• ProgIST CyberSec Division

How to ensure DMARC compliance for third party senders

Updated: Sep 3


Organizations – big or small – are generally bothered about security of their customers, clients, third party vendors and their prospects. In a colossal way, organizations rely on third party partners who are responsible for sending notifications, marketing promotions and other important emails to our customers prospects or even their clients.


Due to the growing phishing and spoofing attacks, organizations are paying a substantial amount to services and companies which can secure their email in an effective way. As email is so important to the business, setting up DMARC becomes mandatory, also making sure third party senders mails are DMARC compliant is another objective to be triumphed.


As part of the DMARC endeavor, organizations often tend to overlook the necessity and the effort which they would need to invest in ensuring that the third party partners are DMARC compliant too. In case this aspect is not taken care of, there is a high risk that the genuine mails sent out by these senders may get blocked at the recipient end causing major business process disruption.


Question is – How to integrate third party senders ??


There are a couple of approaches that help in achieving DMARC compliance with third party senders. It will, certainly depend on what efficiency your third party sender has in implementing these suggestions:


1. External Integration

If your third party senders use their own mail servers to send your email, you can delegate a sub-domain for their usage and partner’s SPF record and DKIM public Keys can be configured in the sub-domain’s DNS server. This will allow you to authorize them as your third-party mail sender, also ensuring their mass mailing activity does impact your company’s parent domain reputation.


2. Internal Integration

Other option is: Having your third party sender relay your emails through your own mail servers, thus enabling the emails sent to use your own SPF, DKIM, and DMARC configurations giving you greater control over your email.


Steps to integrating Third Party Senders


Engaging with third party senders is often fundamental and helps the organization move forward. With that said – it bears its own set of uncertainties; There are reasons to be vigilant in ensuring that these senders have all appropriate security measures in place, principally before they commence mailing on your behalf. Here are a couple of steps to make that happen:


1. Sending messages in compliance with SPF records

This would require you to ensure that the bounce email ID (envelope-from) is configured by your partner to be in alignment with the mail domain (same as or sub-domain of your mail domain) and by including your partner’s mail system IP/SPF domain in your envelope-from domain’s SPF record. Several organizations may require specific IP addresses to introduce into the domain’s SPF record, rather than using an include: mechanism.


2. Implementing DKIM signing for the domain in use

This would require your mailing partner to enable DKIM signing for your emails in its mailing system and share the corresponding DKIM public key with you, which must then be added by you in your DNS. While configuring a DKIM signature, ensure you are signing it with at least a 1024 bit size key. The signing domain (d=) in the DKIM header of the mail must align with (same as or sub-domain) the domain which is used to send mails.


For an email message to be DMARC compliant, SPF and DKIM must be configured and at least one of the authentication methods must pass for the message to be delivered.


Each of the above mentioned steps helps organizations realize that email safety is top notch for the entire organization — whether the email is received from a third party sender or not.


At the end of the day, which policy you choose is ultimately the decision of your organization as you decide which policy best suits your needs. There are many growing organizations implementing DMARC but the question is not whether you’re implementing DMARC or not but it is about are you implementing it correctly. To meet the end goal at the end of the day it is your organization your customers and your reputation.


At ProDMARC, we’re here to help you ensure DMARC compliance for your organization and your third party vendors. ProDMARC as a product built on a mission to achieve a secure and spoofing free email channels across all of internet space; makes reporting of DMARC, providing volumes and trends of the outbound mails including that of phishing campaigns and yield confirmation for reliability of the outbound mails in terms of SPF, DKIM & DMARC conformance; smooth and uncomplicated. Summarizing, ProDMARC helps improve customer and third party trust in email communications.


Our ProDMARC platform and managed services ensure that customers are able to identify, inventorize, and achieve DMARC compliance for all third party partners of the organization. ProDMARC is chosen by top organizations across industry verticals including banking, insurance, stock markets, healthcare & pharmaceutical, telecom, energy etc.


Considering the economy being in slump and resources scarce, ProDMARC announces a limited-time offer during the COVID-19 pandemic — 15 days of DMARC health assessment report, completely free for all organizations who wish to gain visibility of the mail based phishing threats which are at an all-time high.


Sign up for your 15 day ProDMARC trial by writing to us on info@progist.net

So that while you stay home safe from COVID-19,

your email domains are safe from email spoofing !!

  • LinkedIn
  • Twitter
  • Facebook

© 2020 by Progist.