Background confetti Background confetti Background confetti Background confetti Background confetti


Return Path Unveils Email Threat Intelligence Capability to Identify Attacks that Evade Authentication

Email Fraud Protection solution finds more than 750,000 malicious emails in initial analysis of phishing and spoofing trends

NEW YORK – September 15, 2015 – Data solutions provider Return Path today announced the launch of its Email Threat Intelligence capability and its first publicly available analysis of current email fraud tactics, the Email Threat Intelligence Report. Return Path’s solution applies message-level data analysis toward the detection of email fraud that cannot be identified by authentication-based technology. Recent analysis shows that brand spoofing, a tactic employed to evade authentication-based email filters, is widely used in phishing attacks against brands and consumers.

Brand spoofing refers to falsifying the display name, email account, or even subject—so a fraudulent message looks like it has come from a trusted brand. Domain spoofing refers to messages that falsify the sending domain to match one under the brand’s control. Brands can deploy authentication-based solutions like DMARC (Domain-based Message Authentication, Reporting and Compliance) to protect consumers from domain spoofing. However Return Path estimates that only 30% of email attacks against brands use this tactic. Return Path Email Threat Intelligence was developed to detect the remaining 70% of threats not addressable by DMARC.

Powered by the Return Path Data Cloud, Email Threat Intelligence leverages the company’s network of more than 70 major mailbox and security providers to analyze over 6 billion email messages per day. Applying proprietary threat detection algorithms, the solution identifies attacks in real time enabling brands to take immediate action to protect consumers from malicious messages.

Using Email Threat Intelligence to investigate prevalent tactics used by cybercriminals, Return Path found more than 750,000 malicious messages spoofing 40 top-tier global consumer brands over the course of July and August 2015. Most of these messages employed brand spoofing to avoid detection by existing email authentication protocols.

In addition to brand spoofing, Return Path analyzed the use of snowshoe spamming—a tactic to complicate detection by sending batches of fraudulent messages from multiple IP addresses—and found that large-scale attacks followed no recognizable patterns to help identify them. Of the 100 largest attacks detected, 22 were highly distributed across networks of sending IPs—so-called botnets. Meanwhile 27 were not distributed at all, generally coming from single sources, indicating that reputation-based filtering and blacklists are effective countermeasures in the fight against email fraud.

“Brand spoofing is the most prevalent email fraud tactic in use today because it is difficult to detect. While authentication-based solutions like DMARC represent the best available protection against direct domain spoofing, companies have had no way to identify and address email threats appearing to come from domains outside of their control. Now they do,” said Robert Holmes, general manager, Email Fraud Protection at Return Path. “These solutions are complementary. Brands that use DMARC and Email Threat Intelligence together can act quickly to eliminate the impact of email fraud. Defending consumers against phishing attacks, malware, and scams is essential to maintaining brand trust and loyalty. Return Path’s Email Threat Intelligence enables brands to address a huge gap in their email fraud protection.”

Further analysis is available in Return Path’s Email Threat Intelligence Report here.


Using its email threat intelligence solution powered by the Return Path Data Cloud, the company analyzed more than 240 billion email messages associated with 40 global brands in industries historically prone to email fraud. The messages were received during a 40-day period in July and August 2015. Return Path’s threat detection and classification algorithms identified 769,792 malicious messages targeting the included brands, 503,975 of which (63%) spoofed at least one element of the email header.

About Return Path

Return Path analyzes the world’s largest collection of email data to show businesses how to stay connected to their audiences, strengthen their customer engagement, and protect their brands from fraud. Our data solutions help analysts understand consumer behavior and market trends. We help mailbox providers and security providers around the world deliver great user experiences and build trust in email by ensuring that wanted messages reach the inbox while spam and abuse don’t.