1. It’s evident from speaking with customers across multiple different industry verticals, that many organisations are still not aware of what DMARC is and why they need to take it seriously. Can you help our readers by articulating what DMARC is all about and why our readers should take action?
DMARC is an industry standard protocol that levels up the email security posture of your organisation. When fully deployed, it prevents bad actors from impersonating you to your colleagues, supply chain and customers over email. It does this robustly and automatically and is supported by most actors in the email ecosystem. Yet amongst the largest companies such as those in the FTSE100, DMARC rollout is just 35% as of Jun ‘21. This lack of consistent adoption is a major cause of the growing risk across the email ecosystem.
2. As you know, there are many solutions out there in the market place all promising to help organisations address the risks associated with not having DMARC properly implemented. How does RedSift differentiate itself from the increasing list of solutions?
When finding the DMARC solution for your business, I recommend taking a long-term view. DMARC is a lifetime project, but many DMARC solutions start and stop at reporting as this is the simplest part of the problem. Reporting is just a stepping stone to getting DMARC fully deployed and your domain protected. Red Sift’s OnDMARC provides a full circle solution for DMARC compliance. Customers are guided through the entire DMARC configuration process within our platform or by our customer success team if needed.
Unlike other providers, we focus on the entire problem and offer a comprehensive solution. As a result, the majority of our customers successfully reach full DMARC compliance in 4 to 8 weeks, and 67% do this without needing additional support.
How much time your security teams must invest in maintaining DMARC once it’s implemented depends on the level of automation, insight and support your chosen DMARC tool provides. We’ve invested heavily in technology, data partnerships and people to provide the highest fidelity of product and level of service on the market, and this is reflected by our roster of customers, case studies and reviews. While we can’t list every customer and the success they’ve enjoyed, I can virtually guarantee that every UK reader of this content has an email in their inbox today that is invisibly authenticated by us.
3. Are you able to share a real life example where lack of DMARC implementation has resulted in a breach, and a brief breakdown of the steps taken by the bad actor to execute the breach?
We can’t share specific incidents, but the pattern of attack is likely very familiar to your readers. Most chains of compromise start with a phishing email that’s launched simply and at scale with minimal technical expertise.
Domains that don’t have full DMARC configuration are easily impersonated, and because it looks legitimate, controls fail to stop the email and sometimes even promote it. It’s almost impossible for the end user to distinguish this message as inauthentic, especially if the email content is well crafted. One mistake (i.e. a link clicked or invoice paid) and ransomware is planted, details are stolen, and chaos ensues.
4. Now I know having DMARC implemented properly just not just give security benefits. How else can having DMARC properly implemented help our readers?
Organisations that have deployed DMARC see various benefits. We have a number of case studies that indicate improved deliverability and inbox placement as a side effect of cleaning up mail flows and blocking bad actors who are negatively influencing their reputation. In addition, very soon a number of major inboxes will be showing logos against properly DMARC authenticated emails via a new standard BIMI.
5. We are getting asked a lot of questions around BIMI. Can you share with us what BIMI is all about and when it will be available for implementation?
BIMI is a standard that relies on DMARC to present logos next to emails in a user’s inbox. These logos will take the place of default avatars in your typical email clients and Apps. Organisations worldwide are excited about the opportunity for enhanced brand recognition and engagement which for many will translate into improved commercial outcomes from their email activity.
We expect BIMI will be available starting with pilot customers in H2 2021 on Google inboxes, but we’ve already helped a number of our customers get early access to the Google pilot. For the BIMI curious, we exclusively track global adoption in real time on BimiRadar.
6. Organisations are facing a number of risks to address and its becoming increasing challenging to prioritise budgets and internal resources. Why should addressing DMARC be a priority for them?
Most CISOs would rate Business Email Compromise (BEC) as a top 3 concern in 2021. Yet many are unaware of DMARC and the role it plays in reducing this problem. DMARC is one of the few projects every business can roll out that will immediately eliminate this dangerous threat vector without complex machine learning or end user involvement.
US and UK governments have directives that spell out DMARC, many private institutions require it for their supply chain and a number of our customers have found BIMI and it’s brand-boosting benefits to be an incentive for getting this project prioritised. Ultimately, if you use email for meaningful commercial activity or interact with organisations who do, DMARC should be at the forefront of your priorities.