Businesses and other organizations can protect themselves from certain classes of phishing attacks on their employees by using DMARC to filter incoming email messages. But whether the company is large or small, they usually don’t have the expertise or resources to build their own filtering solution. That’s why commercial email gateways that support DMARC are so important, and why its good news that by the middle of 2016 there should be at least a dozen options to choose from.
There are already 11 commercial email gateways that explicitly include DMARC support, and a few announcements are anticipated by mid-2016. This is not really surprising since Gartner looks at DMARC filtering as a strength in their influential Magic Quandrant for Secure Email Gateways reports. But any email gateway that supports the milter interface – like Oracle’s Communications Messaging Server, or Zimbra‘s email gateway – can readily integrate an open source milter like OpenDMARC and add that feature even if the vendor doesn’t officially offer it yet.
“About a decade ago we saw enterprises start to setup mandatory TLS (encrypted) connections between companies, as a way to help secure messages in transit,” said Steve Jones, executive director of DMARC.org. “I think we’re seeing the start of the same trend now with mandatory email authentication between companies. DMARC is a convenient way to enable and enforce DKIM and SPF checks to that end. Plus DMARC’s reporting provides information both to the operations team to ensure the corporate gateways are working properly, and to the information security team about bad actors trying to leverage that relationship in their attacks.”