Unwitting consumers are being served at least 3.4 billion fake emails a day worldwide, according to a new study by Valimail.
On a global basis, 1.2% of all email sent was suspicious and probably false in the first quarter of this year, the report adds.
That’s down from 5% in 2017, and around 20% last October, but the suspicion rate varies based on the number of new phishing campaigns being launched.
A core weapon of cyber felons is impersonation — of individuals, companies, NGOs and governments, the study says.
On a positive note, almost 80% of all inboxes — around 5.4 billion — conduct DMARC (Domain-based Message Authentication, Reporting, and Conformance) checks on incoming email. And 739,837 domains have DMARC.
However, DMARC success rates are only around 20% in most categories. Suspicious emails are those that failed DMARC.
The U.S., while it sends 38% of all suspicious email across the global, still has the lowest rate based on the percentage of email volume being sent overall. Suspicious emails make up 0.2% of the total email volume sent from within in the U.S.
In contrast, Vietnam has a 99.8% suspicion percentage, while China has 98.8%, followed by Russia at 93% and Germany with 76.8%. And the UK has a rate of 66.8%, followed by France at 54% and the Netherlands with 23.4%.
It’s not clear how suspicion is determined. DMARC adoption could be lower in some of these countries.
DMARC usage is highest in the U.S. federal government and large technology companies, where it exceeds 20%. However, less than 20% of companies overall have DMARC, and the media sector appears to be among the lowest in usage.
The government also has the highest DMARC enforcement success rate, followed — distantly — by U.S. tech and healthcare.
In addition, overall DMARC support among ISPs has been rising steadily.
The company analyzed data from billions of authentication requests and almost 20 million publicly accessible DMARC and SPF records.