NTT Docomo Rolls Out New Measures to Prevent Spoofed Emails

Email spoofing remains a top vector for phishing, especially for large brands whose names lend credibility. In Japan, telecom operators handle billions of customer communications daily, making them attractive targets for cybercriminals seeking to harvest credentials or distribute malware. Recent reports show that spoofed messages can achieve open rates up to 30% when they appear to come from trusted carriers. Consequently, protecting the integrity of outbound email has become a strategic priority for operators seeking to preserve both user safety and brand equity.

DMARC and BIMI are complementary standards that give domain owners control over how their messages are handled by receiving mail servers. DMARC builds on SPF and DKIM, instructing inboxes to reject, quarantine, or monitor messages that fail authentication, while also providing daily reports to the sender. BIMI adds a visual layer by attaching a verified logo to authenticated emails, instantly signaling legitimacy to end‑users. Together, these protocols not only cut down false positives but also improve deliverability, because reputable senders are less likely to be flagged as spam. Docomo’s rollout therefore creates a two‑factor verification system that is both technical and brand‑centric.

The adoption of DMARC and BIMI by a major carrier signals a broader shift in the Asian telecom landscape toward mandatory email authentication. Regulators in Japan and the broader APAC region have begun to reference these standards in data‑privacy guidelines, nudging competitors to follow suit. For enterprises, the move simplifies vendor risk assessments, as receiving parties can now rely on verifiable sender identities. As more organizations implement similar controls, the overall phishing ecosystem is expected to contract, driving down costs associated with breach remediation and customer support.