DMARC and Email Statistics 2022

dmarc and email statistics

Nearly 57% of internet users today don’t employ any security measures. Individuals decide and are responsible for them while discussing them, but businesses are to handle big groups of people (employees, customers, partners, and vendors). Although safeguarding these individuals ought to be a proactive measure, many companies wait until it is too late before acting.

Over 71% of all online small firms don’t have a data leak prevention plan, although large enterprises typically do. Insights and fresh data points discovered with email statistics 2022 across the global GoDMARC network are included in this report.


Summary of Highlights

  • The technology today has stopped more than 90 million phishing attacks in the first half of 2022.
  • According to statistics on phishing attempts during that time period, 89% of our clients said they had been impacted.
  • The industry that gets targeted the most globally is finance. The phishing scam has increased by 5.8% during the past three months. The retail sector came in second with a 3,7% gain, and non-profit organisations came in third with a 1,7% increase from the previous year.
  • Our email phishing statistics for 2022 show that in only the month of March 2022, there were more phishing attempts than there were in all of 2021.
  • With over 18% of all attacks, the Netherlands tops the list of nations targeted by phishing and cybersecurity attacks. Following are the USA, Thailand, Russia, Moldova, and.
  • Compared to the previous year, a startling 62.9% more phishing assaults were discovered by us. This is an increase of 30% on a quarterly basis.

Email Phishing: What is It?

96% of statistics of phishing attacks worldwide come through email. An additional 3% are committed through rogue websites, while only 1% use phones (vishing and smishing).

The phishing assault uses social engineering to collect sensitive data from victims, including credit card numbers, login credentials, and personal details.

CEO email fraud primarily comes in two flavours. The first is called name email spoofing and phishing, in which the attacker impersonates your CEO but uses a different email address, and the second is called name and email spoofing, in which the attacker impersonates the CEO while also using the CEO’s legitimate sender address.

The intention is to steal private information, which may include;

  • Tax returns for the company
  • Account information
  • Payroll details

How is Email Deliverability Impacted by DMARC?

Email security and protection from phishing attacks is simply one aspect of dmarc statistics. The deliverability of emails is another issue. Based on the amount of authentication or spam score of your emails, DMARC instructs ISPs (such as Gmail, Yahoo! Mail, and Outlook) how to handle them. In other words, it enables you to position your inbox better so that legitimate mail does not get flagged as spam by ISP filters and instead reaches the intended recipient.

You may increase the deliverability of your emails by

  • Making a DMARC record public
  • Using the findings of your DMARC reporting to enhance your authentication performance
  • Application of a DMARC policy

Spoofing or cyber-attacks can be avoided by setting up a DMARC Record with a reject policy, which makes sure that only authorised emails are transmitted from your domain. This will assist you in maintaining a good sender score and domain reputation, which improves email delivery. The ability to deploy BIMI is a benefit of implementing DMARC with a reject policy. In the mailboxes of your clients, BIMI, an additional layer of email authentication, displays your brand. Your email may stand out from the crowd using BIMI.

Implementing SPF, DKIM, and DMARC as soon as feasible is crucial if you want to prevent spam from intercepting your emails.

How does DMARC Operate?

Your email communications are authenticated by all three components, which help you decide what to do with them. Additionally, DMARC makes use of the well-known Domain Name System (DNS). In essence, a sender’s DMARC record tells the recipient what to do next (e.g., do nothing, quarantine the message, or reject it).

Here is how DMARC functions:

  • After carefully crafting your email, you send it to your devoted contacts.
  • A DKIM header, which checks for fake sender addresses, is included by your mail server.
  • DKIM attests to your legitimacy.
  • Your email is forwarded to the mail server of your recipients.
  • The email server of the receivers checks for working SPF and DKIM protocols.
  • Depending on your DMARC policy, your email will either pass authentication, be quarantined, or be denied.
  • If accepted, your receiver will receive your message.

Understanding the email health of your protected domain begins with understanding DMARC and Email Statistics 2022. It reveals which sources are using faked domains to transmit messages and detects communications that are not permitted even when they pass SPF/DKIM validation but fail DMARC authorization checks. Through an easy-to-use online dashboard, these reports can be viewed in aggregate or by individual senders. There are various well-known providers that give you 10,000 DMARC statistics 2022 without charge each month, including our DMARC Analyzer. 


We can conclude that phishing is not getting any less common based on our figures for the first half of 2022. Our analysis confirms the findings in other statistics on phishing attacks.

Phishers have improved their abilities to gather information and deliver individualised emails over time. We cannot survive in a world without any protection given the rapidly rising phishing statistics.

Our mission at Godmarc is to give small and medium-sized enterprises a top-notch email security solution and, more importantly, to give our clients peace of mind. With affordable GoDMARC pricing, you can choose to be safe from any phishing attacks.  


Q1. What proportion of businesses utilize DMARC?

80% of all email mailbox providers subject to inbound email are subjected to DMARC inspections and email phishing statistics for 2022. Only 14% of the more than 1.28 million domain owners that have configured DMARC for their domains globally have enforcement policies in place to guard against spoofing. 43.4% of domains in large businesses have a DMARC policy enforcement.

Q2. What is spear phishing?

A specific individual or group is the goal of a “spear phishing” campaign, which frequently includes information that is known to be of interest to the target, such as newsworthy events or financial papers. It is vital to know how to prevent yourself from these phishing attacks

Q3. How Gmail uses DMARC?

There are three DMARC policy choices for Gmail: None: Send the message as usual. Quarantine: If a quarantine option is configured, send the message to quarantine or the recipient’s spam folder. Reject: Stop communicating the message.

Explore Our More Tools:


Look Up and validate SPF Record

Learn More

Look Up DKIM Record

Learn More

Look Up DMARC Record

Learn More

Look Up BIMI Record

Learn More