We've put together a short video on DMARC's ROI:
This video is part of a larger video series on all things DMARC.
The transcript follows:
Deploying DMARC can yield some very nice benefits across different facets of an organization. This short video goes through some things to consider when figuring out the Return On Investment of DMARC.
Many organizations look at DMARC for the first time from a specific perspective that might not take into consideration DMARC's total value.
- People in security might see benefits in DMARC as a anti-phishing technology.
- People in marketing might see benefits in DMARC as a way to make email easy to deliver and therefore to customers.
- People in management might see benefits in DMARC as a compliance tool to ensure an organization's standards are adhered to.
In truth, everyone everywhere uses email all the time, and so DMARC's value can be different depending on an individual's perspective. When putting together an ROI package around DMARC, consider bundling together DMARC's benefits into a complete package.
Also, when deploying DMARC, it's best to roll out DMARC across all of an organization's domains instead of focusing on individual domains. We'll call deploying across all of an organization's domains as "Full deployment" and refer to one-off deployments as "ad hoc". By the time this video is over, hopefully the reasons for Full deployment vs Ad-hoc will be clear.
From a purely anti-fraud perspective, DMARC's ROI is tied to the intensity of abuse that a domain is suffering. If there is no abuse against a domain, then justifying the cost of deploying DMARC becomes difficult. If a domain is under severe attack, then an organization might be able to justify a project to bring a domain into compliance with DMARC. In this context, the complexity of an organization's email infrastructure is a major factor in the cost of deployment. Large organizations that find themselves under attack might be able to justify the cost of DMARC deployment if their infrastructure is relatively simple.
However, as the complexity of infrastructure grows, so does the complexity of deploying DMARC, leaving some very large and complex companies in a position where DMARC is out of reach. If one adds in the fact that DMARC only protects against exact-domain abuse of domains found in the From:-header of email and that criminals can register look-a-like domains to perpetuate fraud, the ROI calculation can be very difficult to meet by the same organizations that need it most.
Instead of treating DMARC like a stand-alone anti-fraud technology, treat the security aspect of DMARC like one strong reason to deploy among many.
A major benefit in deploying DMARC comes in the form of simplified email delivery. From the perspective of a marketer that relies on email to reach customers, the ROI can be loosely tied to so-called "email deliverability" issues. Email deliverability is a big umbrella term that people use to describe whether or not a piece of email has a chance of being delivered to an inbox. If you send a lot of email from disparate pieces of infrastructure and your sending practices are all over the place, you might be familiar with consultants that specialize in "email deliverability".
The consistency that DMARC brings to the plumbing of email means that the significant chunk of budget that may be dedicated to getting email delivered can be freed up with DMARC in place.
Additionally, pretty much every major consumer-facing mailbox provider (like the Gmails, Yahoos, and Microsofts of the world) asks to be sent DMARC compliant email to make their own jobs of filtering email that much easier. In light of this, if you're a business that relies on consistent delivery of email, the ROI for deploying DMARC should be easy -- deploy or put your business at risk!
Going back to the Full-deployment vs ad-hoc approaches, when an organization goes through the Full-deployment process, it ends up creating a domain management function that yields real operational efficiencies and benefits that go beyond DMARC and persist after the deployment project has completed.
Lastly, when DMARC is deployed at an organization across the entire domain portfolio, the process of deployment becomes a lot easier and the benefits increase to the point where organization managers get new tools to make sure email is being sent in compliance with the organization's standards. There is an element of risk management and reducing exposure to liability when an organization takes steps to ensure its email is under control. This perspective is largely in the realm of governance and compliance, but can often in itself justify a DMARC deployment project.
Taken together, the ROI for deploying DMARC adds up if all benefits are considered, if the right approach is used to manage the deployment project, and if the investment is treated like a one time upgrade cost.
To get started with DMARC, visit dmarcian.com.
News, resources, additional reading can be found at space.dmarcian.com
Questions? contact firstname.lastname@example.org
Social? dmarcian is on Linked-in, G+, twitter, and maybe more.
Thank you for watching!