There are a lot of initiatives that fall on your team’s shoulders, so I’m sure there’s the question in the back of your mind: Is Domain-based Message Authentication, Reporting, and Conformance (DMARC) worth the effort it takes to implement at p=reject? What are DMARC’s benefits?
Like many security initiatives, there are risks and costs that come from hypothetical scenarios. But email authentication with DMARC is unique: In addition to closing an attack vector (exact-domain phishing attacks) and reducing hypothetical costs, DMARC also produces real cost savings and revenue enhancement.
Below, we’ll walk you through all the DMARC benefits and the real value you unlock from reaching DMARC enforcement, but first, let’s talk about the options for implementing and maintaining a DMARC strategy.
Implementing DMARC at Enforcement
Getting DMARC to a policy of enforcement is notoriously tedious. It’s different for every team, so instead of diving into cost, let’s look at the implementation timeline and risks for various scenarios.
DIY: For implementing DMARC in-house, our research shows that it generally takes 12+ months on average. And that’s with 2-3 dedicated employees. Even with the most talented employees, there are limitations presented by the standards, like the SPF 10-Domain Lookup Limit. Other risks include misidentifying or missing senders (blocking good email) or misconfigured SPF or DKIM records.
Consultative: Working with a consultant or a first-generation (reporting-only) DMARC vendor still leaves the pressure on your team to complete the real work. That generally takes about 9-12 months. Since they have some technology and expertise, the risk associated with the program decreases, but the limitations with the standards do not. That creates an additional maintenance issue for the 1-2 employees it will take to manage the implementation and upkeep.
Automation: A truly automated solution can achieve protection in about 3 months on average. Because of the automated service identification and configuration, not only is the risk eliminated, but it takes less than 20% of a dedicated employee’s time to help confirm which services should or should not be authorized.
One of our customers, Reputation, was looking for an automated end-to-end solution that was easy to configure. However, when shopping for a solution, they discovered mostly expensive consulting services or a single-sided solution. Then they found Valimail’s automated solutions that block about 4,000 phishing emails a month.
“Valimail has proven itself to be future-proof because it has scaled to protect us from startup to global corporation. Their solution is easy to set up, and we’ve maintained our DMARC enforcement status since we onboarded.Kip Borie, IT Manager, Infrastructure at Reputation
Regardless of the path you choose, if you are certain that all senders have been identified and configurations are done and managed correctly, there is very little risk associated with implementing DMARC to a policy of enforcement.
Note: These numbers are based on public DNS records scanned by Valimail.
Assessing the Risks DMARC Addresses
If you’re unlucky enough to have BEC impact your organization, the associated costs will be significant.
Taking a variety of research sources into account and modeling the risks of BEC, the Global Cyber Alliance estimates that millions are lost annually from BEC attacks. 5% – 15% of these attacks can be stopped by DMARC at enforcement. For a large enterprise, that amounts to $302,000 – $1.3M per year:
- Assuming that only 1% of BEC emails lead to some kind of user action (clicking on a link, dialing a fraudulent phone number, etc.), leads to costs of $302,000/year.
- If the BEC action rate grows to 5%, the cost for an enterprise is $1.3M/year.
A layered defense to email security is necessary to address the remaining percentage of attacks.
Even if the attackers don’t succeed, the reputational damage can impact your revenues.
- The monetary cost of reputational damage from cybersecurity incidents is $8,000 to $200,000 per incident.
- Customers are 42% less likely to engage with a brand after being phished.
The Value of DMARC at Enforcement
Let’s say your business never gets attacked or has a breach. Lucky you! But you are still missing out on the monetary benefits associated with email authentication with DMARC.
- Forrester estimates that, for a typical large enterprise, DMARC at enforcement leads to savings of $2.4M/year. This benefit comes from:
- An increased return from customer engagement with outbound emails
- Reduced need for customer support
- Lower cost of cybersecurity insurance
- The average customer deploying DMARC at enforcement sees a 5 to 10% increase in deliverability for marketing emails.
- With a mail volume of 100,000 messages/month and average deliverability of 80%, that translates into 4,000 – 8,000 more email messages that make it to your prospects’ inboxes every month.
And these are annual, recurring DMARC benefits.
“Outcomes show that implementing DMARC is one of the highest ROI solutions available. Just make sure to insist on enforcement (activation) and that the process is automated – otherwise, DMARC can be daunting.”Alexander Garcia-Tobar, CEO of Valimail
DMARC Benefits at a Glance
While we covered tons of DMARC benefits already, let’s bundle them all up into a list so you can see the value of DMARC at a glance.
- Reduces Exact-Domain Phishing Attacks: DMARC enforcement effectively blocks phishing attacks that use your exact domain, significantly enhancing email security.
- Mitigates Business Email Compromise (BEC): By authenticating email sources, DMARC reduces the risk of BEC attacks, which have cost businesses billions globally.
- Enhances Email Deliverability: Implementing DMARC can lead to a 5-10% increase in email deliverability, ensuring more of your messages reach their intended recipients.
- Protects Brand Reputation: DMARC helps maintain your brand’s integrity by preventing unauthorized use of your domain and safeguarding your reputation from phishing scams.
- Saves Money: For large enterprises, DMARC enforcement can lead to annual savings of up to $2.4M through improved email engagement, reduced customer support needs, and lower cybersecurity insurance costs.
- Increases Customer Trust: Customers are more likely to engage with emails they can trust, and DMARC helps establish that trust by authenticating email sources.
- Reduces Need for Customer Support: With fewer phishing attacks and email compromises, there’s less need for customer support interventions, saving time and resources.
- Lowers Cybersecurity Insurance Costs: By implementing DMARC and enhancing email security, businesses can often negotiate lower premiums on cybersecurity insurance.
- Protects Globally: DMARC provides worldwide protection for your domain, ensuring that your email security measures extend beyond your immediate network.
- Automated Email Authentication: With solutions like Valimail, the process of implementing and managing DMARC is automated, reducing the need for extensive IT involvement and resources.
- Actionable Insights: DMARC reporting provides valuable insights into email sending patterns and potential security threats, enabling proactive management.
- Complies with Regulations: DMARC helps in complying with various data protection and privacy regulations by securing email communications.
- Long-term ROI: Despite initial implementation costs, the long-term return on investment for DMARC is substantial, with ongoing benefits in security, deliverability, and brand protection.
- Scalability: DMARC scales with your business, ensuring that your email security adapts to growing or changing business needs.
- Enhanced Email Analysis: With DMARC, businesses gain a clearer understanding of their email ecosystem, allowing for more informed decision-making regarding email strategies.
Capture the Value of DMARC
Depending on the implementation method you choose, it may take a bit longer to recoup your investment. No matter which method you choose, a longer timeline and employee costs will cut into your ROI. And for every year that you do not have a DMARC enforcement policy, you’re leaving money on the table.
However, If you can get DMARC done quickly and correctly, the value will always outweigh the risk for years to come.
Let us help.
Get started with Valimail Monitor to get free, world-class monitoring to identify all services and sending activity from your domains. Once you’re ready to take action, use Valimail Enforce to get continuous DMARC protection at scale.