Skip to content


DMARC Demystified: Securing Your Email Domain

By: Dataprise


Table of content

When 91% of companies were aware of attempts to misuse their email domains, it’s no wonder 88% of companies plan to use domain-based authentication for their emails within the following year. 

Domain-based Message Authentication, Reporting, and Conformance (DMARC) is an email authentication protocol that has proven itself time and again to prevent fraud from occurring before it starts. 

Recently, Dataprise conducted a webinar about how it prevents email attacks, how to implement it in an organization, and what you can expect during the implementation process. The experts also addressed compliance requirements for companies to be aware of before making the final decision and how DMARC is used alongside brand exploit protection services. We’ll look at the main points of the webinar and why you may need an additional layer of protection to optimize the protocol. 

What Is DMARC? 

DMARC is a way to verify the source of every email and authenticate its contents. This validation system protects email domains from cyber crimes, including spoofs and phishing. DMARC creates a link between two authentication techniques, SPF and DKIM, allowing companies to authenticate a source before the email is delivered. 

The system features an alliance milestone that you can use to gauge your progress. Once the milestone reaches nearly 100%, companies can enforce the policy across major email providers (e.g., Google, Hotmail, etc). So, if someone sends an unauthorized email to the company, the system will reject it. 

The protocol is highly effective as long as DMARC is configured and monitored correctly. Given the number of cyberattacks that start with a fake email, it’s no wonder mandatory domain authentication is on the rise in organizations. 

DMARC provides complete visibility and governance across all email channels, protecting the brand you’ve worked so hard to build. Without DMARC, not only can anyone use your domain for criminal gain, but the lack of protection can also endanger third-party partners and customers. Email attacks have become 

How DMARC Works 

DMARC is the result of an open collaboration to improve email security. Companies like Google, Microsoft, and Yahoo (as well as other key stakeholders) put their weight behind the development to improve the user experience and reduce liability. 

DMARC uses Sender Policy Framework (SPF) to verify the sender has a valid return path. SPF is a solid frontline, but it is not infallible. For instance, SPF may fail to work if the email is forwarded from another provider. This inconsistency is why DMARC combines SPF with DKIM. DKIM uses cryptographic signatures to cross-reference each email. Only when the information matches will the email be allowed to go through. 

Can DMARC Be Used as a Stand-Alone Service? 

DMARC is a standard benefit from email providers like Google, which is why some might dismiss the need to do anything else with it. If it’s already set up, a company may assume that the work is already done. 

The catch is that DMARC’s authentication process will generate endless data (in the form of RUA reports), and no company has the time or staff to run through all of these aggregate .xml files. In addition, you’ll receive RUF reports that contain even more data, spelling out even additional details about the email for forensic analysis. 

These reports give a lot of helpful information that you can use to both reduce fraudulent emails and improve the delivery of legitimate emails that might not technically meet all of the email server’s checkpoints. However, most people won’t be able to parse through these reports. (It might be possible for one technically inclined small business owner to process low-level email traffic, but the average company will never have a big enough workforce to throw at the problem.) This is why it can help to have an additional tool to go through it all. 

Automated Analysis 

Mimecast DMARC Analyzer is a SaaS tool that compiles all DMARC data into a simple, easy-to-read dashboard. It provides complete visibility into the top threats of an organization, which can help companies avoid rejecting legitimate emails. By parsing through RUA and RUF reports, staff can clearly see how traffic affects the organization. 

When companies implement this tool, they find that the number of illegitimate emails drastically plummets. The alternative is either setting harsh DMARC configurations, in which case a company ends up dropping plenty of legitimate emails or attempting to go through all of the data delivered through standard DMARC settings. This simply isn’t feasible for most businesses. Even small companies can generate endless emails, so it’s crucial to have accurate analysis to protect the domain. 

How Is DMARC Implemented? 

There are three DMARC levels available: None, Quarantine, and Reject:

  • None: DMARC will generate reports and analyses on emails, but will not reject mail. 
  • Quarantine: Emails will generally be sent to a spam or junk folder if they do not fit the configuration standards. 
  • Reject: The reject level outright rejects emails that don’t meet all of DMARC’s standards. 

The impulse of many companies is to head straight to the Reject level, drastically reducing or even eliminating domain fraud. However, the reality is that the Reject level can inadvertently cause companies to miss important emails or dismantle functionality from other departments. For instance, if the IT department is unaware of all of a marketing department’s tools, they can easily cause a hiccup to their email campaigns. To address these concerns, tools like Mimecast DMARC Analyzer offer support to organizations so they can configure the security tool in a way that makes sense for everyone. 

Simplifying Deployment  

DMARC deployment is roughly four different phases: 

  • Onboarding (2 – 4 weeks): This stage is where companies can start setting up users, domains, and DMARC records. 
  • Governance (2 weeks): In the governance stage, companies will examine the trends to identify ongoing authentication issues. 
  • Policy Analysis (3 – 9 months): Companies can begin to enforce DMARC policies. During this phase, the team can monitor compliance and assess systems for risk tolerance. 
  • Policy Enforcement (3 months): Companies can adjust the policy by domain, monitor blocked messages, and mitigate false positives. 
  • Active Monitoring (Ongoing): Companies will need to review management every week to catch anomalies or problems, but this phase should require less effort to keep it all under control. 

PCI 4.0 will debut in March 2024, and the new regulations will include more companies under its compliance umbrella. Soon, practically any company that accepts online payments will need to have DMARC. While the regulations won’t be enforced until March 2025, it will be mandatory to have the protocol so companies can reject malicious emails and control for fraud.

For companies that want to stay ahead of the curve (and avoid damaging their brand’s reputation), the DMARC Analyzer takes DMARC a step further, ensuring that the SPF and DKIM are customized to the company’s needs. Without this tool, the receiving servers may be unable to perform the next task (e.g., reject the email, etc.) if the company has not authenticated the email.

Put another way, the Analyzer is an additional step that can both prevent malicious emails from being delivered and deliver legitimate messages to the right recipient. It’s worth reiterating that there are a number of available tools today that people use to fake an email domain name. Without DMARC in place, the odds of those emails being pushed through are high. With DMARC alone in place, the odds of bouncing emails are also high.

Only when you have all of the data from the RUA and RUF reports can you start putting the pieces of the puzzle together. The Analyzer tool from Mimecast makes the weekly reports far more manageable, allowing companies to set up a long-term solution that can be adjusted as you update everything from your tech stack to your security parameters.

Phishing and Brand Exploitation 

Phishing attacks are on the rise, largely because they work and they’re simple to orchestrate. For a mere $50, a criminal can purchase a phishing kit and then get started without any technical expertise. A phishing attack will start with scraping the contents of a web page, which can include the brand’s login page, payment field, etc. Once the hacker has the data to make the attack look legitimate, the phisher will target your user supply chain or customers. 

Part of the reason why brand exploits are so successful (and so difficult to resolve) is due to the nature of domain names. When a hacker purchases a similar domain to a company, this is considered legal. For a Domain Name Server (DNS) to take down a similar domain name, the organization needs irrefutable proof that the hacker is attempting to commit fraud. Threat-actors know that the DNS team doesn’t care about fraud (so long as they continue to be paid), and they take full advantage of this fact. If a hacker spends months planning an attack without the company knowing it, then they can launch a well-calibrated campaign that can do remarkable damage in a limited time. 

Consider the following statistics: 

  • 40% of customers will click on a link from a trusted brand without hesitation. 
  • 80% of customers received a phishing email from their favorite brand in 2020. 55% clicked on a link that took them to a spoof website. 
  • Legacy tools cannot defend against modern, automated attacks. 
  • 2FA can be bypassed by using a man-in-the-middle attack. 
  • A Security Operations Center spends an average of 330 hours to resolve an attack. 

What Is Brand Exploit Protection (BEP)?

Brand Exploit Protection is a service from Mimecast designed to work alongside DMARC. Its goal is to eliminate live attacks, protect customers from fraud, and safeguard brands from impersonation. Companies can spend years building up trust with their target demographics only to have it destroyed by one successful phishing campaign. 

With BEP, you can secure your online reputation and respond to attacks before they hurt your customers. With the help of machine learning, AI, and human expertise, BEP provides multi-layered services to companies that want to stretch their protection beyond their email marketing. For instance, Advanced Similarity Checks will identify domain names that look similar to yours.

Again, this is not enough to prompt a take-down of a website, but it’s an indicator that the brand is potentially being targeted for fraud. If an attacker wants to scrape the site, BEP uses a nondescript JavaScript code and embeds it into the website. This mechanism will lie dormant until someone tries to scrape the website, and then it will notify Mimecast, so the team can then monitor the threat. Without Mimecast, a company’s legal team may have to spend weeks gathering evidence. They can easily get the runaround from DNS companies, because they don’t want to lose the revenue at all costs. 

Once Mimecast knows of illegal activity, which they typically can identify immediately after the launch of the attack, BEP takes steps to mitigate the risk. For instance, BEP sets up thousands of bait email accounts. Should a threat-actor send an email to one of these accounts, the system will flood the attacker with millions of email responses, making it impossible for the attacker to go through their inbox.

Mimecast is a proactive, managed service that comes with full support of the Dataprise team. Companies get faster response time, 24/7 security monitoring, and end-to-end execution. The AI and machine-learning algorithms ensure that there’s constant monitoring of the web, combing through anything that resembles fraud and labeling it for potential further review. This tool is entirely seamless to set up, requiring no API integration by the client. Mimecast BEP boasts a 100% takedown success rate of brand exploits. 

Securing Your Domains Across the Board

The DMARC protocol is an indispensable tool for companies that want to secure their email domain. However, because the protocols were developed for all companies, they cannot account for the specific parameters of individual companies.

The reports provided by DMARC can give an IT team what they need to better configure DMARC policies to work for them, but the volume and the complexities make it impractical to go through it all. In addition, brands face further brand exploitation through phishing or spoofing attacks. 

Mimecast has developed two tools, DMARC Analyzer and Brand Exploit Protection, to give companies the information and the tools they need to solve these issues. Between the easy-to-read dashboards and managed services, companies can rest easy about everything from their data security to their reputation. 

Bonus: Mimecast & Dataprise Talk Securing Your Email Domain with DMARC

Recent Tweets


Want the latest IT insights?

Subscribe to our blog to learn about the latest IT trends and technology best practices.