Over 90% of Top Email Domains Vulnerable to Spoofing Attacks

Over 90% of the world’s top email domains are vulnerable to spoofing, enabling cybercriminals to launch sophisticated phishing attacks, according to new research by EasyDMARC.

The email authentication firm found that just 7.7% of the world’s top 1.8 million email domains have implemented the most stringent Domain-based Message Authentication, Reporting, and Conformance (DMARC) policy.

This configuration, known as ‘p=reject’, actively blocks malicious emails from reaching inboxes.

DMARC is an email validation protocol that verifies that the domain of the sender has not been impersonated. It builds upon existing authentication standards like SPF and DKIM to verify the authenticity of emails sent from your domain.

The EasyDMARC report found that countries with the strictest DMARC mandates, such as the US, UK and the Czech Republic, had the biggest reductions in phishing emails reaching inboxes. For example, in the US, the percentage of phishing emails accepted fell from 68.8% in 2023 to just 14.2% in 2025.

In contrast, countries with voluntary or no guidance, like the Netherlands and Qatar, showed little to no improvement since 2023.

DMARC Uptake Rises, Implementation Issues

EasyDMARC’s 2025 DMARC Adoption Report noted that DMARC adoption has accelerated since 2023, driven by regulatory pressures such as PCI Data Security Standard (PCI DSS) version 4.0.1.

Uptake has also been spurred by mandates from major email providers, such as Google, Yahoo and Microsoft.

However, in many cases, that adoption stops at a passive monitoring setting known as ‘p=none’, which doesn’t block fraudulent emails or provide full visibility into authentication failures.

In addition, more than half (52.2%) of domains analyzed still lack even a basic DMARC record.

Among domains with DMARC policies, over 40% failed to include reporting mechanisms, such as RUA tags, that allow organizations to see who’s sending email on their behalf and whether it’s failing authentication checks. This demonstrates a significant lack of visibility around DMARC enforcement.

Domain-Spoofing Phishing Attacks on the Rise

Researchers have highlighted a number of high-profile phishing campaigns that exploit weak email policies to spoof legitimate domains. This makes the email appear to come from a legitimate source.

In May 2024, a US government advisory warned that the North Korea-linked Kimsuky group exploited poorly configured DMARC protocols to pose as legitimate journalists, academics or other experts in East Asian affairs with credible links to North Korean policy circles.

Guardio Labs researchers reported in July 2024 that hackers took advantage of a flaw in Proofpoint’s email protection service to spoof brands including Disney, Nike and Coca-Cola in phishing attacks.

EasyDMARC CEO Gerasim Hovhannisyan, commented: “Misconfigurations, missing reporting, and passive DMARC policies are like installing a security system without ever turning it on. Phishing remains one of the oldest and most effective forms of cyber-attack, and without proper enforcement, organizations are effectively handing attackers the keys to their business. As threats grow more sophisticated and compliance pressures mount, stopping halfway with DMARC enforcement is no longer an option.”

EasyDMARC at Infosecurity Europe

EasyDMARC are exhibiting at this year’s Infosecurity Europe event, on stand A160.

The 2025 event will celebrate the 30th anniversary of Infosecurity Europe, taking place from June 3-5 at the ExCel London.

Register here to secure your place today.