Why Some Domains Are Heavily Spoofed While Others Are Safe

March 24, 2025

DMARC reports show attackers exploit weak authentication, exposed emails, and domain trust signals, regardless of organization size.

Email Security
Email Security
1
min read
Why Some Domains Are Heavily Spoofed While Others Are Safe

Just realized I never raised a question about how bad actors decide which domain names to spoof.

I review DMARC reports quite often, and sometimes I see companies with 300-400 employees having no spoofing attempts, even with p=none and no reporting implemented.

At the same time, I see smaller companies with teams of just 1-5 people experiencing 100+ spoofed emails being distributed every day.

The first thing that comes to mind is that they might register on various websites / leave their emails on shady blogs, leading to email leaks.

But is there any correct answer? Anyone?

DMARC
Email Security
Cyber Security
Spoofing
Phishing
Email Marketing
Scams
Email Deliverability
Related posts
All posts
Google.com Scam Sent via Gmail API - DMARC Passed, No Account Compromise

A scam email sent from @google.com passed SPF, DKIM, and DMARC without a compromised account. Here’s what it reveals about modern email threats.

Google.com Scam Sent via Gmail API - DMARC Passed, No Account Compromise
Email Security
When Vendors Control Your DNS: A Hidden DMARC Security Risk

A real-world example of how third-party DNS control can silently block DMARC visibility, redirect domain telemetry, and introduce serious email security and data exposure risks.

When Vendors Control Your DNS: A Hidden DMARC Security Risk
Email Security
2.3 million emails. One exposed API key. $10K bill.

How DMARC forensics exposed an API key leak, 2.3M unauthorized emails, and a $10K bill.

2.3 million emails. One exposed API key. $10K bill.
Email Security