Why Some Domains Are Heavily Spoofed While Others Are Safe

March 24, 2025

DMARC reports show attackers exploit weak authentication, exposed emails, and domain trust signals, regardless of organization size.

Email Security
Email Security
1
min read
Why Some Domains Are Heavily Spoofed While Others Are Safe

Just realized I never raised a question about how bad actors decide which domain names to spoof.

I review DMARC reports quite often, and sometimes I see companies with 300-400 employees having no spoofing attempts, even with p=none and no reporting implemented.

At the same time, I see smaller companies with teams of just 1-5 people experiencing 100+ spoofed emails being distributed every day.

The first thing that comes to mind is that they might register on various websites / leave their emails on shady blogs, leading to email leaks.

But is there any correct answer? Anyone?

DMARC
Email Security
Cyber Security
Spoofing
Phishing
Email Marketing
Scams
Email Deliverability
Related posts
All posts
Coordinated Subdomain Takeover Campaign Targeting US Universities

Attackers are hijacking abandoned .edu subdomains via orphaned CNAME records, serving spam under trusted university domains and exploiting SEO authority.

Coordinated Subdomain Takeover Campaign Targeting US Universities
Email Security
Cloudflare's DMARC Documentation Exposed an Unregistered Domain And Dozens of Organizations Paid the Price

How an unregistered domain in Cloudflare's DMARC documentation silently exposed infrastructure data from dozens of organizations.

Cloudflare's DMARC Documentation Exposed an Unregistered Domain And Dozens of Organizations Paid the Price
Email Security
FinTech AccessPay Exposed Internal Email Infrastructure Data for Years

A misconfigured DMARC record sent sensitive email infrastructure data to an unregistered domain, creating a long-term exposure risk.

FinTech AccessPay Exposed Internal Email Infrastructure Data for Years
Email Security