Billions of Email Messages Attributed to Global Brands Potentially Fraudulent, According to Return Path

Nearly 21 billion emails appearing to come from well-known commercial senders did not come from their IP addresses – a possible indication of phishing attacks

NEW YORK – June 2, 2015 – Data solutions provider Return Path today announced that nearly 21 billion emails attributed to a large group of global consumer brands sent between October 2014 and March 2015 did not come from IP addresses of mail servers known to send on the brands’ behalf. Return Path analyzed more than 235 billion messages appearing to come from these senders during the six-month period and suspicious, potentially fraudulent email made up 9% of all messages. Because their origin could not be authenticated by the leading anti-phishing standard, DMARC, Return Path classified these messages as “suspicious.” While not always associated with cyber attacks, suspicious messages are considered more likely to place recipients at risk. Brands included in this study use the DMARC standard to identify and prevent delivery of suspicious messages attributed to them.

Suspicious message volumes during this six-month period peaked during the holiday season, in December, when more than 6 billion of the 47 billion messages analyzed (13%) could not be authenticated. The proportion of suspicious mail attributed to these senders remained near 10% throughout the first quarter of 2015, reaching 11% in March.

Of the industry sectors represented by multiple companies in the group, financial services brands saw the highest proportions of suspicious messages: 11% of email that appeared to come from these brands was deemed suspicious. Retailers and airlines saw less than half that rate, with roughly 4% of messages appearing to come from them categorized as suspicious.

“As more brands employ email fraud protection technology to detect and stop phishing attacks from reaching consumers, they are discovering massive volumes of messages that seem to come from their sending domains, but which actually come from cyber criminals,” said Robert Holmes, Return Path’s general manager of Email Fraud Protection. “Authentication-based solutions like DMARC represent the best available approach to identify and block suspicious email. Brands that properly authenticate email sent from their domains are directing mailbox providers to reject millions of potentially fraudulent messages every day, making email safer for all users.”

Download Return Path’s analysis, including monthly volume trends and industry breakouts.


This analysis included 234.7 billion messages sent during Q4-2014 and Q1-2015, which were attributed to domains (e.g., and subdomains (e.g., registered to 157 large, global brands that use the DMARC standard to identify suspicious and potentially fraudulent email. More than 20.9 billion of these messages were categorized as suspicious. The brands studied in this analysis include large, global banks and financial services providers such as credit card issuers and insurance companies; airlines and travel services providers; social media sites; retailers; gaming companies; telecommunications providers; and government agencies.

About Return Path

Return Path is a global data solutions provider. We help companies build more secure, meaningful, and profitable relationships with consumers. Our analytics make email more effective and safer for senders, subscribers, and mailbox providers. Brands rely on Return Path Email Optimization to increase campaign performance and ROI, and on Return Path Email Fraud Protection to detect and prevent cyber attacks. Find out more about Return Path solutions at

Your browser is out of date.
For a better Return Path experience, click a link below to get the latest version.