Protecting your email communications shouldn’t come at the expense of privacy. That’s why we’re passionate about helping MSPs and IT teams understand the balance that VerifyDMARC brings.
DMARC reporting is an essential part of email security, but it’s also a fine line to walk when it comes to privacy. There are two kinds of DMARC reports:
We’ve made a deliberate decision not to offer or process Forensic (RUF) Reports at all. These reports offer little value towards helping you identify all your email sources, which is why you’re implementing DMARC reporting in the first place. Collecting RUF reports increases organisational risk that you’ll need to make disclosures when a data breach occurs.
Coming from the Managed Service Provider world, we’ve seen where common mistakes with cyber security risk occur. Two key areas are over collection of data, and poor housekeeping of user accounts. How do we address those?
No Overcollection of Data: When you collect more data than you need, like Forensic (RUF) Reports, you make yourself more attractive to attackers, lawyers, and law enforcement. You also create reputational risk because when that data gets breached and you need to disclose to those affected, you’ve now got a PR problem, fines, and remediation costs.
Good User Account Housekeeping: It’s far too common that you setup a service, give the team access, and then those users move on to new jobs, new organisations and so on. Or you create a single shared login, and all the people in your MSP or IT team know the details. We made another deliberate decision to only offer passwordless authentication and Microsoft 365 Single Sign On with VerifyDMARC. This means as long as you terminate access to email when a user is offboarded from your organisation, their access to VerifyDMARC ends there too. We also don’t limit how many users you can have on any of our business plans.
For MSPs and IT teams tasked with managing email security, the choice of tools and platforms matters. We like to think VerifyDMARC stands out by not only offering robust DMARC reporting capabilities but also by taking firm steps to ensure privacy and security is a key part of our design and service. If you’re using another DMARC reporting service, or considering a DMARC reporting service, have you given thought to privacy and security?
Ensuring the legitimacy and accuracy of DMARC reports is critical to avoid wasting resources or making poor security decisions based on faulty data.
Microsoft issued an advisory (EX765789) notifying admins some Exchange Online mail to third-party email accounts is failing, we go through the steps to fix this if you are affected.
In response to a recent FBI, State Department, and NSA advisory, we highlight risks of weak DMARC security and offer actionable steps to protect your organisation, customers, and suppliers.