DMARC is for life, not just a project

At Red Sift we often get asked “what’s next?” after someone has thrown the p=reject switch. Yes, a lot of the really hard work has been done, but like with all things security-focused, constant care and attention are needed to stay one step ahead of phishers, spoofers, and hackers.

Maintain your existing email sending services

Your DMARC record isn’t a “set it and forget it” solution. Without regular maintenance, issues with SPF or DKIM can arise, potentially causing your legitimate emails to be rejected — often without you realizing it. Here’s why this can happen:

  • Email forwarding: Forwarded emails break SPF authentication.
  • Misalignment: Third-party services can inadvertently misconfigure or desynchronize DKIM keys.
  • Server overload: During peak traffic, some ISPs may temporarily disable DKIM checks due to processing constraints.

Without a tool like Red Sift OnDMARC, identifying and resolving these issues can be a challenge.

This is especially critical when working with third-party email services where you may have limited visibility and control. It’s not uncommon for these providers to stop signing emails with DKIM due to a minor configuration change. Without OnDMARC’s reporting capabilities, you may remain unaware of these changes, making it difficult to rectify issues before they impact your email deliverability.

Add new email services with confidence

DMARC’s continuous reporting not only ensures protection but also helps identify new sources of email traffic — both legitimate and illegitimate. Once a new service appears on your OnDMARC dashboard, you can either configure it correctly with SPF and DKIM or block it if necessary.

A common scenario is when teams like Marketing adopt new tools such as HubSpot or Mailchimp for customer email campaigns without informing IT or email teams. This results in “shadow IT” — unauthorized or unmanaged systems within an organization’s infrastructure.

When DMARC is set to p=reject, emails from these unauthorized services won’t reach recipients, leading to potential disruption. With OnDMARC, however, you can quickly detect these services and work with relevant teams to ensure proper configuration and seamless email delivery.

Futureproof your email architecture

As your organization grows, so does your email ecosystem. Over time, new domains and subdomains will be added — a phenomenon known as domain creep. This often results in more domains under DMARC management than initially anticipated.

Our experience with thousands of DMARC deployments shows that most organizations eventually adopt dedicated domains or subdomains for specific business units, often with tailored policies. Additionally, many purchase parked domains for brand protection, even if no emails are sent from them.

Effectively managing an expanding domain portfolio is essential, especially as your email landscape evolves. What works for your organization today may look very different tomorrow.

To find out more about how OnDMARC helps make DMARC implementation simpler and easier, start your 14 day free trial or get in touch with us below today!

PUBLISHED BY

Red Sift

16 Sep. 2020

SHARE ARTICLE:

Categories

Recent Posts

VIEW ALL
Cybersecurity

Collaborative cybersecurity: The building blocks to a safer internet

Rahul Powar

Ciaran Martin, former CEO of the UK National Cyber Security Centre, and Rahul Powar, CEO of Red Sift The internet’s foundational promise is one of connection, opportunity, and innovation. But as technological innovation grows, so do the risks. The challenge is clear: how do we create a fundamentally safer internet while empowering organisations of…

Read more
Cybersecurity

Securing crypto with Andrei Terentiev

Sean Costigan

In a new episode of Resilience Rising, host Sean Costigan speaks to Andrei Terentiev, Chief Technology Officer (CTO) of Bitcoin.com. The discussion dives into the relationship between cryptocurrency and cybersecurity, with valuable insights into the challenges and strategies for safeguarding digital assets. Navigating the intersection of cryptocurrency and cybersecurity Andrei shares his journey from…

Read more
DMARC

2.3 million organizations embrace DMARC compliance

Jack Lilley

It has been one year since Google and Yahoo implemented stricter requirements for bulk email senders. Eleven months ago, Red Sift shared an update based on data from BIMI Radar, which revealed a concerning global readiness picture. Now, with a full year behind us, it’s time to evaluate the progress organizations have made in…

Read more
BIMI

VMC and CMC updates: 5 key takeaways

Jack Lilley

Verified Mark Certificates (VMCs) and Common Mark Certificates (CMCs) continue to evolve, and staying up to date is crucial for organizations looking to authenticate their logos and enhance brand trust in email communication, this includes adhering to version 1.7 of the Minimum Security Requirements.  In this blog, we break down the 5 key changes…

Read more