In this interview with Asher Morin, dmarcian’s Deployment Manager in the Americas, we explore DMARC deployment through an organizational perspective:

What are the challenges for brands that want to deploy DMARC?

Overwhelmingly, organizations struggle with integrating DMARC with their current support framework. This is primarily because of misconceptions about their own email ecosystem and where the ownership of certain processes live. DMARC is not a technology that is terribly difficult to understand and takes relatively short time to grasp thoroughly. However, it is what it relates to that will often be lost on an organization when first going in.

If we try to itemize it, it does touch the DNS, SMTP, and the DKIM and SPF authentication specifications from a technical standpoint. Now let’s think about what it means from a process perspective. A reject policy will prevent email related to shadow IT, and prevent any one area of the company from setting up any email sending services (think marketing automation) without first configuring DMARC compliance. 

It also introduces the need to review the onboarding process for new services. Will they be sending emails on behalf of your domains? If the answer is “yes,” an organization’s DMARC policy requires them to be DMARC compliant, and at the time of this writing, not all SaaS solutions are.

Additionally, an organization may leverage the same domain, but be split in many business units, often geographically. This can present additional challenges when devising processes and procedures to address DMARC-related issues or needs. 

How do organizations overcome these challenges?

A united approach to the ownership and support of DMARC-related processes and technologies is paramount for not only deployment success, but effective ongoing compliance. You can imagine a type of framework as a glue that ties the relevant pieces together to minimize risks associated with deploying or maintaining DMARC. This generally will mean working toward forging a workflow between acceptable usage policies, support, vendors, procurement and domain management of a company. 

More companies are starting to embrace DMARC. What’s causing this increased interest?

While the benefits of DMARC are clear, some common practices within the email world held it back. The case of mailing lists was loud and clear and presented a real use case as to why DMARC can be problematic. Domain spoofing has long been an issue. An overwhelming majority of companies operating today will have experienced domain spoofing and will again in the near future. 

With a problem that is not going away anytime soon, if ever, more and more organizations are turning to DMARC, either by necessity or mandate, as the premier line of defense against email domain spoofing. With more and more expert help now available and a greater choice of premier technologies processing DMARC reports, now is a great time to consider deploying DMARC while minimizing risk.

How can major players like Microsoft, Yahoo and Google better support DMARC to make email more secure?

DMARC is a powerful tool to gain visibility into your entire email ecosystem all in one place. This view is only as accurate as the data that gets reported. The more data reported, the more accurate and complete the picture becomes. While more and more of the giants of email senders and receivers send DMARC reports, not all do. Here, more is better, and more reporters benefit us all.

What are the characteristics of the most successful DMARC deployments?

I mentioned earlier on the concept of framework, a collection of processes that ties in several areas of an organization in order to support technologies deployed from the moment of procurement all the way through to user support. While deploying DMARC can be achieved through a project with a beginning and an end, ongoing compliance is an exercise that never ends. The idea of the framework is there to help naturally bake DMARC into your day-to-day process. Doing that well will ensure success.

~ Sparky

Asher Morin, dmarcian’s Deployment Manager in the Americas, is an experienced project manager with a successful history of guiding the development of domain security processes and helping to manage IT security technology with organizations large and small. His expertise and relationship-building has garnered plaudits as a recognized and approachable expert.