BLOG ARTICLE
And rightly so, even more so with DMARC deployments. However, it’s not the technology, it’s what hasn’t been done with it that is most likely the cause of the problem. Don’t be mad at the technology, be mad that it hasn’t been implemented correctly.
All technology is not created equal; there are different standards, protocols and best practice aplenty. Businesses need to engage with people who are qualified and experienced with configuring and implementing a specific technology.
Using a provider that is classed as a DMARC (Domain-based Messaging Authentication Reporting & Conformance) expert will ensure that the implementation is done correctly and fully, and organisations can be confident that the full protection benefits and compliance of the DMARC technology standard will be delivered.
DMARC, a relatively new technology standard at just 10 years old, delivers tangible security protection against cybercriminals.
However, for many organisations the full benefits of DMARC are not being realised and this state of affairs can be directly attributable to incorrect or incomplete implementation and configuration.
DMARC involves the configuration of three sets of inter-related standards and protocols – SPF, DKIM and DMARC, as well as consideration of the wider email security environment; including for example a company’s anti-spam software. All these technology pieces of the email security puzzle are complementary and must work in harmony.
Errors made in the analysis, configuration, set up, or implementation stages can render DMARC less effective than its real protection capability.
When businesses that have taken the decision to implement DMARC continue to be the target of cyber criminals employing all sorts of spoofing and phishing attacks for fraudulent gain, they rightly become frustrated and immediately look to fault the technology. DMARC hasn’t lived up to its promises, and they immediately deem it ineffective. This is very far from the truth.
DMARC as a standard is not faulty. At fault is an incorrect, flawed or partial implementation.
The fact is that when DMARC is configured correctly and policies set up correctly, organisations will have the highest level of protection from cyber criminals who seek to use email as a weapon to defraud them.
Businesses should not think that implementing DMARC is a quick fix that involves simply turning on a setting. It requires methodical, systematic and thorough analysis and planning. With a DMARC implementation the detail is everything. This is why every employee at Sendmarc is fully focused on DMARC.
Every Sendmarc engineer is entrenched in the technology and its inter-relationships with all software touching the email environment at any time, in order to enable organisations to achieve the strongest email security credentials. When Sendmarc is implementing DMARC at a company it follows a proprietary methodology that is robust and highly detailed. It is confident of its DMARC success credentials and offers all companies a guarantee of achieving a policy of reject for them within 90 days.
Sendmarc has the guarantee in place because it has highly specialised skilled engineers with in-depth understanding of the syntax of all protocols and standards across the email security environment, and understands and has experience of the most complex email environments and all technologies that touch it.
DMARC providers who are not familiar and entrenched in the protocol day in and day out, as well as the intricacies and inter-relationships of the entire email environment and all its working parts, are likely to run into implementation difficulties.
Over the past couple of months, in conversations with many businesses, Sendmarc has heard first-hand of the frustration and lack of confidence in DMARC that some are feeling. The decision to implement DMARC is most definitely the right one, but they have lost faith in DMARC, because they are still receiving spoofing and phishing attacks from cybercriminals hijacking their domain name and impersonating them, and are having legitimate emails blocked which is severely affecting their productivity. There are a number of reasons this may be happening, but what is safe to say is that it is not DMARC as a technology standard that is at fault.
Knowing the robustness of DMARC as a technology standard, and knowing that the internet becomes a safer place with every additional company that has DMARC (correctly implemented and at a policy of reject), Sendmarc looked into the implementations at these companies to find out why they were not experiencing the security promise.
The effectiveness of DMARC lies with its correct configuration and implementation. If the implementation is flawed, organisations will continue to be plagued both by spoofing and phishing attacks as well as the disruption of the seamless delivery of legitimate mail.
When the email environment continues to be disrupted by cybercriminal attacks or deliverability issues, it is typically because whoever has implemented DAMRC either:
Sendmarc has a customer base of all sizes from large international corporations, to enterprises operating in specific regions, and small and medium sized businesses with national footprints.
Across this customer base it has seen a number of implementation errors that have left organisations in a position where they are not receiving the highest security and compliance benefits of DMARC and improved email deliverability. The reasons for this are:
Identifying why DMARC is failing can be completely avoided by choosing a DMARC provider with the required specialist skills and DMARC dedicated engineers.
All businesses should make the decision to implement DMARC if they haven’t done so already. If you do not believe you are susceptible to cyber criminals whose weapon of choice is email, you can take Sendmarc’s online analysis to learn the true state of your email security. It takes less than five minutes and uses a sophisticated and highly accurate algorithm to calculate your security score.
If governments around the world, including the US, UK, Australia, New Zealand, Canada, and The Netherlands are recommending and implementing DMARC as part of their arsenal of cyber security measures to protect themselves and their citizens from cyber criminals using email for fraudulent purposes, you can be confident it is a robust technology.
But DMARC, like most technology is only as effective as its implementation.
LATEST ARTICLES