Use case of measuring the ROI of DMARC implementation
A common question we receive is how to know if DMARC is really working and if it's worth implementing.
I'd like to share a real incident where we helped a customer measure ROI and received positive feedback. The customer had been with us for a few years but had doubts about whether the DMARC solution was actually working. We always assured them that it's like an insurance policy and it would do its job in case of an incident.
A few months ago, while the customer was busy with month-end activities, they received an automated alert from our DMARC solution.
The alert stated that there was a threshold breach observed for email activity, and a new mailing provider was sending emails on behalf of their domain that were failing DMARC and being rejected.
The customer quickly investigated the unusual trigger and analyzed the DMARC compliance trend for their domain. They were surprised to find that 11 082 emails were failing DMARC. This incident highlights how DMARC can detect and prevent unauthorized use of a domain for sending fraudulent emails, which can save businesses from reputational and financial damage. Measuring the number of prevented incidents and associated costs can help calculate the ROI of DMARC implementation.
He accessed the forensic module to see if there were any sample forensic emails available, which would allow him to examine the email headers and body. Fortunately, he was able to locate a few forensic samples that helped him determine the FROM ADDRESS and the DMARC action taken by the email gateways.
Improving Email Deliverability: One use case of measuring the ROI of DMARC implementation could be to improve email deliverability. DMARC can help prevent email spoofing and phishing attacks, which can increase the likelihood of emails being delivered to recipients' inboxes instead of being flagged as spam or blocked entirely. By implementing DMARC, an organization can measure the increase in email deliverability and calculate the ROI based on the number of additional emails that are successfully delivered.
Reducing Fraudulent Activities: Another use case for measuring the ROI of DMARC implementation is to reduce fraudulent activities. DMARC can help prevent domain spoofing, which is often used in fraudulent emails that impersonate trusted organizations. By reducing fraudulent activities, organizations can save money and prevent reputational damage.
Measuring the reduction in fraudulent activities and the associated costs can help calculate the ROI of DMARC implementation. Compliance with Regulations: Many industries have regulations that require organizations to protect sensitive information and prevent data breaches. For example, the healthcare industry has HIPAA regulations, while the financial industry has PCI-DSS regulations. Implementing DMARC can help organizations comply with these regulations by preventing unauthorized access to sensitive information through email. Measuring the cost savings associated with compliance and the penalties avoided by implementing DMARC can help calculate the ROI.