• by Ray Schultz , April 27, 2018

Reports keep circulating that the federal government is lagging in email security. But it’s not so. A study by Valimail shows that U.S. agencies are ahead of the private sector in email fraud prevention.

At the same time, Valimail found that the United States is the leading source of suspicious email worldwide, accounting for over 50%. Thailand is a distant second, with roughly 15%. Ninety percent of the bad emails come up from ten countries.

The federal government can claim a 70% rate of DMARC (Domain-based Message Authentication, Reporting & Conformance) implementation. U.S. tech companies surpass 50%, and the Fortune 500 hit 40%. Those were the leaders.

Valimail collects email disposition data for customers, and has been able to study billions of messages. It found that 90.97% of these passed DMARC in 2017.

Another 5.22% were seen by Valimail’s system as “likely suspicions,” and were blocked. In addition, 3.13% failed DMARC and were not blocked. Another 0.67% were blocked, but not seen as suspicious.

"Rarely a week goes by when we don't read about a successful phishing campaign costing businesses and even governments untold sums of money and breaches of trust with customers," states Alexander García-Tobar, CEO and co-founder of Valimail. "The results of our study are clear: without real policies in place to ensure that email senders are who they claim to be, businesses and consumers remain wide open to impersonation and fraud."

The report, written by Valimail’s head of communications Dylan Tweney, also lists these findings. We quote:

• 1 out of 20 emails sent in 2017 was unauthorized and possibly fraudulent.
• 5 billion inboxes support DMARC (75% of the world’s total).
• Denmark and the Netherlands lead globally in corporate use of email authentication.
• SPF is widely used but implementations have a high error rate, damaging its effectiveness.