Valimail today released its “2025 Disinformation and Malicious Email Report,” revealing that email continues to be the most exploited attack vector for cybercriminals and disinformation campaigns, with artificial intelligence dramatically increasing the sophistication of these threats.
In an era marked widespread disinformation, trust in digital communications is eroding. Malicious actors are increasingly exploiting email to impersonate brands, launch phishing campaigns, and spread false information—often using sophisticated methods made simpler by emerging technologies. This environment calls for a layered approach to email protection.
Email authentication is the foundational, cost-effective defense that can significantly curb many of these malicious attempts at their source, providing future-proof protection that can scale. Additionally, DMARC uniquely protects outbound email to partners and clients thereby offering brand and compliance protection.
The report reveals considerable variation in email authentication implementations across industries:
- Online Retail leads with 94% of surveyed domains having implemented basic email authentication measures
- Financial Services shows strong adoption (80%) but one-third of domains lack enforcement policies that actually prevent spoofing
- Higher Education faces significant challenges with nearly two-thirds of domains unable to prevent impersonation attacks
- Healthcare lags behind with just over one third having implemented the bare minimum, non-protective DMARC policy of p=none
- Information Technology shows concerning gaps with nearly a third of surveyed domains lacking the ability to prevent the use of their domain name in spoofed email messages
Several alarming trends are highlighted within the report, including:
- Rising threat sophistication: AI-generated emails more than ever now convincingly mimic legitimate communications, dramatically increasing the success rate of phishing and spoofing attacks.
- Cross-industry vulnerability: Every sector from financial services to healthcare, government, and education faces significant email-based threats, with varying levels of preparedness.
- Protection gap: While more than 7.2 million domains have implemented some form of email authentication, approximately half remain insufficiently protected against domain spoofing.
Despite these growing threats, the report shows that Domain-based Message Authentication, Reporting, and Conformance (DMARC) continues to be a highly effective approach that can authoritatively prevent the most pernicious spoofing attacks when properly implemented.
Industry, government, and regulatory bodies worldwide are increasingly mandating DMARC compliance for industries handling sensitive data, such as finance and healthcare. Major email providers like Google, Yahoo and Microsoft require email senders to implement DMARC, improving deliverability and reputation for compliant organizations. Failing to comply with DMARC mandates can result in penalties, reduced deliverability, and reputational damage.
Valimail offers free resources for organizations to check their email security status through the Valimail DMARC Checker and provides DMARC reporting visibility through its Monitor solution.
The full “2025 Disinformation and Malicious Email Report” can be accessed here.
Related
This entry was posted on April 22, 2025 at 9:00 am and is filed under Commentary with tags Valimail. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
Email Remains Primary Gateway for Disinformation and Cyberattacks in 2025 According to New Report from Valimail
Valimail today released its “2025 Disinformation and Malicious Email Report,” revealing that email continues to be the most exploited attack vector for cybercriminals and disinformation campaigns, with artificial intelligence dramatically increasing the sophistication of these threats.
In an era marked widespread disinformation, trust in digital communications is eroding. Malicious actors are increasingly exploiting email to impersonate brands, launch phishing campaigns, and spread false information—often using sophisticated methods made simpler by emerging technologies. This environment calls for a layered approach to email protection.
Email authentication is the foundational, cost-effective defense that can significantly curb many of these malicious attempts at their source, providing future-proof protection that can scale. Additionally, DMARC uniquely protects outbound email to partners and clients thereby offering brand and compliance protection.
The report reveals considerable variation in email authentication implementations across industries:
Several alarming trends are highlighted within the report, including:
Despite these growing threats, the report shows that Domain-based Message Authentication, Reporting, and Conformance (DMARC) continues to be a highly effective approach that can authoritatively prevent the most pernicious spoofing attacks when properly implemented.
Industry, government, and regulatory bodies worldwide are increasingly mandating DMARC compliance for industries handling sensitive data, such as finance and healthcare. Major email providers like Google, Yahoo and Microsoft require email senders to implement DMARC, improving deliverability and reputation for compliant organizations. Failing to comply with DMARC mandates can result in penalties, reduced deliverability, and reputational damage.
Valimail offers free resources for organizations to check their email security status through the Valimail DMARC Checker and provides DMARC reporting visibility through its Monitor solution.
The full “2025 Disinformation and Malicious Email Report” can be accessed here.
Share this:
Like this:
Related
This entry was posted on April 22, 2025 at 9:00 am and is filed under Commentary with tags Valimail. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.