Protecting your email communications shouldn’t come at the expense of privacy. That’s why we’re passionate about helping MSPs and IT teams understand the balance that VerifyDMARC brings.
DMARC reporting is an essential part of email security, but it’s also a fine line to walk when it comes to privacy. There are two kinds of DMARC reports:
We’ve made a deliberate decision not to offer or process Forensic (RUF) Reports at all. These reports offer little value towards helping you identify all your email sources, which is why you’re implementing DMARC reporting in the first place. Collecting RUF reports increases organisational risk that you’ll need to make disclosures when a data breach occurs.
Coming from the Managed Service Provider world, we’ve seen where common mistakes with cyber security risk occur. Two key areas are over collection of data, and poor housekeeping of user accounts. How do we keep those in mind?
No Overcollection of Data: When you collect more data than you need, like Forensic (RUF) Reports, you make yourself more attractive to attackers, lawyers, and law enforcement. You also create reputational risk because when that data gets breached and you need to disclose to those affected, you’ve now got a PR problem, fines, and remediation costs.
Good User Account Housekeeping: It’s far too common that you setup a service, give the team access, and then those users move on to new jobs, new organisations and so on. Or you create a single shared login, and all the people in your MSP or IT team know the details. We made another deliberate decision to only offer passwordless authentication and Microsoft 365 Single Sign On with VerifyDMARC. This means as long as you terminate access to email when a user is offboarded from your organisation, their access to VerifyDMARC ends there too. We also don’t limit how many users you can have on any of our business plans.
For MSPs and IT teams tasked with enhancing email security, the choice of tools and platforms matters. We like to think VerifyDMARC stands out by not only offering robust DMARC reporting capabilities but also by taking firm steps to ensure privacy and security is a key part of our design and service. If you’re using another DMARC reporting service, or considering a DMARC reporting service, have you given thought to privacy and security?
Learn how to stop email spoofing and improve delivery of order confirmations with DMARC. Implementation guide for Shopify, WooCommerce and Adobe Marketo.
Even with p=none, DMARC without report monitoring is like driving blindfolded. Mail servers still check authentication, impacting your deliverability.
VerifyDMARC now offers SMTP TLS Reporting capabilities, enabling monitoring of MTA-STS and DANE policy performance for improved email transport security.