Email Security Blog

Beyond DMARC: What It Really Takes to Ensure Email Security

Ramon Peypoch December 11, 2019 Business Email Compromise, DMARC
DMARC for Email Security

As important as Domain-based Message Authentication, Reporting & Conformance (DMARC) is to the fight against Business Email Compromise (BEC) and other advanced email threats, it’s really just the first piece of the email security puzzle. And it certainly won’t cut it alone.

Don’t get me wrong. We’ve talked a lot about just how vital DMARC is to stopping email-based impersonation attacks. When properly implemented, this standard email authentication protocol ensures only authorized senders can use an organization’s domain name for sending emails.

Without it, cybercrimals are free to spoof or hijack domains for use in phishing attacks targeting an organization’s customers, partners, or other unsuspecting consumers and businesses.

But as imperative as it is, DMARC isn’t enough on its own.

DMARC is Just the Beginning

Just look at the state of email security today.

Despite the wealth of new technologies and attack vectors at cybercriminals’ disposal, email phishing remains one of the most effective tools in the fraudster’s arsenal. Instead of slowing down, BEC scams are on the rise, accounting for more than $26 billion in losses since 2016, according to the FBI.

That’s why it’s imperative for companies in every vertical to have the most robust email security possible. DMARC is certainly part of that equation. But it’s important to note that while DMARC protects an organization from being impersonated in email attacks, it does little if anything to defend against incoming phishing emails that impersonate outside individuals and organizations.

On that score, employee training plays an important role in helping to spot incoming phishing emails. But the sheer volume and velocity of new attacks mean education will only get you so far.

Technical security controls can help flag many suspicious emails, especially those that leverage malicious links or content. But cybercriminals have devised sophisticated approaches to ensure their fraudulent emails bypass those controls with troubling ease.

Needed: Advanced Threat Protection

In the face of these challenges, some organizations are finding they need to take a more modern approach to filling out the rest of the email security puzzle. Particularly promising: advanced threat protection solutions that leverage data science and threat intelligence to stop sham emails from ever reaching employees.

Because they model trusted, authenticated email behaviors between individuals and organizations, this kind of advanced threat protection has been shown to detect incoming email impersonation scams with high efficacy.

Yet even that may not be enough – no security solution is effective 100% of the time. That’s where the next piece of the puzzle—an advanced incident response solution—comes into play.

The Importance of Automated Incident Response

According to the Incident Response Consortium, an incident response plan is crucial to fending off any cyberattack. While you do everything you can to prevent criminals from accessing your data, it’s how you respond to attacks that do successfully evade your defenses that can mean the difference between a minor problem or a costly disaster.

As it stands now, hackers spend an average of 200 days inside breached systems before they’re discovered. Let that one sink in, and you’ll realize why incident response is of the utmost importance.

But it’s crucial that automated incident response solutions employ continuous detection and response technologies that can detect latent threats post-delivery, and instantly recognize and remove emails that match the newly discovered threat indicators from all employee inboxes.

In deployments, these solutions have been shown to dramatically accelerate breach response times and prevent fraudsters from enjoying weeks or even months of unfettered access to valuable corporate data. As a result, security operations centers are able to work more efficiently. And organizations are better able to avoid what is now an average $8.19 million in breach-related losses.

All the Pieces Improve the Picture

The basic point here is that there is no single solution to ensure email security. Yes, DMARC is one important component. But successfully protecting your company from BEC scams, phishing attacks, and other advanced email threats takes a multi-pronged approach.

By implementing advanced email threat protection to keep the bad guys out, and an incident response solution to quickly deal with the few who do get through, a growing number of organizations are solving the email security puzzle.

To learn more about going beyond DMARC with advanced threat protection and automated incident response, visit

Agari Blog Image

October 21, 2021 John Wilson

What Is a Phishing Attack? Types, Defenses & Prevention

  Phishing attacks are all too common and can make a company lose millions of…

whale underneath man in boat

September 29, 2021 John Wilson

What is Whaling Phishing & How Does it Work?

“Whaling” phishing attacks target the C-suite of a company which creates high risk of extremely…

Agari Blog Image

May 11, 2021 John Wilson

Office 365 + DMARC: Best Practices for Protecting Your Company & Customers From Phishing Attacks

Gartner includes DMARC, or known by its full name as Domain-based Message Authentication, Reporting &…

Agari Blog Image

May 5, 2021 Michael Paiko

5.8B Malicious Emails Spoofed Domains; 76% of Fortune 500 Still at Risk: DMARC Results from Agari

Global adoption of Domain-based Messaging, Reporting & Conformance (DMARC) topped 10.7 million email domains worldwide…

Agari Blog Image

April 27, 2021 Michael Paiko

What Is SPF and How Does It Work?

We're going to delve into what SPF for email is, how to implement it, the…

mobile image