In my last post, I talked about what DMARC doesn't do. What it cannot do, addressing limitations and mis-assumptions. But, as I said then, I am a DMARC fan. I don't think it's broken, or lacking. It is most definitely not useless. Quite the opposite. It is very useful protection mechanism for the security-savvy email administrator.
To that end, here are five things that DMARC does very well.
DMARC tells the bad guys that you're paying attention. Bad guys are less likely to try to spoof your email domain if they know you've got DMARC in place. Why? Because they know that you're not asleep at the wheel. You're concerned about phishing and spoofing. You don't want anybody but you to be able to send emails successfully using your domain name.
It enables a feedback mechanism that provides data to show you where the phishing and spoofing is coming from. DMARC aggregate reporting gives you insight into how much mail is out in the wild referencing your domain, where it is coming from, and whether or not it is authenticated. I find it valuable to know what mailbox providers can see.
It helps you identify shadow IT. Sometimes you find that a team or vendor is sending email "on your behalf" without telling you. DMARC reports help surface those services, so you can decide whether to approve, configure properly, or shut them down.
It improves your deliverability baseline. Mailbox providers expect legitimate senders to authenticate their mail. Having SPF, DKIM, and DMARC passing (and properly aligned) tells them you're a legitimate sender that follows best practices. You're not guaranteed inbox placement, but you're starting from the right place instead of digging out of a hole.
DMARC protects your brand and your customers. DMARC in enforcement mode (with a policy of quarantine or reject) stops unauthenticated spoofed messages from being delivered at many mailbox providers. That means fewer phishing attempts using your domain actually reach inboxes, which directly protects both your customers and your reputation. This, at its very core, is the best, primary reason to implement DMARC.
Ultimately, DMARC has a verfy specific mission. But it is a powerful one. It stops unauthenticated mail from pretending to be you. Implemented properly, it allows you to actively block a major phishing vector. DMARC doesn't solve every security or deliverability problem, but it solves this problem very effectively. The impact is high and the protection is valuable.
In my last post, I talked about what DMARC doesn't do. What it cannot do, addressing limitations and mis-assumptions. But, as I said then, I am a DMARC fan. I don't think it's broken, or lacking. It is most definitely not useless. Quite the opposite. It is very useful protection mechanism for the security-savvy email administrator.
- DMARC tells the bad guys that you're paying attention. Bad guys are less likely to try to spoof your email domain if they know you've got DMARC in place. Why? Because they know that you're not asleep at the wheel. You're concerned about phishing and spoofing. You don't want anybody but you to be able to send emails successfully using your domain name.
- It enables a feedback mechanism that provides data to show you where the phishing and spoofing is coming from. DMARC aggregate reporting gives you insight into how much mail is out in the wild referencing your domain, where it is coming from, and whether or not it is authenticated. I find it valuable to know what mailbox providers can see.
- It helps you identify shadow IT. Sometimes you find that a team or vendor is sending email "on your behalf" without telling you. DMARC reports help surface those services, so you can decide whether to approve, configure properly, or shut them down.
- It improves your deliverability baseline. Mailbox providers expect legitimate senders to authenticate their mail. Having SPF, DKIM, and DMARC passing (and properly aligned) tells them you're a legitimate sender that follows best practices. You're not guaranteed inbox placement, but you're starting from the right place instead of digging out of a hole.
- DMARC protects your brand and your customers. DMARC in enforcement mode (with a policy of quarantine or reject) stops unauthenticated spoofed messages from being delivered at many mailbox providers. That means fewer phishing attempts using your domain actually reach inboxes, which directly protects both your customers and your reputation. This, at its very core, is the best, primary reason to implement DMARC.
Ultimately, DMARC has a verfy specific mission. But it is a powerful one. It stops unauthenticated mail from pretending to be you. Implemented properly, it allows you to actively block a major phishing vector. DMARC doesn't solve every security or deliverability problem, but it solves this problem very effectively. The impact is high and the protection is valuable.Comments
Post a Comment
Comments policy: Al is always right. Kidding, mostly. Be polite, please and thank you.