Proofpoint study finds gaps in email security leave Indian bank customers exposed to fraud

Nearly two in five Indian banks continue to expose customers and employees to elevated risks of email-based fraud due to gaps in email authentication controls, according to new research released by Proofpoint.

The findings are based on a Domain-based Message Authentication, Reporting and Conformance (DMARC) analysis of 80 Indian banks, assessing how effectively institutions are protecting their domains from email spoofing, phishing and impersonation attacks. DMARC is a widely adopted email authentication protocol with three enforcement levels, monitor, quarantine and reject; with “reject” offering the highest level of protection by blocking fraudulent emails before they reach inboxes.

Strong adoption, uneven enforcement

The analysis shows that while 99% of Indian banks have implemented DMARC in some form, enforcement levels vary significantly:

• 61% have implemented DMARC at the “reject” level, fully blocking unauthorised emails.
• 28% operate at the “quarantine” level, diverting suspicious emails
• 10% remain at the “monitor” level ...