DMARCIAN
In this article, we present a guide on deploying DMARC on Cisco’s Email Security Appliance(ESA). If you believe that you already have your system’s DMARC authentication and reporting set up correctly, please take the time to read through the information and compare it to your current settings. These settings are industry best practices, and we encourage you to not diverge from them. Your ESA’s AsyncOS version should be 13+. If 14, it should be 14.0.2 or greater due to a bug in lower versions of 14. NOTES: If you don’t set this up correctly, please don’t set it up at all. If it isn’t configured correctly, you’ll pollute valid data being sent from other sources, and your DMARC data may be blacklisted by aggregators. Varying settings from the recommendations in how or whether your environment performs SPF or DKIM verification will affect the ability of the system to perform adequate
In June 2021 we published research on DMARC adoption among the top 100 companies in Canada. Twenty months later, we evaluated the DMARC adoption rate and are excited to share those rosy results. Here’s the DMARC adoption rate comparison for Canada’s top 100 countries, measured in percentage increase or decrease, from June 2021 to February 2023: 154% increase of DMARC policies set to p=reject 114% increase of DMARC policies set to p=quarantine 18% decrease of DMARC policies set to p=none 57% decrease of companies lacking a DMARC policy Above all, a fifth of the top Canadian companies advanced their DMARC policies to the ultimate goal of a p=reject DMARC policy. With a p=reject policy in place, emails failing DMARC authentication aren’t delivered to the destined inbox. Another fifth took the initial step in securing their domains by establishing DMARC records. People typically begin their road to DMARC compliance by employing
This guide describes the process for configuring Sendinblue to send DMARC compliant messages. You will need to configure this source, and others you authorize, before advancing your DMARC policies to a more restrictive state, e.g., quarantine and/or reject. To bring this source into DMARC compliance, you will need access to Sendinblue’s administrative account and the domain’s DNS management console. From time to time, these instructions change with very little advance notice. Please always refer to documentation hosted by Sendinblue for the most complete and accurate information. General informationSendinblue provides a platform to send transactional and marketing emails. It is often used to send B2C (business-to-consumer) and B2B (business-to-business) emails. Many areas in your organization may use this service, including marketing, sales, and finance. Sendinblue supports DMARC compliance through DKIM and SPF alignment. DKIMTo configure DKIM, you will need to access the domain’s settings. There are two ways to do this:
This guide describes the process for configuring Mailgun to send DMARC-compliant messages. You will need to configure this source, and others that send on your behalf, before advancing your DMARC policies to a more restrictive state, e.g., quarantine and/or reject. To bring this source into DMARC compliance, you will need access to the Mailgun administrative account and the domain’s DNS management console. From time to time, these instructions change with very little advance notice. Please always refer to documentation hosted by Mailgun for the most complete and accurate information. General informationMailgun provides an email delivery service that allows developers to integrate email into applications through APIs and SMTP. Many departments may use this service in your organization, but it is often managed by an application development team. Mailgun supports DMARC compliance through SPF and DKIM alignment. SPF & DKIMTo configure SPF and DKIM: In the Mailgun console, navigate to Sending>Overview
This guide describes the process for configuring Mailchimp Transactional to send DMARC-compliant messages. You will need to configure this source, and others that send on your behalf, before advancing your DMARC policies to a more restrictive state, e.g., quarantine and/or reject. To bring this source into DMARC compliance, you will need access to the Mailchimp Transactional administrative account and the domain’s DNS management console. From time to time, these instructions change with very little advance notice. Please always refer to documentation hosted by Mailchimp Transactional for the most complete and accurate information. General informationMailchimp Transactional is a paid Mailchimp add-on that allows clients to send one-to-one transactional emails triggered by user actions, such as purchases or account activity. Sales and marketing as well as development teams may use this service in your organization. Mailchimp Transactional supports DMARC compliance through DKIM and SPF alignment. DKIMTo configure DKIM: Navigate to Settings in
Reports generated from our DMARC Management Platform give you insight into what is happening with a particular aspect of your domains. A useful resource to keep decision makers and stakeholders informed and updated relative to DMARC deployment and maintenance, reports help to bridge this gap. For dmarcian’s MSP and MSSP Partners, reports can be utilized to provide information to their client base. Since MSP clients can’t view their domain details on the dmarcian platform, reports are a way MSPs can keep their clients informed of their DMARC project. The following reports can be generated from our platform: Domain Status Reports: contains domain status information including email authentication deployment state and volume statistics. This report is based on the past seven days of data from the time it was generated. Issue Summary Reports: lists outstanding issues related to email authentication deployment. Account Progress Reports: provides an overview of all domains in
A year ago we surveyed DMARC adoption among the 100 global retailers based on revenue. With the 2022 holiday shopping season ramping up, we’re taking a look to see how retailers are progressing with DMARC adoption. Here’s the comparison, measured in percentage increase or decrease, from last year’s DMARC adoption numbers: 30% increase of DMARC policies set to p=reject 80% increase of DMARC policies set to p=quarantine 10% decrease of DMARC policies set to p=none 16% decrease of companies lacking a DMARC policy The trend illustrates a progression of DMARC compliance in the growth of p=quarantine and p=reject policies from 2021. That’s nothing but good news for retailers and their customers. For the retail, hospitality, and travel community, the holiday season is the most intense time of year for consumers and cybersecurity professionals facing persistent threats. From the beginning of October through the end of December, cyber threats to organizations
This guide describes the process for configuring Salesforce to send DMARC-compliant messages. You will need to configure this source, and others that send on your behalf, before advancing your DMARC policies to a more restrictive state, eg., quarantine and/or reject. To bring this source into DMARC compliance, you will need access to Salesforce’s administrative account and the domain’s DNS management console. From time to time, these instructions change with very little advance notice. Please always refer to documentation hosted by Salesforce for the most complete and accurate information. General InformationSalesforce is a customer relationship management software that brings together sales, customer service, marketing automation, analytics, and application development. Many departments, such as Sales, Marketing, IT, Support and HR use this tool. Salesforce supports DMARC compliance through SPF and DKIM alignment. SPF To configure SPF, add a DNS TXT record at your domain’s DNS provider: Login to the management console of
One of the outstanding features of DMARC is the feedback you get related to email sent from any source using your domain as the RFC5322 identity (friendly from). However, this is contingent on the receiver’s email security provider having the ability to perform DMARC verification on inbound email as well as sending the result of those checks in the form of an aggregate report. One such solution is Cisco’s Cloud Email Security (CES). When DMARC authentication for inbound email is enabled, the CES appliance can be configured to send DMARC aggregate reports containing the results of those inbound checks. This data is critical for domain owners relative to their DMARC deployment efforts. These reports are helpful, but more helpful yet is to know who is sending these reports. Knowing the source of the reports is beneficial if you need to follow up with them; better yet, you can easily identify
This guide describes the process for configuring Constant Contact to send DMARC-compliant email. You will need to configure this source, and others that send on your behalf, before advancing your DMARC policies to a more restrictive state, e.g., quarantine and/or reject. To bring this source into DMARC compliance, you will need access to Constant Contact’s administrative account and the domain’s DNS management console. From time to time, these instructions change with very little advance notice. Please always refer to documentation hosted by Constant Contact for the most complete and accurate information. General informationConstant Contact is an email marketing service provider designed for small businesses. It’s often used by marketing and sales departments. Constant Contact supports DMARC compliance through DKIM alignment for their customers. DKIMConstant Contact provides two options for enabling DKIM: authentication using CNAME records and authentication using a TXT record. Self-authentication using DKIM CNAME records is the simplest and