Welcome back -

Services for Organizations

Using our research, best practices and expertise, we help you understand how to optimize your business processes using applications, information and technology. We provide advisory, education, and assessment services to rapidly identify and prioritize areas for improvement and perform vendor selection

Consulting & Strategy Sessions

Ventana On Demand

    Services for Investment Firms

    We provide guidance using our market research and expertise to significantly improve your marketing, sales and product efforts. We offer a portfolio of advisory, research, thought leadership and digital education services to help optimize market strategy, planning and execution.

    Consulting & Strategy Sessions

    Ventana On Demand

      Services for Technology Vendors

      We provide guidance using our market research and expertise to significantly improve your marketing, sales and product efforts. We offer a portfolio of advisory, research, thought leadership and digital education services to help optimize market strategy, planning and execution.

      Analyst Relations

      Demand Generation

      Product Marketing

      Market Coverage

      Request a Briefing

        Jeff Orr's Analyst Perspectives

        << Back to Blog Index

        Red Sift Stops Phishing and Domain Cloning at the DMARC

        Enterprise organizations remain vulnerable to a host of security attacks. Cyberattacks are often associated with techniques that have never been seen before, which lead to data breaches if not quickly detected and remediated. However, one of the most common vulnerabilities for an organization is phishing. Phishing lures people to give up confidential information by clicking on a link or opening a file in an email from what appears to be a trusted source but is actually a bad actor. Unfortunately, this type of social engineering tactic only requires one mistake to compromise credentials or gain access to data. The technology to stop phishing attacks and email domain spoofing is readily available but overlooked all too often. 

        Sender Policy Framework (SPF), DomainKeys Identified Mail (DKIM), and Domain-based Message Authentication, Reporting and Conformance (DMARC) are three global standards for email authentication that help prevent spammers, phishers and other unauthorized parties from sending emails on behalf of a web domain they do not own. 

        SPF is a way for a domain to list all the servers from which it sends emails. The SPF records the IP addresses of all the servers allowed to send emails from the domain. Mail servers receiving an email message check it against the SPF record before delivering it to the recipient’s inbox. 

        DKIM enables domain owners to automatically “sign” emails from their domain. The DKIM digital “signature” uses cryptography to verify that the email originated from the domain. 

        DMARC tells receiving email servers what to do with messages from domains that fail SPF or DKIM checks. A domain’s DMARC policy determines the subsequent action taken, from instructing mail servers to quarantine failed emails, to rejecting failed emails, or to deliver them. The DMARC policies are stored in DMARC records. Using DMARC with SPF and DKIM gives organizations more protection against spoofing and phishing. Together, these three standards provide a powerful defense against phishing attacks. 

        Red Sift is a software vendor seeking to address the awareness and configuration challenges associated with DMARC. The vendor’s OnDMARC product was launched to implement DMARC without manual trial and error. The product was expanded a year later to enable organizations to check their domain’s SPF, DKIM and DMARC setup for functionality and accuracy. 

        In 2021, Red Sift partnered with identity vendor Entrust. Red Sift launched an end-to-end BIMI (Brand Indicators for Message Identification) approach, allowing organizations to attach their registered logo to every DMARC-authenticated email they send. As consumers, we’re familiar with BIMI from the logos of email senders appearing in the Gmail inbox. Those emails have been authenticated as coming from the sender associated with that brand mark. 

        Digital protection of systems and workers is a function that resides with the organization’s security team. However, these email protection standards are part of the internet andVentana_Research_2023_Assertion_Security_Authentication_Vulnerabilities_71_S networking architecture usually found within the IT team’s management. Successful security practices require coordination and cooperation between the cyber and IT teams. Ventana Research asserts that through 2025, ineffective relationships between the IT and security teams will contribute to 3 in 5 organizations experiencing access and authentication vulnerabilities. 

        A leading reason why organizations may not implement these email protection standards is that implementing DMARC can be technically challenging. The details of implementing DMARC are not widely understood, and it contains some subtleties that many messaging professionals are not familiar with. For a message to pass DMARC validation, that message must first pass either SPF or DKIM, but with an added twist — the domain used in the SPF or DKIM validation check must be aligned with the domain in the visible “From” email header. The OnDMARC product interface identifies all email senders within a domain, recommends the appropriate configuration and tracks changes over time. As with most cloud applications that present their own interface for status and settings, some organizations will have policies favoring their own “single pane of glass” dashboards to minimize risk from external vulnerabilities. Red Sift should strive to offer APIs for data-exchange practices and greater compatibility with existing management stacks across organizations. 

        Organizations looking to reduce or eliminate email domain spoofing, regardless of size or number of workers, should implement the DMARC record and policy. Expediting the process to enable DMARC and increasing the likelihood that it is configured correctly requires specialized software to identify all the senders in the domain and prescribe the right implementation. I recommend that any organization considering tools and services to improve the security posture of its domains against spoofing and phishing attacks include Red Sift in the evaluation.  


        Jeff Orr


        Jeff Orr
        Director of Research, Digital Technology

        Jeff Orr leads the research and advisory for the CIO and digital technology expertise at Ventana Research, now part of ISG, with a focus on modernization and transformation for IT. Jeff’s coverage spans cloud computing, DevOps and platforms, digital security, intelligent automation, ITOps and service management, intelligent automation and observation technologies across the enterprise.


        Our Analyst Perspective Policy

        • Ventana Research’s Analyst Perspectives are fact-based analysis and guidance on business, industry and technology vendor trends. Each Analyst Perspective presents the view of the analyst who is an established subject matter expert on new developments, business and technology trends, findings from our research, or best practice insights.

          Each is prepared and reviewed in accordance with Ventana Research’s strict standards for accuracy and objectivity and reviewed to ensure it delivers reliable and actionable insights. It is reviewed and edited by research management and is approved by the Chief Research Officer; no individual or organization outside of Ventana Research reviews any Analyst Perspective before it is published. If you have any issue with an Analyst Perspective, please email them to ChiefResearchOfficer@ventanaresearch.com

        View Policy

        Subscribe to Email Updates

        Analyst Perspectives Archive

        See All