Email Remains Primary Gatewy for Disinformation and Cyberattacks in 2025 : Valimail

• 23 Apr 2025
• TM Team
• 0 Comments

Valimail, the leading provider of email authentication and anti-impersonation solutions, released its 2025 Disinformation and Malicious Email Report. The report reveals that email continues to be the most exploited attack vector for cybercriminals and disinformation campaigns, with artificial intelligence dramatically increasing the sophistication of these threats.

In an era marked widespread disinformation, trust in digital communications is eroding. Malicious actors are increasingly exploiting email to impersonate brands, launch phishing campaigns, and spread false information-often using sophisticated methods made simpler by emerging technologies. This environment calls for a layered approach to email protection.

Email authentication is the foundational, cost-effective defense that can significantly curb many of these malicious attempts at their source, providing future-proof protection that can scale. Additionally, DMARC uniquely protects outbound email to partners and clients thereby offering brand and compliance protection.

The report reveals considerable variation in email authentication implementations across industries:

Online Retail leads with 94% of surveyed domains having implemented basic email authentication measures

Financial Services shows strong adoption (80%) but one-third of domains lack enforcement policies that actually prevent spoofing

Higher Education faces significant challenges with nearly two-thirds of domains unable to prevent impersonation attacks

Healthcare lags behind with just over one third having implemented the bare minimum, non-protective DMARC policy of p=none.

"In 2024, we witnessed some of the most sophisticated email-based attacks in history," said Al Iverson, Industry Research and Community Engagement Lead at Valimail. "From North Korean targeting of vulnerable domains to widespread supply chain attacks on U.S. municipalities and general attacks on educational institutions, cybercriminals are exploiting weaknesses in email systems with increasing precision, eroding trust in digital communications."

Several alarming trends are highlighted within the report, including:

Rising threat sophistication: AI-generated emails more than ever now convincingly mimic legitimate communications, dramatically increasing the success rate of phishing and spoofing attacks.

Cross-industry vulnerability: Every sector from financial services to healthcare, government, and education faces significant email-based threats, with varying levels of preparedness.

Protection gap: While more than 7.2 million domains have implemented some form of email authentication, approximately half remain insufficiently protected against domain spoofing.

Despite these growing threats, the report shows that Domain-based Message Authentication, Reporting, and Conformance (DMARC) continues to be a highly effective approach that can authoritatively prevent the most pernicious spoofing attacks when properly implemented.