• Skip to primary navigation
  • Skip to content
  • Skip to primary sidebar

Red Sift Blog

Red Sift Blog
  • redsift.com
  • Featured
  • Who are we?
  • Get in touch
You are here: Home / Email / DMARC / DMARC is for life, not just a project

DMARC is for life, not just a project

by Red Sift
September 16, 2020August 30, 2022Filed under:
  • Deliverability
  • DMARC

At Red Sift we often get asked “what next?” after someone has thrown the p=reject switch. Yes, a lot of the really hard work has been done, but like with all things security-focused, constant care and attention are needed to stay one step ahead of phishers, spoofers, and hackers.

Maintain existing email sending services

For your DMARC record to carry on protecting your organization it needs regular care and attention, take your eye off the ball and SPF or DKIM might break at some point and you’ll have your emails rejected without knowing it has even happened. There are a few reasons why this might happen:

  1. Email Forwarding
    When someone forwards an email, SPF is broken.
  1. Misalignment
    If you’re using a third-party sending service then DKIM keys can get out of sync.
  1. Server Overload
    Sometimes an ISP, during high email peaks, may turn off DKIM checking as it requires high processing resources.

Without OnDMARC you’ll struggle to pinpoint when this happens or be able to fix the underlying root cause.

Knowing what’s going on across your email landscape is particularly valuable when you’re using third-party sending services and may not otherwise have direct control over the exact configuration. Indeed, it’s not uncommon for third-parties sending emails on behalf of their customers to suddenly stop DKIM signing emails, all because a small change has been made. Without the reporting functionality of OnDMARC you won’t know if and when this happens so you won’t be able to reach out to them for answers or have this corrected.

Add new email services

The ongoing reporting capability of DMARC has the added benefit of highlighting new legitimate (and illegitimate) sources of email. Once you’ve seen them pop up on the OnDMARC radar you can go ahead and either properly configure them with SPF and DKIM, or block them altogether.

  1. A common scenario is a department, such as Marketing, deciding to use a new application like Hubspot or Mailchimp, to manage email campaigns to customers.
  1. Unfortunately, IT and email teams aren’t always involved in these decisions, and so the new email sending application becomes part of an organizations’ “shadow IT”.
  1. The problem with sending emails “from the shadows” is that with your DMARC record in p=reject none of these emails will reach their intended recipients.  

Of course, the moment you know about the new application you can help correctly configure it to maximize deliverability rates. 

Building a futureproof email architecture 

It’s inevitable that over time new domains and subdomains will be added, this is commonly known as domain creep, and eventually, most organizations end up with far more domains under DMARC control than they first imagined when they started their journey.

Our experience of thousands of DMARC deployments has taught us that most organizations will want to make use of dedicated domains or subdomains for individual business groups, perhaps even with different policies for these domains. There will also be parked domains, purchased to protect domains you own but do not send email from.

Being able to simply, and correctly, manage an ever-growing number of domains is vital because what your email landscape looks like today, isn’t an indication of what it will look like tomorrow.

To find out more about how OnDMARC helps make DMARC implementation simpler and easier, start your 14 day free trial or get in touch with us below today!

Get in touch

Share this:

  • Click to share on Twitter (Opens in new window)
  • Click to share on LinkedIn (Opens in new window)

Related

Tagged:
  • DKIM
  • DMARC
  • Email Marketing
  • SPF

Post navigation

Previous Post OnDMARC wins at Cyber Security Awards 2020
Next Post What is an email bounce and how does it affect deliverability?

Primary Sidebar

Subscribe to our blog and be the first to get updates!

Categories

  • AI
  • BEC
  • BIMI
  • Brand Protection
  • Coronavirus
  • Cybersecurity
  • Deliverability
  • DMARC
  • DORA
  • Email
  • Finance
  • Labs
  • News
  • OnINBOX
  • Partner Program
  • Red Sift Tools
  • Work at Red Sift
  • February 2023
  • January 2023
  • December 2022
  • November 2022
  • October 2022
  • September 2022
  • August 2022
  • July 2022
  • June 2022
  • May 2022
  • April 2022
  • March 2022
  • February 2022
  • January 2022
  • December 2021
  • November 2021
  • October 2021
  • September 2021
  • August 2021
  • July 2021
  • June 2021
  • May 2021
  • April 2021
  • March 2021
  • February 2021
  • January 2021
  • December 2020
  • November 2020
  • October 2020
  • September 2020
  • July 2020
  • June 2020
  • May 2020
  • April 2020
  • March 2020
  • February 2020
  • January 2020
  • December 2019
  • November 2019
  • October 2019
  • September 2019
  • August 2019
  • July 2019
  • June 2019
  • May 2019
  • April 2019
  • March 2019
  • February 2019
  • January 2019
  • December 2018
  • November 2018
  • October 2018
  • September 2018
  • August 2018
  • July 2018
  • June 2018
  • May 2018
  • April 2018
  • March 2018
  • February 2018
  • January 2018
  • December 2017
  • November 2017
  • October 2017
  • September 2017
  • July 2017
  • June 2017
  • May 2017
  • April 2017
  • March 2017
  • October 2016

Copyright © 2023 · Milan Pro on Genesis Framework · WordPress · Log in