20 Phishing Emails Beyond DMARC’s Reach

Posted by Aaron Neff on

As a founding member of DMARC (Domain-based Message Authentication Reporting and Conformance), Return Path is excited about how the standard has reshaped the email fraud landscape by disrupting longstanding phishing strategies, and forcing cybercriminals to abandon preferred targets.

But while we’ve had the privilege of helping our customers realize the success of DMARC first hand—one of our financial services clients was able to block 96% of all fraudulent traffic spoofing their domains—we also know that DMARC alone isn’t enough.

Email Threats Beyond DMARC
While DMARC will protect your sending domains from being spoofed, it will not address brand spoofing email attacks. Brand spoofing attacks originate from domains outside of an organization’s ownership and control, including look-alike domains or other domains unrelated to the company’s brand.

Last month, Return Path released a whitepaper analyzing 760,000 email threats targeting 40 of the world’s largest brands. In this report, we found that nearly half of all email threats spoofed the brand in the “Display Name.” This is important because mail clients and mobile devices often only reveal the “Display Name” portion of a message to the end user, making it easier for the average consumer to fall victim to brand spoofing attacks. When 97% of people globally can’t correctly identify a sophisticated phishing email, brand spoofing threats simply cannot be ignored.

10 Global Brands Under Attack
The examples below highlights phishing emails, targeting 10 global brands, that are not addressable by DMARC. Attacks like these, beyond DMARC’s reach, make up 70% of all email-borne threats and highlight the fact that a multi-layered security strategy is the best defense against phishing.

Visibility is a critical pillar to that defense strategy, and email threat intelligence is the best way to get it. Brands that use DMARC and email threat intelligence together can act quickly to eliminate the impact of email fraud.

Here are 20 email threats beyond DMARC’s reach:







Lloyds Bank












Deutsche Bank



Danske Bank



SunTrust Bank






Popular this Month

 3 Trends Impacting Email: Persistent Fraud, Part 2

3 Trends Impacting Email: Persistent Fraud, Part 2

In part one of this three-part series, I examined the evolving landscape of...

Read More

 The Top 16 Topics of 2016

The Top 16 Topics of 2016

2017 is finally here! But before we focus on the year ahead, we wanted to...

Read More

 Think Fighting Email Fraud is Someone Else’s Job? Here’s the Real Cost of Doing Nothing.

Think Fighting Email Fraud is Someone Else’s Job? Here’s the Real Cost of Doing Nothing.

Cyberattacks against your brand can be very damaging and costly to both your...

Read More

Author Image

About Aaron Neff

As a Sales Support Engineer for Return Path’s Email Fraud Protection group, Aaron is a key technical resource for the field sales team and manages the technology evaluation stage of the sales process. When not combating email fraud, you can find Aaron out on a stream fly fishing for monster brown trout. He is also pursuing a Master of Science in Computer Information Systems from Colorado State University. Connect with Aaron on LinkedIn @Aaron Neff

Author Archive

Stay up to date

Enter your name and email address below to subscribe to our mailing list.

Your browser is out of date.
For a better Return Path experience, click a link below to get the latest version.