Implement DMARC to Prevent Business Email Compromise
Gartner® report guides security and risk management leaders on DMARC.
Our learnings from the report:
- While email is a vital communication tool, most organizations fail to implement domain-based message authentication, reporting and conformance (DMARC).
- On a technical level, DMARC is easy to implement, but it takes strong project management and communication across many areas of the business.
- The benefits of properly implementing DMARC should be enough to persuade risk management leaders to implement it, but many organizations fail to do so.
- By not implementing DMARC, organizations run the risk of an increase in malicious emails from phishing or domain spoofing attacks being delivered to inboxes.
“Business email compromise (BEC) is on the rise. Advances in generative AI (GenAI) have compounded the need for holistic strategies to handle email-based phishing attacks. However, many organizations purchase commercial monitoring and filtering solutions to protect incoming mail without implementing basic security controls like DMARC.”
Key findings from Gartner report:
- Email is a vital communication tool for most organizations, yet many fail to implement domain-based message authentication, reporting and conformance (DMARC) to protect against direct domain spoofing.
- DMARC implementation is technically simple but requires project management skills and communications across multiple groups, threatening the success of DMARC projects.
- Most organizations do not have a security function to identify active phishing or business email compromise (BEC) campaigns. This complicates deployment and neutralizes threat intelligence benefits.
- The vast majority of published DMARC records are unenforced, leaving domains open to compromise despite active efforts to protect them.
By failing to implement DMARC, companies face the burden of more malicious emails from phishing and domain spoofing being delivered to user inboxes. This can result in increased risk of attackers impersonating company executives and other VIPs, injecting themselves into critical processes, and even extracting money or critical information from the organization.
A new report from Gartner guides risk management leaders on the path to DMARC implementation. It provides details on how to communicate the value of DMARC, move to active enforcement, and evaluate professional services to help.
Read the full Gartner report to get an in-depth playbook on DMARC implementation.
Gartner, Implement DMARC to Prevent Business Email Compromise, 17 October 2023, Max Taggett, Franz Hinner
GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally and is used herein with permission. All rights reserved.