What is DMARC?
DMARC is a security standard which allows a domain to declare a policy of how
it wants email processors to examine and treat emails claiming to be from that
declaring domain. The core policies are “none” (do nothing special, and optionally
report), or “quarantine” or “reject” messages which fail various other security checks.
DMARC is an effective way to limit domain spoofing from protected domains however, there isn’t much said about the economic benefits of deploying DMARC. There is a considerable upside to DMARC implementation and Global Cyber Alliance (GCA) has been pushing the use of DMARC email security standards across the world since mid-2016.
How does it benefit businesses?
So, what are the benefits of implementing DMARC? DMARC helps move organization move a step closer to keeping safe. As an example, the UK Government, in particular HM Revenue & Customs (HMRC), successfully implemented DMARC on one of the most scammed domains in existence – HMRC.gov.uk. The outcome was mind-boggling, with spoofed emails reduced by half a billion. This is a major achievement just by implementing policy change to mail.
DMARC has two aspects.
- It prevents spoofing of your domain and additionally it authenticates your legitimate emails and prioritises delivery into the recipients’ inbox. If you implement DMARC, it is more likely that your genuine marketing emails will be delivered into the inbox rather than into the Junk Mail folder. DMARC helps genuine mails reach the inbox far more effectively thus a successful marketing campaign, which means a greater Return On Investment (ROI). This doesn’t mean loss of business but does lead to increase in business.
- DMARC improves the delivery rates as well, in case of HMRC, not only were they able to reduce spoofing by half a billion emails, they also improved delivery rates of genuine emails from 18% to 98%, all through the implementation of DMARC. Imagine what a guaranteed email delivery rate of 98% could do for your business.
Adopting DMARC also has a flow-on effect to other areas of your business. As well as reducing internal fraud, implementing DMARC can also stop fraudulent emails from being delivered to your customers. By stopping criminals from spoofing your legitimate domain, it lessens the success rate of spear-phishing attacks (where a criminal spoofs a CFO’s email address to send financial transaction instructions to payroll staff). – If someone tries to spoof a domain with DMARC, the email simply won’t be delivered. DMARC also stops criminals from domain-spoofing to send outgoing phishing emails to the masses. Implementing DMARC can preserve your brand equity, eliminate customer support costs related to email fraud, and make email an effective communication method again, which is something that is seriously lacking at the moment.
Via a study conducted only on business email compromise (BEC) which is major cause of concern the ROI on DMARC implementation is quite a winner! GCA conducted a research on about 1046 organization which implemented DMARC at the policy level “reject” or “quarantine” using the GCA tools and likely saved 19 mn USD. This number is under certain assumptions which can be read here. The numbers can change exponentially under different scenarios and is a good indication that DMARC adds significant business value.
The report says the BEC scams have accounted for more than 12.5bn USD in last five years. Let’s understand the global mail scenario, In 2015, there were about 112.5 Bn emails sent each day. Out of which 53.2% were reported spam. This means that about 59.85 Mn emails sent were spam on a daily basis. This is quite a staggering number and BEC alone turns out to be an expensive threat.
Economic benefits from compromise and from other marketing deliverables far outweigh the procedure to implement DMARC. Experts at Logix infosecurity help companies to successfully implement the policy changes and improve the ROI.