What is DMARC?
DMARC is an email authentication system that protects your organization's domain name from phishing, spoofing and other types of cyber attacks. DMARC builds on the email verification technologies SPF and DKIM and by implementing a DMARC policy for your domain you gain insight into how the domain name is used. By a correct implementation of a DMARC security policy you will help the recipient to understand which emails to trust and witch to reject.
Test if your domain is protected
SPF
The Sender Policy Framework (SPF) allows you to specify in your domain name settings (DNS) which email servers that can send email on your behalf. Receiving email servers use SPF to verify that incoming messages that appear to come from your domain have been sent from servers that you have authorized. The SPF specification has a limit on the number of maximum 10 DNS lookups to be considered as valid.
DKIM
DKIM (Domain Keys Identified Mail) is an email authentication technology that helps the recipient verify that an email has been sent and authorized by the domain owner. The e-mail is sent signed with a Private key. The recieving system validates the email by looking up the DKIM signature using the Public Key that is published on the DNS in order verify that the message has not changed since it was sent.
DMARC
DMARC (Domain-based Message Authentication, Reporting and Conformance) provides insight into your email flow, which sources that send email on behalf of you, whether they are sent technically correct, as well your exposure to spoofing, phishing and other types of email related attacks. The DMARC policy for the domain informs the recipient how to handle emails that fail the DMARC check.
Why use DMARC?
Email is the easiest way to use your brand for fraud. By using your domain and impersonating your brand, email with harmful information and content that doesn't originate from you can be sent to your employees and customers. In addition to compromising security in your organization, your brand reputation will be seriously damaged.
DMARC can make your email safe and secure again. By deploying DMARC, you increase the deliverability of all legitimate emails while stopping fraudelent emails sent from your domain. DMARC gives you insight and control over your outgoing email flow and helps you maintain a high security standard and protection of your brand.
Without DMARC, you are unprotected against attacks such as, CEO fraud emails, fake invoices, login credential theft, sale of illegal goods and spreading ransomware. As attacks performed by cybercriminals around the world constantly increases, your exposure to the security risks by not having DMARC deployed for your domain increases continuously.
Why is DMARC deployment hard?
Many sending email systems to keep track of
Large amount of data to analyze
Many potential sources of error that are difficult to identify
Requires more time than expected
The risk of stopping legitimate emails is high
Requires systematic and ongoing monitoring
What have we done?
Excedo helps organizations to deploy a strict DMARC policy for their domains which enables our customers to take control over who is allowed to use their domains for outbound email, ensuring that the emails are sent technically correct while preventing abuse. The figures below summarizes results of projects we have completed and the chart indicates a selection of industries in which we have helped customers to successfully deploy DMARC.
DMARC protected domains
Correctly sent emails
Spoofed emails that are blocked
What can we offer?
Deploying DMARC for an organization is a multi-step process and associated with several challenges. Excedo can help you with an effective deployment based on our process and project methodology where you choose the level of assistance that you need. We either work with all phases of the deployment together with you in order to reach a protective DMARC policy with no affect or distruption on your legitimate email flow during the project, or we can guide you and provide tools for you to be able to work with the deployments yourself.
DMARC – Quick Start
Tailored service for you to quickly get started to properly receive DMARC reports for your domains without affecting any email flows. In addition to giving you an introduction to DMARC, we ensure that everything is setup correctly for the domains you want to monitor. The data is collected and presented in our DMARC SaaS Platform in which you will work in order to analyze the email flows to gain insight into how email is sent for the domain. With this insight you will use the data and the platform to move your DMARC deployment forward.
Includes
DMARC introduction
DMARC SaaS Platform
Creating DMARC policy for your domains
Risk-free, no disruption to existing email flow
Suitable for:
You want to get started quickly and try to work with the DMARC deployment yourself.
DMARC - Analysis
The first step to a successful DMARC deployment where Excedo performs an analysis and health check for your domains. No email flow is affected and minimal effort is required on your end. We enable DMARC with a monitoring policy for your domains, analyze all DMARC reports and data and determine the current status. Based on our findings, we deliver a report with recommendations on issues and actions required to be able to deploy DMARC successfully.
Includes
DMARC introduction
DMARC SaaS Platform
Creating DMARC policy for your domains
Risk-free, no disruption to existing email flow
Unlimited number of domains
Ongoing monitoring
Analysis of reported DMARC data
Analysis of domain settings regarding DKIM/SPF
Summary report of current status and data analysis
Review of results and recommendations
Suitable for:
You want to get help identifying the current state of your domains quickly and effectively.
You have tried working with DMARC yourself without reaching the policy reject.
DMARC – Deployment
The DMARC deployment project is based on the defined status from the performed analysis. During the deployment we manage the project and coordinate all actions that need to be implemented in order to make all email system technically DMARC compatible with the SPF and DKIM technologies. By ongoing monitoring and analysis of DMARC reports as issues are resolved and correct email flows are confirmed, we run the project with the goal of achieving the protective DMARC policy (p=reject) for all domains.
Includes
DMARC introduction
DMARC SaaS Platform
Creating DMARC policy for your domains
Risk-free, no disruption to existing email flow
Unlimited number of domains
Project management
Actions on identified issues
Getting all email systems DMARC compliant
Ongoing analysis of reported DMARC data
Continuous analysis and adjustments of domain settings regarding SPF/DKIM
Ensuring and securing the effects of performed adjustments
Recommendation and deployment of protection (p = reject)
Suitable for:
You have received assistance with a DMARC analysis from Excedo.
You want to get help deploying DMARC to p=reject without risking affecting legitimate email flows and securing your domains quickly and efficently.
You have tried working with DMARC yourself without reaching the policy reject.
DMARC – Compliance management
Following a succesful deployment of protective DMARC policy for the domain, Excedo will help you prepare for the future to manage unexpected problems and planned changes in our ongoing compliance management. DMARC requires systematic monitoring even after achieving p=reject for its domains. The ongoing compliance management can be outsourced fully or partly to Excedo.
Includes
DMARC SaaS Platform
Unlimited number of domains
Reports
Ongoing analysis of reported DMARC data
Control of deviations (new email systems, spoofing attacks)
Monitoring that existing email systems are compliant
Monitoring of DMARC policy enforcement
Recommendations for actions in the event of deviations
Performing actions to resolve issues and deviations
Adjustments during planned changes
Suitable for:
You have succesfully deployed DMARC for your domains.
You want to ensure compliance with your domain name protection and get help with actions in case of future deviations or need for changes.
Enhanced security and brand visibility with VMC + BIMI
The ongoing development to create effective protection for email communication reaches a new level through the new standards Verified Mark Certificate (VMC) and Brand Indicators for Message Identification (BIMI) that the industry has agreed on. These standards are a supplement to DMARC that has been around for a long time and unites areas related to IT security and brand identity into one.
Through VMC and BIMI, email recipients see your logo in their email client aligned to the email even before they have opened it. This way the recipient can be confident that the email in fact originates from you.
What is VMC?
Verified Mark Certificate (VMC) is a security certificate issued to your origanization that allows you to use your logo in your BIMI implementation. During the issuance process of VMC, validation is performed on your organization, your domain as well as your right to use the logo. You also need to have completed your DMARC deployment with the proper security level and secured the right to your figurative trademark in order to receive a VMC issued for your organization.
Vad är BIMI?
BIMI (Brand Indicators for Message Identification) is an emerging standard that makes it easy for organizations to display their brand in their outgoing emails. By implemeting BIMI, organizations can display they trademark protected logo to email recipients using email clients that supports BIMI. The recipeint will see the logo both directly in the inbox as well as when opening the email. This allows the recipient to feel confident about the email being authentic.
Benefits of deploying VMC and BIMI
Your customers will know that security is important for your organization as you are compliant with existing security standard available and they can trust that the emails actually come from you.
Your company logo will be visible in the customer's inbox even before they have opened the email.
You have full control over which logo your customers are exposed to.
Your brand is more exposed which increases the brand awareness.
Security and deliverability of your outgoing email increases.
A study carried out for the service has shown an increased rate of opened email by 10%.
Secure your emails and strengthen your brand with Excedo's help
For full protection of your email and abuse of your brand you need to combine elements from both IT and law. Excedo can assist you achive this regardless of which of the areas below you currently are missing.
Why choose us?
We can help you to achieve secure email and strengthen your brand in your email communication. Either by taking the lead in all areas required or by assisting you with those parts that you are missing within DMARC, VMC, BIMI or trademark.
