Frequently Asked Questions

You’ve got questions: we’ve got answers.

What is DMARC Director, exactly?

DMARC Director is Tangent’s DNS-based proactive email security service, providing both inbound and outbound email authentication services to protect organizations of all sizes from both common and uncommon email-borne nuisances and attacks, as well as ensuring email deliverability to end clients and vendors.

Ranging from omnipresent spoofing and common phishing attacks to even sophisticated spearphishing and Zero-Day threats, DMARC Director’s conglomeration of protective technologies shield your users from those seeking to use email as a weapon and boost your own Marketing and Communication teams’ ability to reach the client base by ensuring your emails actually get to the recipient’s inbox.

How is DMARC Director priced?

DMARC Director has very straightforward pricing:

For the primary domain of an organization, it’s a one-time flat-fee to onboard the domain and begin DMARC report analysis.

  • Subdomains of the primary domain are included in this, so Tangent.com and DMARC.Tangent.com are both “one domain” as far as DMARC Director is concerned.

For each secondary domain (say, a separate student domain for schools, public facing departments for municipalities or subsidiary businesses for commercial organizations), there is greatly reduced one-time flat-fee onboarding price.

This onboarding process covers:

  1. Domain analysis

  2. Report interpretation

  3. Investigation of email sending sources

  4. Walkthrough of DNS record applications

  5. Implementation of SPF, DKIM, DMARC, MTA-STS, TLS-RPT and BIMI (not counting VMC Certificate costs if pursuing that option)

Once onboarding finishes, access to the DMARC Director portal and ongoing monitoring, notifications and review falls under a very cost-effective annual flat-fee price per domain defended.

From a service provider standpoint, what kind of resources does DMARC Director have?

DMARC Director’s portal services are hosted on Amazon Web Services (AWS), with a regional spread for additional performance and redundant availability zones.

From the service certification standpoint, we’ve got a bundle!

  1. SOC-2 (Type 1 and Type 2): Controls and Processes alignment with AICPA.

  2. SOC-3: For data availability and processing integrity of internal security systems.

  3. ISO 27001: For Information Security Management Systems (ISMS)

  4. GDPR-Ready: For European Union clients, all data held by us is compliant with GDPR rules.

Electronic security measures include whitelist-only network administrative access to host servers, multifactor authentication, Role Based Access Controls (RBAC), end to end TLS-encrypted communication and more.

How long does DMARC Director take to deploy?

Approximately 21 days at the minimum, most of which is our team reading through reports, determining mail sources and their validity, getting “known good” sources authorized properly, then slowly escalating the DMARC policy step-by-step up to the final Reject policy desired.

More complex mail environments (especially with multiple sending domains) can take a bit longer: about 45-60 days on average.

How long has DMARC Director been around?

Tangent has been in the email security business since the late 1990s, starting with defending businesses from the earliest iterations of spam and virus-laden emails. As more and more organizations use email and the Internet to power core functions of their businesses, the proliferation of threats have increased commensurately.

Tangent is keeping pace with them with our continually honed email security systems, with our DMARC Director product line being launched in 2021 to further meet and extend our clients’ email security needs.

What steps are necessary to begin using DMARC Director? Can Support help me with this?

Most of DMARC’s changes are DNS related, with a little bit of file hosting and image editing thrown in. The bulk of what is needed is administrative access to your domain’s DNS zone for addition, editing and removal of records. No physical servers or appliances need to deployed, minimizing the administrative overhead.

We begin with implementing a ‘None’ policy for DMARC and having the RUF/RUA reports submitted to our systems - these allow us to begin gathering data to then define who is who in terms the people sending “from” your domain.

Tangent understands that major DNS changes, such as that of a mail flow or mail authentication, can be daunting and are rare enough to not be considered common knowledge by even experienced Network Administrators.

To that end, our Technical Support team is ready to roll with both documentation and live screen-sharing support to help get you going both smoothly and stress-free.

I’ve already got SPF and/or DKIM operational; why do I need DMARC?

SPF and DKIM are both excellent protective measures and even form the very foundation that DMARC stands atop, but are missing core protective elements that DMARC “patches” for them.

  1. The IP addresses listed in an SPF record are public and can be easily spoofed; this is a common attack vector that SPF cannot protect against.

  2. DKIM signatures, specifically the public key, can also be copied and injected into an attacker’s message.

DMARC is the missing link in providing the wraparound protection on both of these. It forces the requirement of SPF and DKIM to “match” against the published parameters of that domain, not just what locally passed authentication from the supposed ‘sending’ domain, which are those easily spoofed parts (like Mail-From headers).

Any differences spotted between what the published records are and the email itself can be flagged as suspicious and the recipient mail server warned to either quarantine or reject the message.

Without DMARC, spoofing of both SPF-authorized IP addresses and DKIM’s public keys can, and do, take place, allowing for more complex spearphishing attacks to succeed against your organization.

Can I evaluate DMARC Director?

Yes, DMARC Director comes with a couple of options for evaluation.

First and foremost is the DMARC Jump Start program, which provides an initial security review of a domain’s current email security posture, report analysis for 14 days to determine mail sending sources (both authorized and unknown/unauthorized) and is replete with an hour of time with our DMARC experts to discuss the implications of what was found and what needs to be rectified.

On top of that, full access to the DMARC Director portal allows for visualized reporting, danger analysis and threat mapping to properly see the same data that we engage with to understand the risks when we advise on how to best protect your domain.