Finding leads for DMARC projects involves understanding the diverse needs of potential clients, from initial setup to full implementation and ongoing management. Many organizations recognize the importance of DMARC for email security and deliverability but may lack the in-house expertise or time to execute it effectively. This creates a clear demand for specialized consultants and service providers.
Key findings
Demand driven by need: Companies often seek external help when they lack the internal resources (time or technical staff) to manage DMARC implementation, analysis, or ongoing alignment.
Free tool entry point: Many prospects begin by using free DMARC reporting platforms, then realize the complexity and need professional assistance for advanced deployment or troubleshooting.
Visibility is key: Access to a prospect's DMARC reporting dashboard can provide a clear picture of their current email flow and authentication status, aiding in project assessment.
Technical vs. strategic: Technical departments (dev, ops, networking) frequently initiate DMARC projects but require support for broader vendor and stakeholder alignment.
Understanding readiness: Assessing a prospect's organizational structure and commitment is as crucial as understanding their technical DMARC status.
Key considerations
Client education: Some clients, particularly those starting with free tools, may have unrealistic expectations regarding project scope, budget, or timeline for DMARC implementation. Consultants should prepare to educate them.
Pre-engagement data access: While DMARC reports are valuable, some consultants prefer not to receive sensitive business data without a formal contract in place. Establishing clear protocols for data sharing is important. Learn more about finding a DMARC professional.
Comprehensive assessment: Beyond DMARC reports, factors like the client's governance structure, key stakeholders, and existing email infrastructure should inform the project proposal. Understanding the client's current status is crucial for DMARC implementation.
Scalability and long-term support: Consider if the lead represents a one-off project or a long-term partnership involving continuous DMARC monitoring and policy enforcement, which often involves a gradual process of policy changes. More on DMARC policy in this Mailgun blog post.
Email marketers and business development professionals often look for specific indicators when seeking or evaluating DMARC project leads. Their focus tends to be on the client's explicit needs, willingness to engage, and the business value of DMARC implementation, moving beyond purely technical considerations.
Key opinions
Opportunity for consultants: There's a recognized need for deliverability consultants to take on DMARC implementation projects, especially when companies need external expertise.
Value of reporting data: Having access to DMARC reporting dashboards is highly valuable for consultants to understand a prospect's email flow and effectively bid on projects.
Client progression: Many clients start with free DMARC reporting tools but quickly realize they need professional help for full implementation and specific issues, indicating a natural lead funnel.
Willingness to pay: Clients are often willing to pay for expertise to align email vendors and stakeholders, especially when internal technical teams are time-constrained.
Focus on solutions: The core need is to solve specific DMARC challenges and achieve proper alignment, leading to a demand for project-based assistance.
Key considerations
Budgetary expectations: Marketers note that clients using free tools may have lower budget expectations, requiring consultants to manage these upfront. Explore affordable DMARC alternatives.
Beyond data access: While DMARC reports are helpful, other business metrics like annual turnover and governance structure are also important for comprehensive bid decisions.
Contractual agreements: It is critical to have appropriate contracts in place before sharing or receiving sensitive business data, including DMARC reports, to ensure legal compliance and trust.
Identifying vendors: A key challenge in DMARC implementation for clients is identifying all email sending vendors and ensuring their DMARC alignment. This is where consultants provide significant value. Understand methods for identifying vendors.
Project scope management: Clearly defining the scope of a DMARC project, from analysis to enforcement and reporting, is crucial for both client and consultant, as detailed in this DMARC Academy resource.
Marketer view
CEO from Email Geeks notes that their company offers a free, hosted version of their open-sourced DMARC reporting platform. They find that many users start with this self-serve option, then later seek help with specific issues or full implementation.
17 Feb 2022 - Email Geeks
Marketer view
CEO from Email Geeks believes that having access to DMARC reporting dashboards from prospects is incredibly valuable. This insight provides a clear picture of their mail flow, which helps consultants in bidding on projects and accepting offers.
17 Feb 2022 - Email Geeks
What the experts say
Email deliverability experts offer a more nuanced view on DMARC project leads, focusing on the technical depth, organizational readiness, and the long-term implications of DMARC implementation. They often highlight the challenges and best practices for successful project execution.
Key opinions
Complexity underappreciated: Experts often find that organizations underestimate the complexity of a full DMARC deployment, especially moving beyond `p=none`.
Reports are essential: Comprehensive DMARC aggregate reports are critical for identifying all legitimate sending sources and unauthorized senders, which forms the basis for any project.
Alignment challenges: The most significant challenge for many organizations is achieving proper SPF and DKIM alignment across all their sending services, which requires meticulous work.
Phased approach: Experts recommend a gradual, phased approach to DMARC enforcement to avoid disrupting legitimate email traffic.
Ongoing monitoring: DMARC is not a one-time setup; continuous monitoring of reports is necessary to maintain security and deliverability.
Key considerations
Data privacy and security: Experts advise caution when sharing DMARC data, emphasizing the need for robust data protection agreements to protect sensitive mail flow information. For more on this, consult Fortinet's DMARC overview.
Stakeholder buy-in: Successful DMARC implementation requires buy-in from various departments, including IT, marketing, legal, and executive leadership. Consultants often need to facilitate this.
Resource allocation: Organizations need to be aware of the internal resources (time, personnel) required for a DMARC project, even when outsourcing, especially for tasks like vendor communication. This aligns with benefits of DMARC.
Post-implementation support: Consider the need for ongoing DMARC management and troubleshooting. Projects may extend beyond initial setup into long-term partnership for maintaining policy and deliverability. Learn how to troubleshoot DMARC failures.
Understanding RFCs: A deep understanding of the underlying RFCs for DMARC, SPF, and DKIM is crucial for effective deployment and troubleshooting, which often requires expert knowledge. This can influence the type of lead.
Expert view
Expert from Email Geeks, Ken, questions whether access to aggregate DMARC reports is truly sufficient for assessing a prospect. He believes that other business factors, such as governance structure, stakeholders, and financial metrics, are potentially more relevant for a bid/no-bid decision.
17 Feb 2022 - Email Geeks
Expert view
Expert from Email Geeks states that nobody should receive a business's data, including DMARC reports, without a proper contract already established between both parties. This is crucial for data privacy and legal compliance.
17 Feb 2022 - Email Geeks
What the documentation says
Official documentation and technical guides provide the foundational understanding of DMARC, outlining its mechanisms, deployment steps, and best practices. These resources implicitly define the scope and complexity of DMARC projects, informing where potential leads might emerge.
Key findings
Standardized process: DMARC setup involves publishing a TXT record in DNS, building upon existing SPF and DKIM configurations.
Policy choices: Organizations must choose a DMARC policy (none, quarantine, reject) which defines how receiving servers handle unauthenticated mail.
Reporting is inherent: DMARC's reporting mechanism provides aggregate and forensic reports, crucial for monitoring and refining email authentication.
Alignment requirement: For DMARC to pass, messages must have SPF or DKIM authentication, and the domain in the 'From' header must align with the SPF or DKIM domain.
Iterative deployment: Documentation often recommends a phased DMARC deployment, starting with `p=none` and gradually moving to stricter policies.
Key considerations
Pre-implementation steps: Before DMARC, ensuring correct SPF and DKIM records are published and validated is essential. Learn about DMARC, SPF, and DKIM.
Avoiding common mistakes: Documentation frequently warns against mistakes like incorrect DNS entries, misconfigured alignment, or moving to strict policies too quickly, which can lead to legitimate email blocking. See Mimecast's common DMARC mistakes.
DNS management: The process heavily relies on correctly modifying DNS records, which requires access and understanding of DNS management tools.
Monitoring and analysis: Interpreting DMARC aggregate and forensic reports is a complex task that requires specialized tools and expertise to identify issues and achieve full enforcement. This is why DMARC monitoring services are important.
Security implications: DMARC significantly enhances email security by preventing spoofing and phishing, a key motivator for organizations to adopt it.
Technical article
eSecurity Planet documentation advises that to set up DMARC, an organization must publish a text file, known as a DMARC record, with their domain's DNS registrars. This initial step is fundamental for any DMARC project.
01 Nov 2023 - eSecurity Planet
Technical article
Mailgun documentation explains that effective DMARC implementation involves five key steps, starting with preparing your domain, choosing a policy, publishing your TXT record, analyzing reports, and finally rolling out the policy to enforcement. This outlines a comprehensive project.