Return Path’s global team of email fraud experts act as a dedicated extension of our clients’ teams. They design DMARC (Domain-based Messaging Authentication Reporting and Conformance) implementation plans, alert takedown vendors of attacks targeting client networks, and provide information about—and advice for dealing with—each attack.
To get a better understanding of how this team operates, we are launching a Managed Service spotlight series featuring interviews with different members of the team.
This week, I sat down with Amy Gorrell, Strategic Project Manager for Email Fraud Protection.
DMARC is an open standard and creating a record is pretty straightforward. What value do you bring to the implementation process?
Like any big data solution, DMARC is useless unless you have a team who understands how to interpret the reports and identify actionable insights from the data. Our team does this heavy lifting for our clients, guiding them through key DMARC insights, actions, milestones, ensuring that good email stays in—and bad email stays out—of consumer and employee inboxes.
Once a client achieves a DMARC “reject” policy, is the work done?
The work for DMARC is never done! Often, there are new domains or mail threads that will emerge due to the changing marketplace and trends in each vertical. When a new domain is uncovered, the process to get that domain to reject requires getting the right people involved and setting the right workflow into motion. Additionally, for domains already at “reject,” the data keeps coming in so we can continue to monitor the ROI achieved from the policy.
What is the biggest misconception you hear from the field about email fraud?
The biggest misconception I hear in the field is that there is nothing you can do about phishing. DMARC covers 85 percent of consumer inboxes. In addition, many email gateways can or will be able to enable inbound DMARC checks on servers which will help to significantly reduce the chances of spear phishing emails reaching employees. Authenticating the email channel can destroy an entire class of email fraud at your organization. The sooner you do it, the better.
What’s the biggest hurdle that clients face when it comes to combating phishing attacks?
The biggest hurdle I come across is defining internal processes. Since DMARC often requires resources from several teams across departments, it is important for that organization to prioritize collaboration efforts.
If you were to offer one piece of advice for companies who are ready to invest in email security, what would it be?
While implementing DMARC is critical, there is no silver-bullet solution to email fraud. Cybercriminals can circumvent email authentication and spoof your brand in other convincing ways, using domains outside of your control. That’s where email threat intelligence solutions like Return Path’s come in. You’ll get the visibility you need to mitigate the impact of phishing attacks that make it to customer and employee inboxes.
Have more questions relating to email authentication and/or security for Amy? She’d be happy to talk to you. Contact her here.