DMARC management should be seen as an ongoing process

DMARC is for life, not just a project

At Red Sift we often get asked “what next?” after someone has thrown the p=reject switch. Yes, a lot of the really hard work has been done, but like with all things security-focused, constant care and attention are needed to stay one step ahead of phishers, spoofers, and hackers.

Maintain existing email sending services

For your DMARC record to carry on protecting your organization it needs regular care and attention, take your eye off the ball and SPF or DKIM might break at some point and you’ll have your emails rejected without knowing it has even happened. There are a few reasons why this might happen:

  1. Email Forwarding
    When someone forwards an email, SPF is broken.
  1. Misalignment
    If you’re using a third-party sending service then DKIM keys can get out of sync.
  1. Server Overload
    Sometimes an ISP, during high email peaks, may turn off DKIM checking as it requires high processing resources.

Without OnDMARC you’ll struggle to pinpoint when this happens or be able to fix the underlying root cause.

Knowing what’s going on across your email landscape is particularly valuable when you’re using third-party sending services and may not otherwise have direct control over the exact configuration. Indeed, it’s not uncommon for third-parties sending emails on behalf of their customers to suddenly stop DKIM signing emails, all because a small change has been made. Without the reporting functionality of OnDMARC you won’t know if and when this happens so you won’t be able to reach out to them for answers or have this corrected.

Add new email services

The ongoing reporting capability of DMARC has the added benefit of highlighting new legitimate (and illegitimate) sources of email. Once you’ve seen them pop up on the OnDMARC radar you can go ahead and either properly configure them with SPF and DKIM, or block them altogether.

  1. A common scenario is a department, such as Marketing, deciding to use a new application like Hubspot or Mailchimp, to manage email campaigns to customers.
  1. Unfortunately, IT and email teams aren’t always involved in these decisions, and so the new email sending application becomes part of an organizations’ “shadow IT”.
  1. The problem with sending emails “from the shadows” is that with your DMARC record in p=reject none of these emails will reach their intended recipients.  

Of course, the moment you know about the new application you can help correctly configure it to maximize deliverability rates. 

Building a futureproof email architecture 

It’s inevitable that over time new domains and subdomains will be added, this is commonly known as domain creep, and eventually, most organizations end up with far more domains under DMARC control than they first imagined when they started their journey.

Our experience of thousands of DMARC deployments has taught us that most organizations will want to make use of dedicated domains or subdomains for individual business groups, perhaps even with different policies for these domains. There will also be parked domains, purchased to protect domains you own but do not send email from.

Being able to simply, and correctly, manage an ever-growing number of domains is vital because what your email landscape looks like today, isn’t an indication of what it will look like tomorrow.

To find out more about how OnDMARC helps make DMARC implementation simpler and easier, start your 14 day free trial or get in touch with us below today!


Red Sift

16 Sep. 2020



Recent Posts


The best tools to protect yourself from SubdoMailing

Francesca Rünger-Field

In late February 2024, ‘SubdoMailing’ became a trending search term overnight. Research by Guardio Labs uncovered a massive-scale phishing campaign that had been going on since at least 2022. At the time of reporting, the campaign had sent 5 million emails a day from more than 8,000 compromised domains and 13,000 subdomains with several…

Read more
Product Release

Red Sift’s Spring 2024 Quarterly Product Release

Francesca Rünger-Field

This early into 2024, the cybersecurity space is already buzzing with activity. Emerging standards, such as Google and Yahoo’s bulk sender requirements, mark a new era of compliance for businesses reliant on email communication. At the same time, the prevalence of sophisticated cyber threats, such as the SubdoMailing campaign, emphasizes the continual hurdles posed…

Read more

Navigating the “SubdoMailing” attack: How Red Sift proactively identified and remediated a…

Rebecca Warren

In the world of cybersecurity, a new threat has emerged. Known as “SubdoMailing,” this new attack cunningly bypasses some of the safeguards that DMARC sets up to protect email integrity.  In this blog we will focus on how the strategic investments we have made at Red Sift allowed us to discover and protect against…

Read more

Where are we now? One month of Google and Yahoo’s new requirements…

Rebecca Warren

As of March 1, 2024, we are one month into Google and Yahoo’s new requirements for bulk senders. Before these requirements went live, we used Red Sift’s BIMI Radar to understand global readiness, and the picture wasn’t pretty.  At the end of January 2024, one-third of global enterprises were bound to fail the new…

Read more