Video: DMARC – Benefits
We’ve put together a short video on the benefits of deploying DMARC:
This video is part of a larger video series on all things DMARC.
The transcript follows:
This short video presents the benefits of deploying DMARC.
DMARC is not a product, rather it’s a freely available technical specification that adds new features to email. DMARC is now widely supported across the Internet, allowing anyone that owns an email domain to take advantage of DMARC’s features. When people talk about deploying DMARC, they’re talking about:
- using DMARC’s features to discover all of their legitimate sources of email,
- making sure each source is sending email that is compliant with DMARC’s method of making email easy to identify, and then
- telling the world they’ve done the work of making all of their email compliant with DMARC.
Two areas benefit from the deployment of DMARC, one technological and one related to process.
From a technology perspective, DMARC makes email easy to identify by providing a common method of linking a domain to a piece of email. People that send email are told exactly how to identify their email so that those who receive email can perform a simple, consistent check on every piece of email they process.
The benefits of making email easy to identify fall into 3 high level use cases:
- fraud protection,
- simplified delivery, and
- domain reputation.
DMARC’s original use case was to fight phishing. If you deploy DMARC and make all of your legitimate email easy to identify, you can tell the world to reject email that purports to come from your domain but fails the DMARC check. Doing so effectively creates a domain-based channel that disallows unauthorized access. This is a powerful anti-phishing control, and has been used to curb huge amounts of email-based fraud.
DMARC’s method of making email easy to identify has given rise to a second and arguably larger use case — that of simplifying email delivery. The problem that email senders face — especially senders that have built businesses on top of the requirement for reliable and timely delivery of the email — is that email has historically never been easy to identify in a reliable manner.
This has caused email receivers to invest huge amounts of time, money, and man-hours in developing technology that filters out bad or unwanted email. These filters are effective against large quantities of spam, less effective against small batches of spam, and not very effective against individual messages that are unwanted, like spear-phishing. To make matters worse, email receivers are heavily penalized if an anti-spam engine mistakenly deletes a piece of legitimate email.
Sending DMARC-compliant email allows receivers to radically simplify their filtering rules. Instead of forcing your email to navigate a maze of dynamically generated and constantly changing filtering rules, just make your email easy to identify and send email that people want. Instead of playing the game of trying to filter out bad stuff and forcing receivers to try to tell the difference between an expert criminal and a legitimate sender with sloppy practices, DMARC allows receivers to easily recognize and deliver wanted email.
This benefit is turning DMARC into a “must have” for anyone that requires reliable delivery of email. If you’re not sending DMARC compliant email, you’re competing with criminals in an increasingly difficult race to reach the inbox.
Closely related to this is the third use case that DMARC is enabling: that of email domain reputation.
Domain reputation is what happens when email receivers build delivery and filtering decisions based upon the domain that is linked to a piece of email as opposed to the IP-address of the server that is trying to deliver email or whether or not the content of email appears to be safe. In other words, DMARC brings stable, domain-level identifiers to email and is allowing email receivers to replace a lot of complexity with a much simpler model — deliver DMARC-compliant email that people want.
Domain reputation means that domains are now important in the world of email and should be managed as such.
Fraud protection, simplified delivery, and domain reputation are 3 big technological benefits of deploying DMARC. However, there are additional benefits that come from the process of deploying DMARC.
By treating the deployment of DMARC as a project, an organization can benefit from the deployment work in addition to the technological benefits just described. The project benefits include the creation of a domain management function and by using DMARC as a way to ensure email practices are adhered to across an organization — including across vendors and partners that might be sending email on behalf of the organization.
The benefit of creating and installing a domain management function extends beyond DMARC. This function is just the administrative process of tracking the registration and maintenance of domains. The domain management function ends up creating a domain portfolio that is used to track how domains are used, who is responsible for any given domain, and that all appropriate controls are installed across all domains. Controls can include DMARC, SSL certificates for websites, whether or not a domain is actively in use, and if registration is up to date. This function streamlines the deployment of DMARC and ends up benefiting the organization through operational efficiency and by bringing visibility to the organization’s domain portfolio.
The very last benefit that DMARC brings is new: visibility into how email domains are being used across an entire organization and its partners. It is now possible to measure compliance related to SPF, DKIM, and DMARC usage, if traffic is flowing across the correct domains, and if partners are correctly sending email on behalf of an organization. This new functionality raises email as a communication medium into something that can monitored as part of ongoing organizational governance.
Hopefully, the technological and process-related benefits of DMARC are now clear and compelling.
With a team of email security experts and a mission of making email and the internet more trustworthy through domain security, dmarcian is here to help assess an organization’s domain catalog and implement and manage DMARC for the long haul.
You can get in touch with us or register for a free trial where our onboarding and support team will help you along the way.
