More than one recorded video this week, huh? My apologies; I’m traveling this week and time to create content has been cut a bit short. Also, I’m admittedly quite proud of everything I’m sharing this week. In particular, this Valimail webinar I presented last week on the topic of DMARC. This one gets technical and goes deeper than usual.
And now, The Recap
At its core, this was, of course, about email authentication. I walked the audience through the ins and outs of SPF, DKIM, and DMARC. DMARC (Domain-based Message Authentication, Reporting, and Conformance) is a powerful tool that builds on SPF and DKIM to help domain owners prevent phishing and spoofing. By publishing a DMARC policy, organizations can instruct email providers like Microsoft, Yahoo and Google on how to handle messages that fail authentication checks. I explained how DMARC helps block unauthorized senders while providing detailed reporting to monitor authentication failures and identify potential threats (which is something that Valimail is quite good at, if I do say so myself).
My guest Ed Fisher from Microsoft brought valuable insights from his perspective, particularly on what can go wrong with DMARC implementation. He discussed common pitfalls such as misconfigured DNS records, organizations setting policies incorrectly, and the challenges of dealing with shadow IT. He also highlighted the risk of assuming DMARC alone stops phishing—when in reality, attackers can still exploit compromised accounts that authenticate properly. Ultimately, while DMARC is a crucial part of email security, it should always be part of a broader strategy that includes multi-factor authentication, secure email gateways, and continuous monitoring. And a careful, phased approach is important for DMARC implementation—starting with monitoring (p=none) and understanding what mail you send before moving up to an enforcement-level policy of quarantine or reject. We also talked about industry factors, including Google and Yahoo’s new (announced in 2023) DMARC requirements, and I included just a tiny touch of how Valimail can simplify DMARC reporting and deployment.
Watch the Recording
If all of that sounds like your cup of tea, I hope you’ll take a gander at the recording. Find it embedded above, or here on Youtube. And thanks for thinking about DMARC!
(The usual disclaimer: I am employed by Valimail.)
More than one recorded video this week, huh? My apologies; I’m traveling this week and time to create content has been cut a bit short. Also, I’m admittedly quite proud of everything I’m sharing this week. In particular, this Valimail webinar I presented last week on the topic of DMARC. This one gets technical and goes deeper than usual.
And now, The Recap
At its core, this was, of course, about email authentication. I walked the audience through the ins and outs of SPF, DKIM, and DMARC. DMARC (Domain-based Message Authentication, Reporting, and Conformance) is a powerful tool that builds on SPF and DKIM to help domain owners prevent phishing and spoofing. By publishing a DMARC policy, organizations can instruct email providers like Microsoft, Yahoo and Google on how to handle messages that fail authentication checks. I explained how DMARC helps block unauthorized senders while providing detailed reporting to monitor authentication failures and identify potential threats (which is something that Valimail is quite good at, if I do say so myself).My guest Ed Fisher from Microsoft brought valuable insights from his perspective, particularly on what can go wrong with DMARC implementation. He discussed common pitfalls such as misconfigured DNS records, organizations setting policies incorrectly, and the challenges of dealing with shadow IT. He also highlighted the risk of assuming DMARC alone stops phishing—when in reality, attackers can still exploit compromised accounts that authenticate properly. Ultimately, while DMARC is a crucial part of email security, it should always be part of a broader strategy that includes multi-factor authentication, secure email gateways, and continuous monitoring. And a careful, phased approach is important for DMARC implementation—starting with monitoring (p=none) and understanding what mail you send before moving up to an enforcement-level policy of quarantine or reject. We also talked about industry factors, including Google and Yahoo’s new (announced in 2023) DMARC requirements, and I included just a tiny touch of how Valimail can simplify DMARC reporting and deployment.
Watch the Recording
If all of that sounds like your cup of tea, I hope you’ll take a gander at the recording. Find it embedded above, or here on Youtube. And thanks for thinking about DMARC!
Comments
Post a Comment
Comments policy: Al is always right. Kidding, mostly. Be polite, please and thank you.