eMail flow monitoring for small organizations

Written By Jean-Francois Bourdeau

First and foremost:

“We will do it for you and if something is wrong we’ll let you know”

(you don’t have to understand eMail compliance, SPF/DKIM/DMARC)

Why would a SME(Small businesses/organizations) need such DMARC eMail Flow monitoring if our configuration is 100% compliant with all regulations/requirements?

Here, I will try my best to explain what could happen if you’re not monitoring your eMail using DMARC monitoring.

  • Would you leave 10 employees in charge of running your company for a year and expect everything to go smoothly without any supervision?

  • Would you leave your teenagers at home for three months, assuming that "Everything is going to be alright"?

If the answer is no, then don’t do the same with your organisation emails.

  • by just using some providers (marketing, CRM, Mass eMail, invoicing,ticket system etc) new plugin/apps/functionalities you can break something and impact emails(receipts,reports,eMail confirmations) making them end up into quarantine or being rejected.

  • sometime, entrepreneurs often follow some On Line provider instructions to activate some new feature without knowing the impact it could have on everything else they already have and break something that was going well.

  • some “OnLine business tools” often provide required steps to make some DNS modifications that could impact your whole eMail ecosystem.

  • AND THE MOST IMPORTANT :

    “IT’S NOT ONLY ABOUT YOU”

    Online business tools do sometime make changes and MESS SOMETHING UP impacting your eMail flow.

DMARC eMail flow MONITORING will allow you be notified if something changed, if something is wrong and has been impacting your eMail communications for the last few days or more.

Without monitoring, it could lead up to several weeks or someone complaining before you discover something has changed and has been randomly impacting your communications for days or weeks.

Continuous compliance monitoring and proper functioning of email flow for SMEs 

$35 USD/month

  • Weekly: a "weekly" manual check performed by a specialist to detect any anomalies related to your email flow (4 times/month)

  • Daily Automated monitoring: using an algorithm detecting any DMARC compliance fluctuation of 10% or more(or important eMail volume fluctuation). In case of anomalies, you are notified within 24 hours after receiving the DMARC report.

  • Daily Automated DNS Monitoring of Important DNS entries changes(SPF,DKIM,DMARC)

    Example : if DMARC was removed or modified and left in “monitoring mode”(allowing spoofing) or that some IT made a TYPO during a DNS change, you’ll be notified.

  • Modern web DashBoard: access to DMARC data via a flexible and user-friendly web platform. Note: Accessible to resellers and clients (as needed).

  • Weekly Automated Report: If you were busy and couldn’t log to your DashBoard, our weekly automated REMINDER will be sent to you by email with all the information you may have missed that are worth looking at.

Here are other examples - More technical…

  • Outgoing emails that were operating normally (DMARC compliant, etc.) and suddenly were rejected or quarantined.... Reason: Sporadic/random changes in the IP address ranges through which emails were sent (not specified in SPF). This situation was caused by a change in the reseller (hosted on Microsoft 365). Additionally, it happens that providers, when they have major problems, decide to send emails through an IP address range not included in the include: theirdomain provided to clients. It also happens during infrastructure changes that some providers forget to update their include: that you use in your SPF.

  • Today, a customer contacted us because he was not able to reach domains hosted at Microsoft and people at the main bank in our country. After changing his DMARC policy to something more serious, eMail were now being accepted. Microsoft and this bank must have changed their eMail security policies but without monitoring we would not have discovered it.

  • SPF suddenly non-compliant due to the addition of an include:something surpassing the 10 DNS LOOKUP limit (a new technician was unaware of this limit).

  • A client was using a Shopify App (plugin) that sends reports to the client, reseller, and end users, and suddenly these reports were no longer being sent from IP addresses specified in the SPF and moreover not signed DKIM so "rejected" due to the client's DMARC policy.

  • A client who forgot their DMARC policy p=none (monitoring) during temporary changes, and the result was that thousands of spoofing emails/day were sent under their domain name (RFC5322.from / Header From that people see), via a university network in the United States. Note: These emails were for the promotion of a religious group @client-domain.

  • A client who forgot their DMARC policy p=none and suddenly started receiving hundreds of emails per day (complaints) because their domain was used in phishing campaigns.

  • A client whose emails (SPF, DKIM, DMARC compliant) vanished into thin air when sent to a certain domain/provider. Reason: the latter had an internal policy to delete them which luckily appeared in our reports.

  • A client who changed their SPF entry to -all (strict) causing random malfunctioning of DKIM authentication resulting in random loss of outgoing emails (rejected).

IF YOU ARE A BIT TECHNICAL

The link blow will provide some more technical examples of what I witnessed just in the past few weeks. You can also skip that link and continue reading my explanation below.

https://www.lastspam.com/blog/dmarcmonitoring

lastspam.com

Jean-Francois Bourdeau
Previous

Mother of All Breaches exposes 26 billion records
Next

Why would I monitor my eMail flow monthly using DMARC