As the adoption of cloud office systems from Microsoft and Google continues to grow, forcing security and risk management leaders to re-evaluate their email security against a modern threat landscape, Gartner has released their Market Guide for Email Security and Red Sift is included as a representative vendor for DMARC and Brand Protection for its OnDMARC solution.

What does this mean?

According to the report, a differentiating capability is “Domain-based Message Authentication, Reporting and Conformance (DMARC) on inbound email. When enforced, it protects internal users from receiving spoofed external messages from domains that have implemented DMARC in rejection mode. This also checks the alignment of the domains used in message header FROM and SMTP envelope MAIL FROM email addresses."

Why does it matter right now?

Gartner’s Market Guide for Email Security clearly outlines a number of factors related to the market’s direction that IT, security, and risk management leaders should consider in the face of remote working and more socially engineered and targeted attacks on organizations.

“Business email compromise (BEC), the takeover or fraudulent use of a legitimate account to divert funds, continues to grow, and simple payroll diversion scams accounted for $8 million in 2019.”


How can DMARC protect against BEC?

With DMARC correctly implemented for your domain(s), you can stop spoofing attacks and shut down email impersonation. 

Gartner mentions, there are two key elements to DMARC.

The first key element is to check DMARC for inbound messages and to honor the response, especially if it is ‘reject’ or ‘quarantine'. This should be implemented as a SEG or MTA as a simple way of preventing spoofed emails from organizations that have implemented DMARC.

The second element is for organizations to implement DMARC for their own email domains. This can be a complex process, and less than 30% manage to get to the point of ‘reject’ or ‘quarantine.’

DMARC implementation essentials 

It might seem quick and easy at first to cover the basics of DMARC for a very basic price, but it may slow you down later if your provider doesn't go beyond reporting, provide advanced automation, thoughtful design, or innovative tools to help fast track you confidently through your DMARC journey.

Gartner states, “DMARC vendors provide automated tools to overcome the limitations in SPF records as well as being able to identify which services may be sending emails from your domain, streamlining and monitoring the journey to DMARC enforcement. A number of SEG vendors are also offering this capability, often by licensing from a specialist vendor."

Why OnDMARC by Red Sift?

Our award-winning cloud-based application enables organizations to utilize fast automated business email protection by quickly configuring SPF, DKIM and DMARC for all legitimate email sources in weeks, not months. This is thanks to intelligent automation from internet-scaling databases to surface known and bad senders.

67% of users got to full protection (p=reject) without consulting our support team thanks to the power and sophistication of OnDMARC.

If you’d like to see our clear actionable next steps for yourself you can start reporting for free today simply by signing up and adding a domain here.

Psst… Are you BIMI ready?

At Red Sift, we’re helping our customers prepare for BIMI (Brand Indicators for Message Identification) because DMARC is an essential prerequisite.

According to Gartner’s guide “Brand Indicators for Message Identification (BIMI) builds on DMARC to allow organizations to provide a visual indication that the message comes from a specific brand.” Google supports the standard in G Suite / Gmail and so we’re already working closely on product interaction and partnerships with leading VMC providers to ensure their customers have a head-start on implementing BIMI.

Gartner, Market Guide for Email Security, September 2020
Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.