A question for MSPs: Are you protecting your customers' domains from unauthorised use? This is a huge threat that's all too easily overlooked. If a company’s domain is hijacked, the risk to its brand and reputation is significant.
Our new vendor, Sendmarc, offers a simple, cost-effective platform for closing this security gap. At Brigantia, we pride ourselves on the quality of our vendors, rigorously testing each one. Before we onboard them, we ensure that they solve a real problem in a user-friendly, commercially viable way.
That's precisely what Sendmarc does. To explain, let's look at the problem it’s solving.
We all know that email is the number one threat vector for cyberattacks. Over 90% of cyberattacks involve some social engineering email. This is why there's such an emphasis on phishing awareness in the cybersecurity sector.
Now, phishing awareness is necessary, but it doesn't address the threat of domain impersonation; this is where Sendmarc comes in.
If somebody spoofs your domain, this is seriously bad news. It allows them to create fake email addresses with your actual domain. In other words, if your emails end in @yourcompany.com, they can create addresses that end in the same way.
For any organisation, domain spoofing is scary. Hackers using credible domains are steps ahead of a typical phishing email because they pose as a trusted brand. So, not only are the chances of recipients trusting an email and falling victim to a scam higher, but the outfall of this type of attack is enormous, particularly the impact it would have on your customer's brand.
Even if an email is spotted to be fake, the damage has already been done to your customer's reputation, and they're seen to be untrustworthy without appropriate security measures in place to protect others. The trusted name and brand they've worked hard to build is now tarnished, and that's hard to come back from.
Domain spoofing attacks are worryingly easy to pull off. That's what Sendmarc is here to change.
In simple terms, Sendmarc allows an organisation to ensure that when they set up an account to send out emails on behalf of their domain, such as an email services provider like MailChimp or an accounting tool like Sage, it will ensure the correct SPF (Sender Policy Framework) and DKIM (DomainKeys Identified Mail) are assigned. Recipient servers can then identify if an email is authorised and authentic.
It does this in a simple but sophisticated way. Sendmarc automatically creates, manages, and monitors an email authentication policy. No one can impersonate your customer's domain; only genuine emails will reach recipients.
To explain, let's go into more depth.
Sendmarc is a cloud-based tool that automatically creates a high-security DMARC policy. This stands for "Domain-based Message Authentication, Reporting & Conformance." Essentially, it's an email authentication policy. Domain owners can indicate which mechanisms are used to verify email messages sent from their domain, and it tells a receiving server what to do with an email that fails a security check.
When messages include a DMARC policy, a receiving mail server will check the message against the domain owner's published policy to see if it passes security checks.
What are the security checks? There are two:
SPF: this stops malicious actors from sending messages using forged addresses. The domain owner publishes a list of authorised IP addresses, which the SPF protocol checks against all messages using the domain.
DKIM: DKIM stops the contents of an email from being modified in transit, using cryptographic signatures to ensure that it hasn't been intercepted and edited.
So, back to the DMARC policy. This is published in the domain owner's DNS (Domain Name System) records. With Sendmarc, every email is checked to ensure it passes the SPF and DKIM checks. If it fails both, it won't get through to the recipient. This is called a p=reject policy.
Implementing and viewing the records manually is possible but is complex and highly time-consuming. Sendmarc automates this process and provides ongoing monitoring to boot. So, it's not just an effective security measure but also highly user-friendly, bringing me to my next point.
As a channel business, we take a broader view when gauging a product's usability. Of course, it has to solve a real problem in a user-friendly way. But we always ask an extra question: is it MSP-friendly?
Sendmarc passes that test with flying colours. First, it's cost-effective and charged per domain. Second, there's an MSP portal that allows monitoring and management of every customer from one place.
Other solutions do similar things but flag issues and prompt you to address them manually, even if you know this process is laborious. With Sendmarc, it's all managed from within the platform so that MSPs can deploy it at scale.
That's not all Sendmarc does to help MSPs. With Sendmarc, you gain complete visibility of any activity that sends emails using the customer's domain – whether it's sent on Outlook, Mailchimp, Sage, or anything else. This allows you to provide a much more comprehensive email security service.
It even has a prospecting tool. You can drop in any domain to perform a health check on it. This simple scoring system (a rank out of five) can be an effective sales tool. If a prospect only scores two out of five, they'll naturally want to improve that. And with Sendmarc, you'll be able to close those vulnerabilities. This makes it an excellent product for MSPs and their customers – and that's what we're all about.
Sendmarc is a solution that tackles an overlooked attack vector and leads the way in protecting domains. It's the perfect complement to other solutions in our portfolio that tackle the other side – inbound emails. It is a new recurring revenue stream that's highly effective and easy to deploy and manage for MSPs.
Would you like to learn more about Sendmarc? Get in touch to book a demo or find out more.