One in five emails were from unauthorized senders — meaning those emails were almost certainly fraudulent, according to research from San Francisco-based email authentication service provider ValiMail.
The research also indicated large financial services companies with revenues of at least $1 billion scored well in comparison to other sectors. Only tech unicorns finished higher in terms of having the highest rate of email fraud protection through domain-based message authentication reporting and conformance standards (DMARC).
ValiMail noted despite this encouraging sign, there is still massive room for improvement: more than 10% of the top U.S. financial institutions have deployed DMARC at enforcement; nearly 20% have published DMARC records, though they are not set to enforcement (i.e., they will not reject or quarantine unauthenticated emails). Setting a policy to either reject or quarantine would triple the fraud protect rate in this category alone. The cybersecurity firm also found 68% of top FinServ companies have no DMARC record at all, leaving their domains open spoofing in phishing campaigns by bad actors.