What is DMARC and why do I need it?
The fact that email is a vital part of business is undeniable. More than 350 billion emails are sent every day, and it is estimated that less than 15% of them are legitimate or requested. That’s where the abuse begins. On its own, email lacks the ability to verify the authenticity of the sender. This fundamental flaw is exploited by cybercriminals and solved by DMARC.
Domain-based Message Authentication Reporting and Conformance (DMARC) is an open-source technical specification that is used to authenticate outbound email by aligning SPF and DKIM mechanisms. By having DMARC in place, domain owners can stop criminals from using their domains for business email compromise, phishing and spoofing. DMARC was first published in 2012. Since then, DMARC has become a cybersecurity best practice and an indicator for an organisation’s security posture.
DMARC is gaining attention in the government and insurance sectors. It’s always eneficial to be an early adopter, a role model, for meeting compliance before a control like DMARC is mandated.
Following the Department of Homeland Security’s 2017 action that ordered federal agencies to defend their domains with DMARC, Congress passed a DMARC mandate in the 2021 National Defense Authorization Act. The mandate requires US-based email infrastructure to implement the DMARC standard at scale.
Increasingly, insurance companies are listing DMARC on their cyber insurance applications. Having DMARC and other cybersecurity measures in place can lower premiums and increase the chance of insurance payouts if and when a data breach claim is processed. Because cyber insurance companies are looking to lower risk when issuing cyber policies by recommending DMARC, an insured organization’s risk can be reduced as well.
With DMARC deployed, you’re telling the internet what the legitimate uses of your emails are and to block the illegitimate abuse of your email domains, which protects your business from disruption and your brand from damage.
It also gives you visibility on how your email domains are being used, both by people within your organization as well as your external vendors who send emails on your behalf. DMARC becomes a compliance management resource to ensure you’re reducing your liability and the risk of fraud to your organization, your customers and your vendors.
To find out more about DMARC and how it can help your business complete the form. We can set up a 2 week trial and provide you with a Free DMARC status report.
This will highlight:-
- The volume of email sent during the period
- How much of the email was compliant
- The volume of emails sent illegally
- Where the illegal email is coming from
- Next steps