Protecting your email communications shouldn’t come at the expense of privacy. That’s why we’re passionate about helping MSPs and IT teams understand the balance that VerifyDMARC brings.
DMARC reporting is an essential part of email security, but it’s also a fine line to walk when it comes to privacy. There are two kinds of DMARC reports:
We’ve made a deliberate decision not to offer or process Forensic (RUF) Reports at all. These reports offer little value towards helping you identify all your email sources, which is why you’re implementing DMARC reporting in the first place. Collecting RUF reports increases organisational risk that you’ll need to make disclosures when a data breach occurs.
Coming from the Managed Service Provider world, we’ve seen where common mistakes with cyber security risk occur. Two key areas are over collection of data, and poor housekeeping of user accounts. How do we keep those in mind?
No Overcollection of Data: When you collect more data than you need, like Forensic (RUF) Reports, you make yourself more attractive to attackers, lawyers, and law enforcement. You also create reputational risk because when that data gets breached and you need to disclose to those affected, you’ve now got a PR problem, fines, and remediation costs.
Good User Account Housekeeping: It’s far too common that you setup a service, give the team access, and then those users move on to new jobs, new organisations and so on. Or you create a single shared login, and all the people in your MSP or IT team know the details. We made another deliberate decision to only offer passwordless authentication and Microsoft 365 Single Sign On with VerifyDMARC. This means as long as you terminate access to email when a user is offboarded from your organisation, their access to VerifyDMARC ends there too. We also don’t limit how many users you can have on any of our business plans.
For MSPs and IT teams tasked with enhancing email security, the choice of tools and platforms matters. We like to think VerifyDMARC stands out by not only offering robust DMARC reporting capabilities but also by taking firm steps to ensure privacy and security is a key part of our design and service. If you’re using another DMARC reporting service, or considering a DMARC reporting service, have you given thought to privacy and security?
As we move through 2024, the landscape of cyber security continues to evolve, with email authentication standing out as a critical defence mechanism against the increasing sophistication of attacks.
Microsoft issued an advisory (EX765789) notifying admins some Exchange Online mail to third-party email accounts is failing, we go through the steps to fix this if you are affected.
Every Microsoft 365 tenancy includes an onmicrosoft.com subdomain, these are rarely used for business communications but need to be part of your DMARC strategy so they do not get exploited.