address actually exists in real-time


The #1 global data quality tool used by thousands of Salesforce admins


Insights and deliverability guidance from the only all-in-one email marketing solution

GridBuddy Cloud

Transform how you interact with your data through the versatility of grids.

Return Path

World-class deliverability applications to optimize email marketing programs

Trust Assessments

A revolutionary new solution for assessing Salesforce data quality


Validity for Email

Increase inbox placement and maximize subscriber reach with clean and actionable data

Validity for Data Management

Simplify data management with solutions that improve data quality and increase CRM adoption

Validity for Sales Productivity

Give your sales team back hours per day with tools designed to increase productivity and mitigate pipeline risks in real-time