DMARC management should be seen as an ongoing process

DMARC is for life, not just a project

At Red Sift we often get asked “what next?” after someone has thrown the p=reject switch. Yes, a lot of the really hard work has been done, but like with all things security-focused, constant care and attention are needed to stay one step ahead of phishers, spoofers, and hackers.

Maintain existing email sending services

For your DMARC record to carry on protecting your organization it needs regular care and attention, take your eye off the ball and SPF or DKIM might break at some point and you’ll have your emails rejected without knowing it has even happened. There are a few reasons why this might happen:

  1. Email Forwarding
    When someone forwards an email, SPF is broken.
  1. Misalignment
    If you’re using a third-party sending service then DKIM keys can get out of sync.
  1. Server Overload
    Sometimes an ISP, during high email peaks, may turn off DKIM checking as it requires high processing resources.

Without OnDMARC you’ll struggle to pinpoint when this happens or be able to fix the underlying root cause.

Knowing what’s going on across your email landscape is particularly valuable when you’re using third-party sending services and may not otherwise have direct control over the exact configuration. Indeed, it’s not uncommon for third-parties sending emails on behalf of their customers to suddenly stop DKIM signing emails, all because a small change has been made. Without the reporting functionality of OnDMARC you won’t know if and when this happens so you won’t be able to reach out to them for answers or have this corrected.

Add new email services

The ongoing reporting capability of DMARC has the added benefit of highlighting new legitimate (and illegitimate) sources of email. Once you’ve seen them pop up on the OnDMARC radar you can go ahead and either properly configure them with SPF and DKIM, or block them altogether.

  1. A common scenario is a department, such as Marketing, deciding to use a new application like Hubspot or Mailchimp, to manage email campaigns to customers.
  1. Unfortunately, IT and email teams aren’t always involved in these decisions, and so the new email sending application becomes part of an organizations’ “shadow IT”.
  1. The problem with sending emails “from the shadows” is that with your DMARC record in p=reject none of these emails will reach their intended recipients.  

Of course, the moment you know about the new application you can help correctly configure it to maximize deliverability rates. 

Building a futureproof email architecture 

It’s inevitable that over time new domains and subdomains will be added, this is commonly known as domain creep, and eventually, most organizations end up with far more domains under DMARC control than they first imagined when they started their journey.

Our experience of thousands of DMARC deployments has taught us that most organizations will want to make use of dedicated domains or subdomains for individual business groups, perhaps even with different policies for these domains. There will also be parked domains, purchased to protect domains you own but do not send email from.

Being able to simply, and correctly, manage an ever-growing number of domains is vital because what your email landscape looks like today, isn’t an indication of what it will look like tomorrow.

To find out more about how OnDMARC helps make DMARC implementation simpler and easier, start your 14 day free trial or get in touch with us below today!

PUBLISHED BY

Red Sift

16 Sep. 2020

SHARE ARTICLE:

Categories

Recent Posts

VIEW ALL
DKIM

First look at DKIM2: The next generation of DKIM

Red Sift

In 2011, the original DomainKeys Identified Mail (DKIM1) standard was published. It outlined a method allowing a domain to sign emails, enabling recipients to verify that the email originated from an entity holding a private key that matches the public key published in the domain’s DNS records. Now in 2024, DKIM is ready for…

Read more
Security

Securing our world: For a safer internet

Jack Lilley

October is Cybersecurity Awareness Month, a time for industries to unite in promoting digital security within today’s complex landscape. Bad actors are leveraging increasingly sophisticated methods—such as email phishing and Business Email Compromise (BEC)—to exploit vulnerabilities, impersonate legitimate contacts, and access sensitive information. CISA Director Jen Easterly advises us to “always think before you…

Read more
Cybersecurity

Boosting email security amid recent Coinbase phishing attempts

Jack Lilley

In recent weeks, there have been reports of sophisticated phishing attacks disguised as official communication from the cryptocurrency platform, Coinbase. These phishing emails closely mimic Coinbase’s branding and language to build recipient trust and prompt clicks on malicious links. The subject lines of these emails generally follow a format: the sender’s address starts with…

Read more
Product Release

Red Sift’s Fall 2024 Quarterly Product Release

Francesca Rünger-Field

Building on the momentum of our Summer Release, we’ve taken another big step forward in AI-driven security with our Fall 2024 updates.  Over the last few months, we’ve been focused on developing our skilled up large language model (LLM), Red Sift Radar – now fully integrated with OnDMARC – making it the first LLM…

Read more