Red Sift’s OnDMARC is a Representative Vendor for its DMARC Solution in Gartner’s 2020 Market Guide for Email Security

As the adoption of cloud office systems from Microsoft and Google continues to grow, forcing security and risk management leaders to re-evaluate their email security against a modern threat landscape, Gartner has released their Market Guide for Email Security and Red Sift is included as a representative vendor for DMARC and Brand Protection for its OnDMARC solution.

What does this mean?

According to the report, a differentiating capability is “Domain-based Message Authentication, Reporting and Conformance (DMARC) on inbound email. When enforced, it protects internal users from receiving spoofed external messages from domains that have implemented DMARC in rejection mode. This also checks the alignment of the domains used in message header FROM and SMTP envelope MAIL FROM email addresses.”

Why does it matter right now?

Gartner’s Market Guide for Email Security clearly outlines a number of factors related to the market’s direction that IT, security, and risk management leaders should consider in the face of remote working and more socially engineered and targeted attacks on organizations.

“Business email compromise (BEC), the takeover or fraudulent use of a legitimate account to divert funds, continues to grow, and simple payroll diversion scams accounted for $8 million in 2019.”


How can DMARC protect against BEC?

With DMARC correctly implemented for your domain(s), you can stop spoofing attacks and shut down email impersonation. 

Gartner mentions, there are two key elements to DMARC.

The first key element is to check DMARC for inbound messages and to honor the response, especially if it is ‘reject’ or ‘quarantine’. This should be implemented as a SEG or MTA as a simple way of preventing spoofed emails from organizations that have implemented DMARC.

The second element is for organizations to implement DMARC for their own email domains. This can be a complex process, and less than 30% manage to get to the point of ‘reject’ or ‘quarantine.’

DMARC implementation essentials 

It might seem quick and easy at first to cover the basics of DMARC for a very basic price, but it may slow you down later if your provider doesn’t go beyond reporting, provide advanced automation, thoughtful design, or innovative tools to help fast track you confidently through your DMARC journey.

Gartner states, “DMARC vendors provide automated tools to overcome the limitations in SPF records as well as being able to identify which services may be sending emails from your domain, streamlining and monitoring the journey to DMARC enforcement. A number of SEG vendors are also offering this capability, often by licensing from a specialist vendor.”

Why OnDMARC by Red Sift?

Our award-winning cloud-based application enables organizations to utilize fast automated business email protection by quickly configuring SPF, DKIM and DMARC for all legitimate email sources in weeks, not months. This is thanks to intelligent automation from internet-scaling databases to surface known and bad senders.

67% of users got to full protection (p=reject) without consulting our support team thanks to the power and sophistication of OnDMARC.

If you’d like to see our clear actionable next steps for yourself you can start reporting for free today simply by signing up and adding a domain here.

Psst… Are you BIMI ready?

At Red Sift, we’re helping our customers prepare for BIMI (Brand Indicators for Message Identification) because DMARC is an essential prerequisite.

According to Gartner’s guide “Brand Indicators for Message Identification (BIMI) builds on DMARC to allow organizations to provide a visual indication that the message comes from a specific brand.” Google supports the standard in G Suite / Gmail and so we’re already working closely on product interaction and partnerships with leading VMC providers to ensure their customers have a head-start on implementing BIMI.

Gartner, Market Guide for Email Security, September 2020
Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.


Red Sift

24 Nov. 2020



Recent Posts


Introducing DNS Guardian: Stop impersonation and spam caused by domain takeovers 

Rahul Powar

tl;dr: We’re thrilled to announce DNS Guardian — a new feature in Red Sift OnDMARC that can swiftly identify and stop domain takeovers that lead to malicious mail. Back in February, we shared updates with the community about SubdoMailing – an attack discovered by Guardio Labs. The attack was a form of subdomain takeover,…

Read more

Navigating the Information Security Landscape: ISO 27001 vs. SOC 2

Red Sift

As cyber threats evolve, so do the standards and frameworks designed to combat them. Two of the most recognized standards in information security are ISO 27001 and SOC 2. What sets them apart, and which one is right for your organization? Let’s delve into the key differences. Purpose and Scope: Global Framework vs. Client-Centric…

Read more

G2 Summer 2024 Report: Red Sift OnDMARC’s Winning Streak Continues

Francesca Rünger-Field

We’re delighted to announce that Red Sift OnDMARC has again been named a Leader in G2’s DMARC category for Summer 2024. This recognition is based on our high Customer Satisfaction scores and strong market presence. Red Sift appeared in 11 reports – 5 new ones since Spring 2024! – earning 5 badges: A few…

Read more

Google will no longer trust Entrust certificates from October 2024

Red Sift

Tl;dr: Google has announced that as of October 31, 2024, Chrome will no longer trust certificates signed by Entrust root certificates. While there is no immediate impact on existing certificates or those issued before 31st October 2024, organizations should start reviewing their estate now. On Thursday 27th June 2024, Google announced that it had…

Read more

Understanding the polyfill.io domain attack

Francesca Rünger-Field

tl;dr: The recent compromise of the polyfill.io domain has triggered a broad-reaching web supply chain attack, impacting over 100,000 websites across various sectors including finance, healthcare, non-profits, academia, and more. To ensure the security of your website, we strongly advise you immediately remove any reference to polyfill.io. Latest update: 27th June 2024 Sansec, a…

Read more