How to streamline your DMARC decisions

If you think about all the big purchases you may have made in your life; your first car, first house, wedding dress, every single one is accompanied by meticulous research, emotional engagement, and most likely the agony of indecision over ‘is this the one?’

Yet, when it comes to making purchasing decisions as a corporate buyer, we’re probably not quite as diligent. Corporate purchases are often far more complicated and sorely lacking in some of the much-needed endorphins. Here’s how you can streamline your DMARC buying decisions, while making sure you’re making the best choice for your business needs.

DMARC, what’s the difference?

So when it comes to buying cybersecurity software this understandable lack of enthusiasm, and fear of complexity, can lead to buyers not going the extra mile when evaluating their security vendors, especially when they’re considering Domain-based Messaging Authentication, Reporting, and Conformance solutions (if only the industry had come up with a snappier title!).

After all, isn’t a DMARC solution from one company pretty much the same as a DMARC solution from any other? As long as they’ve got some good logos on their marketing material and the proposal comes in under budget then that’s enough, right?

Well, no. In fact, some of the biggest differentiators in this solution space are around the companies themselves, not just the products they sell, and in particular how seriously a vendor takes security.

What are the questions to ask a DMARC vendor?

To help prospects with choosing a DMARC solution that works for them we put together our DMARC Buyer’s Guide that includes exactly the sort of questions you should be asking your security vendors if you aren’t already:

  • What are their security accreditations? You only want to buy your security solutions from someone who takes it seriously. If your vendor is lax with their own approach to the fundamentals of cybersecurity your data could be put at risk . Make sure you check out if they have external certifications like ISO27001 or Cyber Essentials.
  • What do their existing customers think? If possible, try to speak to one of their current customers; this is the best way to find out what’s great (and not-so-great) about their product and services.
  • What does their roadmap look like? You might be buying the product for what it offers today, but what does tomorrow bring? Are there any other innovative and interesting features are on the horizon?
  • What features does their product currently offer? The easier this tool can make your DMARC implementation and ongoing maintentance, the better. Does it offer features like Dynamic SPF, or integrated BIMI implementation?
  • What are their support services like? Without in-house IT systems knowledge, DMARC may be viewed as tricky to implement for small organizations, or complex to deploy across large organizations. This means a supplier’s support services can be a key way to fast-track implementation and achieving p=reject. Support teams will also prove invaluable as you will need to maintain and refine your DMARC implementation over time.

With a few well-placed questions you’ll soon find out just how seriously the security ‘experts’ take security, and ultimately end up making a much better purchasing decision for your organization.

Why not download your free DMARC Buyer’s Guide today, and make your DMARC decisions that much better.



Clare Holmes

21 Nov. 2017



Recent Posts


The best tools to protect yourself from SubdoMailing

Francesca Rünger-Field

In late February 2024, ‘SubdoMailing’ became a trending search term overnight. Research by Guardio Labs uncovered a massive-scale phishing campaign that had been going on since at least 2022. At the time of reporting, the campaign had sent 5 million emails a day from more than 8,000 compromised domains and 13,000 subdomains with several…

Read more
Product Release

Red Sift’s Spring 2024 Quarterly Product Release

Francesca Rünger-Field

This early into 2024, the cybersecurity space is already buzzing with activity. Emerging standards, such as Google and Yahoo’s bulk sender requirements, mark a new era of compliance for businesses reliant on email communication. At the same time, the prevalence of sophisticated cyber threats, such as the SubdoMailing campaign, emphasizes the continual hurdles posed…

Read more

Navigating the “SubdoMailing” attack: How Red Sift proactively identified and remediated a…

Rebecca Warren

In the world of cybersecurity, a new threat has emerged. Known as “SubdoMailing,” this new attack cunningly bypasses some of the safeguards that DMARC sets up to protect email integrity.  In this blog we will focus on how the strategic investments we have made at Red Sift allowed us to discover and protect against…

Read more

Where are we now? One month of Google and Yahoo’s new requirements…

Rebecca Warren

As of March 1, 2024, we are one month into Google and Yahoo’s new requirements for bulk senders. Before these requirements went live, we used Red Sift’s BIMI Radar to understand global readiness, and the picture wasn’t pretty.  At the end of January 2024, one-third of global enterprises were bound to fail the new…

Read more