DMARC Security Implementation
New Email Authentication Protocol Improves Customer Protection
By i-confidential Staff
One of our clients had an issue with email spoofing that risked customer losses through fraudulent activity. Criminals were exploiting weaknesses in its email and identity protection to trick customers into thinking fake emails were, in fact, genuine.
Following a regulatory review, the client committed to implement protection of any domains that were sending customers emails. It wanted to eliminate any spoofed emails arriving in customers’ inbox.
i-confidential was able to help the client select the right tool for the tasks required and then create an operating model that was fit for purpose.
The first step was to assess the existing email domains. We built a new inventory, reviewed the email operating model, processes, and tools, and formed a set of solution requirements. This involved gathering detailed information, in part through interviewing key stakeholders.
Next, we assessed a number of market-leading tools to implement DMARC (an email authentication protocol) and scored them against a set of functional requirements. This led to a presentation of our analysis and final recommendation to the sponsor (in this case Mimecast), which was accepted. We supported the client through the procurement process and at the same time developed an implementation plan.
Having purchased the tool, we worked with the client’s messaging teams, businesses, and third parties to identify some suitable email domain services that could serve as a proof of concept.
We then loaded and configured these first domains, giving the client some early ‘quick wins’ through enhanced reporting and risk assessment. Afterwards, we drafted a new operating model that reflected the implementation of the tool in preparation for handoff to the email service teams.
The client was able to demonstrate to the regulator, as well as its executives, that it had met the target to implement a DMARC solution by year end.
The first tranche of domains were loaded into the DMARC solution in ‘monitor mode’. This let the client assess the scale of its email security problem without impacting customer services. Once the data had been analysed, the client was able to implement much stricter controls that would eventually block any spoofed emails from being delivered to its customers.
“We supported the client through the procurement process and at the same time developed an implementation plan.”