Email Remains Primary Gateway for Disinformation and Cyberattacks

Many adopt email authentication but half lack effective protection against spoofing.

May 1, 2025
Coding

Valimail recently released its 2025 Disinformation and Malicious Email Report, revealing that email continues to be the most exploited attack vector for cybercriminals and disinformation campaigns, with artificial intelligence dramatically increasing the sophistication of these threats. 

Malicious actors are increasingly exploiting email to impersonate brands, launch phishing campaigns, and spread false information—often using sophisticated methods made simpler by emerging technologies. This environment calls for a layered approach to email protection. Email authentication is a foundational defense that can significantly curb many of these malicious attempts at their source. Additionally, DMARC uniquely protects outbound email to partners and clients, thereby offering brand and compliance protection. 

"In 2024, we witnessed some of the most sophisticated email-based attacks in history," said Al Iverson, Industry Research and Community Engagement Lead at Valimail. "From North Korean targeting of vulnerable domains to widespread supply chain attacks on U.S. municipalities and general attacks on educational institutions, cybercriminals are exploiting weaknesses in email systems with increasing precision, eroding trust in digital communications." 

Several trends are highlighted within the report, including:

  • Rising threat sophistication. AI-generated emails more than ever now convincingly mimic legitimate communications, dramatically increasing the success rate of phishing and spoofing attacks.
  • Cross-industry vulnerability. Every sector faces significant email-based threats, with varying levels of preparedness.
  • Protection gap. While more than 7.2 million domains have implemented some form of email authentication, approximately half remain insufficiently protected against domain spoofing. 

Despite these growing threats, the report shows that Domain-based Message Authentication, Reporting, and Conformance (DMARC) continues to be a highly effective approach that can authoritatively prevent spoofing attacks when properly implemented.

The full report can be accessed at https://www.valimail.com/resources/reports/2025-disinformation-and-malicious-email-report-why-dmarc-remains-pivotal/. 

