DMARC Email Authentication

Valimail and Forrester Guest Speaker: DMARC and the Future of Email

Seth Blank, CTO of Valimail, recently sat down with guest speaker Jess Burn, Principal Analyst at Forrester. They discussed DMARC and the future of email, including how DMARC affects brand reputation, the difference between SEGs and DMARC, and how DMARC can stop generative AI phishing. Discover some of the highlights from this insightful conversation below. 

How DMARC Affects Brand Reputation

While more brands have started their DMARC journey thanks to the new Google and Yahoo requirements, getting to DMARC enforcement is imperative for brands to protect their reputation. While DMARC is great for combating business email compromise (BEC) and phishing, it can protect your employees and customers and allow them to fully trust any emails from your domain. 

“So DMARC really ensures your organization is the only one using its domain, or your authorized email marketing services, of course. You can then educate customers on why you can trust emails sent from your domain, and that increases their confidence to open those emails and interact with them and do business with you.”

Jess Burn, Principal Analyst at Forrester

Your DMARC status is public, and customers and employees can discover whether or not you have DMARC at enforcement. If you are at enforcement, you can promote your brand’s trusted sender reputation, strengthening your organization’s resilience. 

Check your domain’s status for free:

Uncover Email Security and Deliverability Issues

The Difference Between SEGs and DMARC

DMARC is just one element of enterprise email security, and secure email gateways (SEGs) and cloud-based API-enabled email security make up another portion. These solutions help prevent bad emails from getting to inboxes. A fully comprehensive SEG solution alongside DMARC is important to cover all your email security basics. 

Many SEGs will also use artificial intelligence (AI) or machine learning (ML) models to detect sophisticated phishing and BEC attacks. While these solutions are great, they’re not comprehensive, which is where DMARC comes in. 

“AI and ML are great if you’ve actually had a legitimate account takeover, but a lot of this is spoofed. So you can stop all of this and rely on your AI and ML models to detect any changes [in your email]. But you would stop three-quarters of [malicious emails] coming into the inbox just by implementing DMARC.”

Jess Burn, Principal Analyst at Forrester

Working with just an SEG or a DMARC provider could leave gaps in your security. To get the best of both worlds, work with partners like Valimail and Abnormal Security

DMARC Generative AI and Phishing

When asked how generative AI will impact phishing, Blank replied: “I’ve got two controversial answers. One is not at all, and one is a lot.” 

In 2019, Google analyzed millions of blocked phish. Of that blocked phish, 68% was brand new and had never been seen. Phishing presents a new problem every day, and generative AI will make this problem even worse and perhaps even more effective. 

However, this is what good security systems fight. The phishing only gets through when it’s an impersonation attempt, and DMARC can stop that. With good DMARC deployment, AI-generated phishing shouldn’t get to users from a trusted domain, making DMARC more critical now than ever. 

If you enjoyed these highlights and want to know more about DMARC and the future of email security, watch the full interview here: