DMARC: 5 Keys to Success

DMARC Program Leadership Best Practices

Let’s start with some of the leadership and organizational decisions that drive success. One insight we discovered is that DMARC in the enterprise is not just a technical challenge. If it were, getting to “reject” enforcement could be solved simply by throwing enough horsepower at the problem.

1. Communication and Visibility are Key to DMARC Success

A very successful DMARC program leader who is an Agari customer likes to say, “DMARC is not just a security project. It’s not just a tech project. It’s also an education project.”
That’s because some of the most challenging aspects of a DMARC program reflect decision-making, process, and governance concerns. To navigate those issues, you need a politically savvy, high-EQ, empowered leader who can evangelize and spearhead this complex, cross-functional initiative.

2. Lead the Discussion with Business Value, Not Security Hygiene

Using the right approaches, DMARC has some tangible incentives for line-of-business folks: an average 10% increase in the performance of email marketing campaigns, brand impressions in the form of a BIMI logo, and so on. That positive impact on revenue is a very powerful argument that aligns incentives in a way the usual “eat your vegetables” messages do not.

DMARC Implementation Best Practices

Beyond leadership best practices for DMARC, what about best practices for implementation? You don’t want to waste the capital and effort you exerted to win buy-in and a charter for your DMARC initiative by taking a reactive approach — but neither should you rely on a reductively linear, step-by-step recipe.

1. Get the Right Scope

It might be obvious to you, but be sure to disabuse anyone on your team of the notion that DMARC is a literal thing that can be managed by simply adding the correct records to DNS. Treating DMARC as a DNS function is missing the forest for the trees.

2. Prioritize Your Domains in Stages

It’s absolutely key that you have a clear plan to deploy in phases, with discrete chunks of domains to work on at each stage of your DMARC implementation.

3. Don’t Stop at “p=reject.”

Getting to “p=reject” DMARC enforcement is a huge milestone and a crucial win for enterprises and their customers alike. Take a moment to pat yourself on the back — your team deserves major kudos when you get there.

Another Key Lesson: Don’t Go It Alone

Even with these best practices, enterprise-scale DMARC implementations can get costly and cumbersome fast. The need to tackle DMARC from both a program leadership and technical implementation perspective is why I’m such a believer in Agari Brand ProtectionTM. Agari provides the technical capabilities and workflow management that program leaders need to simplify the complexity of DMARC in the enterprise. This includes addressing needs such as discovering and controlling authorized senders; managing updates with changing environments and ecosystems; tackling tedious, costly, and brittle workflows; or making it easy to communicate with stakeholders and providing them visibility into the progress and tangible results of the DMARC program.



Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store


Agari is the Trusted Email Identity Company™, protecting companies and people from phishing and socially-engineered email attacks.