200-year-old law firm underscores brand value with DMARC enforcement

DMARC enforcement is a critical email security standard to help protect organizations and their customers from email abuse. Like many others in information and email security, Darragh Macken, Information Security Manager at Travers Smith, wanted to explore how to adopt DMARC enforcement to close the gap in the firms’ phishing protection.
As a London-based law firm founded in 1810, it’s an understatement to say that Travers Smith has a long history in innovating with the times to provide its national and global clients with quality legal services. Adopting DMARC was a natural next step in the firm’s commitment to delivering on its reputation for quality and strong security standards.
The IS team’s goal was to take a proactive approach against the ever-persistent email attacks Travers Smith was seeing. “We knew it wasn’t a matter of ‘if’ but ‘when’ we would be hit by a successful phishing attack. We wanted to mitigate that risk with DMARC enforcement to provide better security to our clients, employees, and business partners, as well as protection for our brand and reputation,” said Macken.
But the next big question was: How could the firm make the journey to DMARC enforcement as swift and effective as possible — and maintain enforcement easily?
Initially, Travers Smith investigated the potential of managing DMARC in house, and Macken spoke with peers inside and outside of the legal services industry for their input. “I saw fairly quickly that, unless an organization has a big team, managing DMARC in house isn’t really an efficient or achievable approach. We didn’t want to burn our internal resources to get to DMARC enforcement, because we thought we’d struggle like many others to get to reject. We wanted to offload that and get an automated technology to do the heavy lifting for us,” said Macken.
In its search for an automated approach to DMARC enforcement, Travers Smith had clear requirements for the ideal solution. It needed to:
- Support the firm’s cloud-first strategy
- Integrate with Microsoft 365
- Support GDPR compliance
- Be cost-effective and align with the firm’s budget
- Provide ease of use that doesn’t require much of the IS team’s resources
- Uncover any “shadow IT” use of email-sending apps and services
Following the firm’s evaluation of solutions, Travers Smith chose Valimail for its compliance with GDPR, complete visibility, automation, intuitive dashboard, and guarantee of getting to enforcement—plus, its simple approach in achieving enforcement.
“At first, we thought Valimail’s ‘one-step, one-click’ implementation was marketing speak, but it really did play out like that for us. There was very little involvement required from us in the whole process other than the odd phone call. It really was a light touch from our side of things,” said Macken.
In addition to the value Travers Smith receives from Valimail’s guarantee to get customers to DMARC enforcement, Valimail also helped the organization align departments on the importance of security and not using “shadow IT” approaches.
“Valimail’s analysis gave us visibility that some departments had independently procured email marketing services. We discussed this with the departments and explained that the DMARC enforcement project would have prevented these emails from being delivered. That was a really good benefit that came out of the process with Valimail. It allowed us to help other business functions better understand the importance of security and that they need to involve the information security team when they’re looking to onboard new services,” said Macken.
Along with protecting its brand and domain from impersonation, Travers Smith is now a leader among the top 100 U.K. law firms in implementing DMARC at enforcement. Travers Smith clients, employees, and business partners can now trust that any email messages they receive from the domain traverssmith.com are legitimate, not fake.
“With Valimail, our senior leadership can now talk with clients about our DMARC enforcement as a value to our brand. More and more, clients want to know what we’re doing to protect their information and data, so we can now say we’re one of the top 10% of UK law firms to have DMARC enforcement, which means that an email our clients receive from traversmith.com is an email they can trust,” said Macken.
With the fully automated Valimail solution, Darragh is confident that DMARC is configured properly and that it is doing what it is supposed to do. Meanwhile, he can continue to innovate in other ways to keep the business secure.
To read and download the Travers Smith case study, click the button below.