Background confetti Background confetti Background confetti Background confetti Background confetti


New Research from Return Path Reveals the Consequences for Marketers Who Do Nothing to Fight Email Fraud

Report shows the most valuable marketing channel is also the least secure, putting brand reputation, consumer trust, and revenue generation in jeopardy

NEW YORK, June 23, 2016 — Email drives more leads, conversions, and revenue than any other marketing channel, but it’s also the weapon of choice for cybercriminals around the world.

New research from Return Path finds that the damage caused by email fraud goes far beyond the immediate impact to a brand’s reputation. Released today, Return Path’s Phishing: The Cost of Doing Nothing for Marketers demonstrates how phishing and spoofing attacks erode consumer trust, compromise the performance of legitimate email campaigns, and ultimately reduce marketing ROI.

According to the report:

  • Phishing has real, direct costs. The average large company (defined as 10,000+ employees) spends $3.7 million annually to recover from phishing attacks, including lost productivity, customer service, and regulatory fines.
  • Phishing damages engagement. Subscribers are less likely to trust a brand following a phishing attack. The report finds that when negatively impacted, average read rates dropped by up to 18 percentage points at Gmail and 11 percentage points at Yahoo.
  • Phishing impacts deliverability. Following a phishing attack, mailbox providers are more likely to flag legitimate email as spam. Research shows that when negatively impacted, average inbox placement rates dropped by up to 10 percentage points at Gmail and 7 percentage points at Yahoo.

“The immediate cost of phishing is staggering, but the bigger impact comes from loss of trust,” said Estelle Derouet, VP Marketing, Email Fraud Protection at Return Path. “If your brand reputation is damaged by email fraud, customers won’t open your emails and mailbox providers may not deliver your messages to the inbox. When that happens, you’ve lost a revenue opportunity—both now and in the future.”

Marketers recognize the cost of email fraud, but are ill-equipped to act
While marketers understand the threat that email fraud poses, few brands are taking the necessary steps to fight back. Return Path’s research shows that 81 percent of marketers would be concerned or very concerned if customers received a malicious email that appeared to come from their brand. Yet only 32 percent of marketers say that securing the email channel is a top priority in 2016.

And perhaps more troubling, marketers are ill-equipped to fight phishing even if they wanted to. A full 76 percent of survey respondents say they have little to no visibility into email attacks on their brand.

“Email security is everyone’s responsibility,” continued Derouet. “As guardians of the brand and owners of the email channel, it’s time for marketers to join the fight against email fraud—and for CMOs to prioritize customer security.”

Mailbox providers are changing the game
Major mailbox providers like Google and Microsoft are taking action to crack down on companies that fail to follow best practices for email security. As of February 2016, Google is flagging emails that fail authentication by replacing company avatars with a red question mark, thereby removing the guesswork for their end users. Similarly, Microsoft now inserts a red safety notification at the top of known phishing messages and any message that fails authentication.

When consumers see these warnings, they are less likely to engage with both the individual email and the brand that sent it.

“When it comes to phishing, email authentication standards like SPF, DKIM, and DMARC are no longer optional. They are essential best practices for ensuring that legitimate email won’t be treated like spam,” added Derouet. “Any company not proactively securing their email channel today risks losing not only priceless brand loyalty but also marketing-generated revenue.”

Phishing: The Cost of Doing Nothing for Marketers can be found in its entirety here.

Return Path will co-host a webinar with EEC to further discuss these findings. “Marketing’s Hidden Phishing Tax: The Cost of Doing Nothing About Email Fraud” will be held on June 28 at 2PM ET. Register here to join us for this webinar.

Return Path surveyed more than 220 marketers in May 2016 on the value of trust in email marketing. 45 percent of respondents had a title of manager while 26 percent had a title of director and above. Of the companies surveyed, 33 percent employed more than 1,000 people.

In addition, Return Path conducted further research across 71 large brands between April 1 and September 30, 2015, analyzing Gmail and Yahoo! inbox placement rate as well as read rates of legitimate programs within 10 days of a detected phishing attack on the brand.

About Return Path
Return Path analyzes the world’s largest collection of email data to show businesses how to stay connected with their audiences, strengthen their customer engagement, and protect their brands from fraud. Our data solutions help analysts understand consumer behavior and market trends. We help mailbox providers and security providers around the world deliver great user experiences and build trust in email by ensuring that wanted messages reach the inbox while spam and abuse don’t. For more information on Return Path’s Email Fraud Protection solution, visit or follow us on Twitter @StopEmailFraud.