Why Some Domains Are Heavily Spoofed While Others Are Safe

March 24, 2025

DMARC reports show attackers exploit weak authentication, exposed emails, and domain trust signals, regardless of organization size.

Email Security
Email Security
1
min read
Why Some Domains Are Heavily Spoofed While Others Are Safe

Just realized I never raised a question about how bad actors decide which domain names to spoof.

I review DMARC reports quite often, and sometimes I see companies with 300-400 employees having no spoofing attempts, even with p=none and no reporting implemented.

At the same time, I see smaller companies with teams of just 1-5 people experiencing 100+ spoofed emails being distributed every day.

The first thing that comes to mind is that they might register on various websites / leave their emails on shady blogs, leading to email leaks.

But is there any correct answer? Anyone?

DMARC
Email Security
Cyber Security
Spoofing
Phishing
Email Marketing
Scams
Email Deliverability
Related posts
All posts
Backscatter Injection Attacks Exploiting Legitimate Infrastructure

Attackers use backscatter emails to bypass filters, harming servers and delivering phishing content.

Backscatter Injection Attacks Exploiting Legitimate Infrastructure
Email Security
The Risks of Abruptly Enforcing DMARC p=reject in Organizations

Sudden DMARC enforcement can disrupt workflows, block emails, and impact organizational operations significantly.

The Risks of Abruptly Enforcing DMARC p=reject in Organizations
Email Security
How a Fake Bank Transfer Email Nearly Fooled Me

Spoofed emails can mimic trusted senders, highlighting risks in elementary school communications.

How a Fake Bank Transfer Email Nearly Fooled Me
Email Security