How to streamline your DMARC decisions

If you think about all the big purchases you may have made in your life; your first car, first house, wedding dress, every single one is accompanied by meticulous research, emotional engagement, and most likely the agony of indecision over ‘is this the one?’

Yet, when it comes to making purchasing decisions as a corporate buyer, we’re probably not quite as diligent. Corporate purchases are often far more complicated and sorely lacking in some of the much-needed endorphins. Here’s how you can streamline your DMARC buying decisions, while making sure you’re making the best choice for your business needs.

DMARC, what’s the difference?

So when it comes to buying cybersecurity software this understandable lack of enthusiasm, and fear of complexity, can lead to buyers not going the extra mile when evaluating their security vendors, especially when they’re considering Domain-based Messaging Authentication, Reporting, and Conformance solutions (if only the industry had come up with a snappier title!).

After all, isn’t a DMARC solution from one company pretty much the same as a DMARC solution from any other? As long as they’ve got some good logos on their marketing material and the proposal comes in under budget then that’s enough, right?

Well, no. In fact, some of the biggest differentiators in this solution space are around the companies themselves, not just the products they sell, and in particular how seriously a vendor takes security.

What are the questions to ask a DMARC vendor?

To help prospects with choosing a DMARC solution that works for them we put together our DMARC Buyer’s Guide that includes exactly the sort of questions you should be asking your security vendors if you aren’t already:

  • What are their security accreditations? You only want to buy your security solutions from someone who takes it seriously. If your vendor is lax with their own approach to the fundamentals of cybersecurity your data could be put at risk . Make sure you check out if they have external certifications like ISO27001 or Cyber Essentials.
  • What do their existing customers think? If possible, try to speak to one of their current customers; this is the best way to find out what’s great (and not-so-great) about their product and services.
  • What does their roadmap look like? You might be buying the product for what it offers today, but what does tomorrow bring? Are there any other innovative and interesting features are on the horizon?
  • What features does their product currently offer? The easier this tool can make your DMARC implementation and ongoing maintentance, the better. Does it offer features like Dynamic SPF, or integrated BIMI implementation?
  • What are their support services like? Without in-house IT systems knowledge, DMARC may be viewed as tricky to implement for small organizations, or complex to deploy across large organizations. This means a supplier’s support services can be a key way to fast-track implementation and achieving p=reject. Support teams will also prove invaluable as you will need to maintain and refine your DMARC implementation over time.

With a few well-placed questions you’ll soon find out just how seriously the security ‘experts’ take security, and ultimately end up making a much better purchasing decision for your organization.

Why not download your free DMARC Buyer’s Guide today, and make your DMARC decisions that much better.



Clare Holmes

21 Nov. 2017



Recent Posts


Introducing DNS Guardian: Stop impersonation and spam caused by domain takeovers 

Rahul Powar

tl;dr: We’re thrilled to announce DNS Guardian — a new feature in Red Sift OnDMARC that can swiftly identify and stop domain takeovers that lead to malicious mail. Back in February, we shared updates with the community about SubdoMailing – an attack discovered by Guardio Labs. The attack was a form of subdomain takeover,…

Read more

Navigating the Information Security Landscape: ISO 27001 vs. SOC 2

Red Sift

As cyber threats evolve, so do the standards and frameworks designed to combat them. Two of the most recognized standards in information security are ISO 27001 and SOC 2. What sets them apart, and which one is right for your organization? Let’s delve into the key differences. Purpose and Scope: Global Framework vs. Client-Centric…

Read more

G2 Summer 2024 Report: Red Sift OnDMARC’s Winning Streak Continues

Francesca Rünger-Field

We’re delighted to announce that Red Sift OnDMARC has again been named a Leader in G2’s DMARC category for Summer 2024. This recognition is based on our high Customer Satisfaction scores and strong market presence. Red Sift appeared in 11 reports – 5 new ones since Spring 2024! – earning 5 badges: A few…

Read more

Google will no longer trust Entrust certificates from October 2024

Red Sift

Tl;dr: Google has announced that as of October 31, 2024, Chrome will no longer trust certificates signed by Entrust root certificates. While there is no immediate impact on existing certificates or those issued before 31st October 2024, organizations should start reviewing their estate now. On Thursday 27th June 2024, Google announced that it had…

Read more

Understanding the domain attack

Francesca Rünger-Field

tl;dr: The recent compromise of the domain has triggered a broad-reaching web supply chain attack, impacting over 100,000 websites across various sectors including finance, healthcare, non-profits, academia, and more. To ensure the security of your website, we strongly advise you immediately remove any reference to Latest update: 27th June 2024 Sansec, a…

Read more