ondmarc-gartner-market-guide-for-email-security

Red Sift’s OnDMARC is a Representative Vendor for its DMARC Solution in Gartner’s 2020 Market Guide for Email Security

As the adoption of cloud office systems from Microsoft and Google continues to grow, forcing security and risk management leaders to re-evaluate their email security against a modern threat landscape, Gartner has released their Market Guide for Email Security and Red Sift is included as a representative vendor for DMARC and Brand Protection for its OnDMARC solution.

What does this mean?

According to the report, a differentiating capability is “Domain-based Message Authentication, Reporting and Conformance (DMARC) on inbound email. When enforced, it protects internal users from receiving spoofed external messages from domains that have implemented DMARC in rejection mode. This also checks the alignment of the domains used in message header FROM and SMTP envelope MAIL FROM email addresses.”

Why does it matter right now?

Gartner’s Market Guide for Email Security clearly outlines a number of factors related to the market’s direction that IT, security, and risk management leaders should consider in the face of remote working and more socially engineered and targeted attacks on organizations.

“Business email compromise (BEC), the takeover or fraudulent use of a legitimate account to divert funds, continues to grow, and simple payroll diversion scams accounted for $8 million in 2019.”

GARTNER 2020 MARKET GUIDE FOR EMAIL SECURITY

How can DMARC protect against BEC?

With DMARC correctly implemented for your domain(s), you can stop spoofing attacks and shut down email impersonation. 

Gartner mentions, there are two key elements to DMARC.

The first key element is to check DMARC for inbound messages and to honor the response, especially if it is ‘reject’ or ‘quarantine’. This should be implemented as a SEG or MTA as a simple way of preventing spoofed emails from organizations that have implemented DMARC.

The second element is for organizations to implement DMARC for their own email domains. This can be a complex process, and less than 30% manage to get to the point of ‘reject’ or ‘quarantine.’

DMARC implementation essentials 

It might seem quick and easy at first to cover the basics of DMARC for a very basic price, but it may slow you down later if your provider doesn’t go beyond reporting, provide advanced automation, thoughtful design, or innovative tools to help fast track you confidently through your DMARC journey.

Gartner states, “DMARC vendors provide automated tools to overcome the limitations in SPF records as well as being able to identify which services may be sending emails from your domain, streamlining and monitoring the journey to DMARC enforcement. A number of SEG vendors are also offering this capability, often by licensing from a specialist vendor.”

Why OnDMARC by Red Sift?

Our award-winning cloud-based application enables organizations to utilize fast automated business email protection by quickly configuring SPF, DKIM and DMARC for all legitimate email sources in weeks, not months. This is thanks to intelligent automation from internet-scaling databases to surface known and bad senders.

67% of users got to full protection (p=reject) without consulting our support team thanks to the power and sophistication of OnDMARC.

If you’d like to see our clear actionable next steps for yourself you can start reporting for free today simply by signing up and adding a domain here.

Psst… Are you BIMI ready?

At Red Sift, we’re helping our customers prepare for BIMI (Brand Indicators for Message Identification) because DMARC is an essential prerequisite.

According to Gartner’s guide “Brand Indicators for Message Identification (BIMI) builds on DMARC to allow organizations to provide a visual indication that the message comes from a specific brand.” Google supports the standard in G Suite / Gmail and so we’re already working closely on product interaction and partnerships with leading VMC providers to ensure their customers have a head-start on implementing BIMI.

Gartner, Market Guide for Email Security, September 2020
Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.

PUBLISHED BY

Red Sift

24 Nov. 2020

SHARE ARTICLE:

Categories

Recent Posts

VIEW ALL
AI

Red Sift’s AI Agent, Part III: Performance in Action

Phong Nguyen

This is the third article in our AI Agent series. In Part 1, we introduced Red Sift’s AI Agent for lookalike classification – an intelligent solution for handling the ambiguous cases that rule-based automation can’t confidently resolve, offering analyst-grade triage autonomously. In Part 2, we took readers behind the scenes to explore the engineering…

Read more
Finance

41% of top Fintech companies are vulnerable to email phishing

Jack Lilley

Only 26% of leading Fintechs enforce DMARC at p=reject, the strongest protection against spoofing by bad actors. Phishing remains a top driver of breaches and fraud. Financial services are a prime target because email moves money, resets passwords, and confirms identity. Verizon’s 2025 Data Breach Investigations Report again lists social engineering and phishing among…

Read more
Certificates

New in Certificates Lite: Active certificate scanning and smarter expiry alerts

Francesca Rünger-Field

A quick recap Earlier this year, we launched Red Sift Certificates Lite, the free TLS certificate expiration monitoring service recommended by Let’s Encrypt. Since launch, thousands of organizations have adopted it to track their certificates and avoid expiry-related outages. What we heard from customers At launch, we had adopted Let’s Encrypt’s approach for consistency…

Read more
AI

Red Sift’s AI Agent, Part II: Optimization for accuracy and scale

Phong Nguyen

In our previous blog post, we introduced Red Sift’s AI Agent for lookalike classification – an intelligent system that determines whether a suspicious domain has been deliberately crafted to mimic a legitimate one or if the resemblance is merely coincidental. That post focused on the what and why of the solution: why rule-based automation…

Read more