Email Security Blog

Beyond DMARC: What It Really Takes to Ensure Email Security

Ramon Peypoch December 11, 2019 Business Email Compromise, DMARC
DMARC for Email Security

As important as Domain-based Message Authentication, Reporting & Conformance (DMARC) is to the fight against Business Email Compromise (BEC) and other advanced email threats, it’s really just the first piece of the email security puzzle. And it certainly won’t cut it alone.

Don’t get me wrong. We’ve talked a lot about just how vital DMARC is to stopping email-based impersonation attacks. When properly implemented, this standard email authentication protocol ensures only authorized senders can use an organization’s domain name for sending emails.

Without it, cybercrimals are free to spoof or hijack domains for use in phishing attacks targeting an organization’s customers, partners, or other unsuspecting consumers and businesses.

But as imperative as it is, DMARC isn’t enough on its own.

DMARC is Just the Beginning

Just look at the state of email security today.

Despite the wealth of new technologies and attack vectors at cybercriminals’ disposal, email phishing remains one of the most effective tools in the fraudster’s arsenal. Instead of slowing down, BEC scams are on the rise, accounting for more than $26 billion in losses since 2016, according to the FBI.

That’s why it’s imperative for companies in every vertical to have the most robust email security possible. DMARC is certainly part of that equation. But it’s important to note that while DMARC protects an organization from being impersonated in email attacks, it does little if anything to defend against incoming phishing emails that impersonate outside individuals and organizations.

On that score, employee training plays an important role in helping to spot incoming phishing emails. But the sheer volume and velocity of new attacks mean education will only get you so far.

Technical security controls can help flag many suspicious emails, especially those that leverage malicious links or content. But cybercriminals have devised sophisticated approaches to ensure their fraudulent emails bypass those controls with troubling ease.

Needed: Advanced Threat Protection

In the face of these challenges, some organizations are finding they need to take a more modern approach to filling out the rest of the email security puzzle. Particularly promising: advanced threat protection solutions that leverage data science and threat intelligence to stop sham emails from ever reaching employees.

Because they model trusted, authenticated email behaviors between individuals and organizations, this kind of advanced threat protection has been shown to detect incoming email impersonation scams with high efficacy.

Yet even that may not be enough – no security solution is effective 100% of the time. That’s where the next piece of the puzzle—an advanced incident response solution—comes into play.

The Importance of Automated Incident Response

According to the Incident Response Consortium, an incident response plan is crucial to fending off any cyberattack. While you do everything you can to prevent criminals from accessing your data, it’s how you respond to attacks that do successfully evade your defenses that can mean the difference between a minor problem or a costly disaster.

As it stands now, hackers spend an average of 200 days inside breached systems before they’re discovered. Let that one sink in, and you’ll realize why incident response is of the utmost importance.

But it’s crucial that automated incident response solutions employ continuous detection and response technologies that can detect latent threats post-delivery, and instantly recognize and remove emails that match the newly discovered threat indicators from all employee inboxes.

In deployments, these solutions have been shown to dramatically accelerate breach response times and prevent fraudsters from enjoying weeks or even months of unfettered access to valuable corporate data. As a result, security operations centers are able to work more efficiently. And organizations are better able to avoid what is now an average $8.19 million in breach-related losses.

All the Pieces Improve the Picture

The basic point here is that there is no single solution to ensure email security. Yes, DMARC is one important component. But successfully protecting your company from BEC scams, phishing attacks, and other advanced email threats takes a multi-pronged approach.

By implementing advanced email threat protection to keep the bad guys out, and an incident response solution to quickly deal with the few who do get through, a growing number of organizations are solving the email security puzzle.

To learn more about going beyond DMARC with advanced threat protection and automated incident response, visit

Leave a Reply

Your email will not be published. All fields are required.

Agari Blog Image

August 5, 2020 Michael Paiko

Phishing & BEC Scams Soar 3000%: Agari H2 2020 Email Fraud and Identity Deception Trends Report

Coronavirus-related phishing attacks and business email compromise (BEC) scams skyrocketed 3,000% from mid-March through early…

Agari Blog Image

July 23, 2020 Michael Paiko

DMARC: How Phishing Rings Can Use Your Email Authentication Controls Against You

In the first reported case of its kind, a phishing ring in Eastern Europe is…

Agari Blog Image

July 17, 2020 Patrick Peterson

Business Email Compromise: New Shift in BEC Threat Landscape Puts CISOs on Notice

A seismic shift in the email threat landscape has CISOs bracing for sophisticated new forms…

Agari Blog Image

July 7, 2020 Crane Hassold

Cosmic Lynx: A Russian Threat Hits the BEC Scene

“At some point, Russian and Eastern European cybercriminals are going to start thinking to themselves,…

Agari Blog Image

June 30, 2020 Michael Paiko

Agari Summer '20 Release: CISOs Gain Unique Threat Intel to Their Organizations

With business email compromise (BEC) scams up sharply amid the coronavirus pandemic, CISOs have been…

mobile image