A common question we receive is how to know if DMARC is really working and if it's worth implementing.
I'd like to share a real incident where we helped a customer measure ROI and received positive feedback. The customer had been with us for a few years but had doubts about whether the DMARC solution was actually working. We always assured them that it's like an insurance policy and it would do its job in case of an incident.
A few months ago, while the customer was busy with month-end activities, they received an automated alert from our DMARC solution.
The alert stated that there was a threshold breach observed for email activity, and a new mailing provider was sending emails on behalf of their domain that were failing DMARC and being rejected.
The customer quickly investigated the unusual trigger and analyzed the DMARC compliance trend for their domain. They were surprised to find that 11 082 emails were failing DMARC. This incident highlights how DMARC can detect and prevent unauthorized use of a domain for sending fraudulent emails, which can save businesses from reputational and financial damage. Measuring the number of prevented incidents and associated costs can help calculate the ROI of DMARC implementation.
He accessed the forensic module to see if there were any sample forensic emails available, which would allow him to examine the email headers and body. Fortunately, he was able to locate a few forensic samples that helped him determine the FROM ADDRESS and the DMARC action taken by the email gateways.
© 2017 - 2023 DMARC.FR