How Holland & Barrett locked down their domains with Red Sift

With Red Sift OnDMARC, Holland & Barrett were able to gain control over their enterprise email configuration and safeguard their brand for good.







Meet the company

Holland & Barrett is one of the world's leading health and wellness retailers and the largest in Europe, supplying its customers with a wide range of vitamins, minerals, and health supplements.

Brand reputation management isn’t just a task for PR, it starts with securing your domain

It’s been a difficult few years for the high street, but despite this, Holland & Barrett is one household name that’s thriving. With over 1000 brick-and-mortar stores in 19 countries and a booming digital presence, it’s no wonder that protecting this lucrative brand is a top priority for the business. Tasked with doing this on a technical level are those managing the company’s expansive digital corporate infrastructure: Vinay Tekchandani, Technical Program Manager, Matt Oxley, Senior Infrastructure Engineer, and Earl Allen, the company’s Infrastructure Engineer. 

[object Object]

What Holland & Barrett say about us

“Red Sift makes email security easy. I’ve done implementations for DMARC before and this was by far the easiest. They take away all the headaches and make it painless.”

Vinay Tekchandani
Technical Program Manager

“Red Sift makes email security easy. I’ve done implementations for DMARC before and this was by far the easiest. They take away all the headaches and make it painless.”

Vinay Tekchandani
Technical Program Manager

Red Sift OnDMARC provides the winning advantage

“Holland & Barrett is a household name with stores in nearly every town in the United Kingdom and is fast becoming Europe’s go-to health and wellness retailer,” says Vinay. “As a result, brand reputation is a business priority and so for my team, securing Holland & Barrett’s digital estate is a core part of our security strategy.”

Vinay adds, “Like most retailers today, we are exposed to a host of cyber threats - not least those that pass through the email channel and present in the form of phishing attacks and brand abuse.” So, together with Matt and Earl, Vinay sought a cybersecurity solution that would shut down brand abuse by implementing a DMARC policy at p=reject to block malicious emails from landing in the inboxes of consumers. “In addition to this short-term goal, we were looking for an email and brand protection solution that would scale with us as our digital estate expanded through acquisitions and market expansion,” comments Matt. 

Holland & Barrett selected Red Sift’s enterprise-level email security application OnDMARC for its:

  1. Strong knowledge of protocol security

    “They make protocol deployment look easy!”

  2. Proactive Customer Success team with engineers on hand 24/7

    “Service was outstanding, response times are great, and their engineers are always on call - Red Sift Customer Success is a pleasure.”

  3. Intuitive and easy-to-use application interface

    “It was important to have a solution that was easy to implement and had an amazing user interface. For example, SPF record management can get unwieldy, but the OnDMARC portal sets it out intuitively and makes it easy to manage.”

The importance of getting the email security basics right

When looking for a solution, a key criterion was that the selected application allowed for fast deployment of critical email security protocols such as DMARC. “Email security protocols form the basic foundation of any solid cybersecurity strategy and yet, they are often overlooked,” comments Vinay. “We know that the use of these protocols is critical in shutting down exact impersonation attacks, blocking man-in-the-middle attacks, and ensuring continuous email deliverability. Traditionally, getting these protocols set up correctly is cumbersome and error-prone but Red Sift makes it painless.”

Unfortunately, Vinay’s statement rings true; based on data that Red Sift’s BIMI Radar has on over 70 million apex domains, only 3.1% have DMARC set up in a policy of p=reject, the required policy for full protection from exact domain impersonation. The most common reasons for businesses not implementing DMARC include the belief it’s too hard, could potentially block legitimate emails, or that they are already safe. To help combat these untruths, OnDMARC was developed to ensure organizations can quickly and safely implement globally recognized email security protocols, shut down phishing, and ensure ongoing compliance with security frameworks. Besides DMARC, the application also helps organizations deploy SPF, DKIM, and MTA-STS, additional protocols that level up a company’s email security posture.

OnDMARC prevents shadow IT and enables cross-departmental communication

It’s no secret that Holland & Barrett has experienced incredible growth and success in recent years. In 2022, its online sales grew by 27.5% contributing to annual sales revenue of £726.7m.

But when rapid growth occurs, one of the commonplace problems organizations experience is shadow IT. Shadow IT happens when employees sign up for new vendors without informing the IT department. This creates a constant spinning up of new email-sending sources, making it difficult for IT teams to stay on top of which sources are legitimate and secured and which are not.

Thanks to the advanced DMARC reports feature, OnDMARC provides the visibility necessary to identify and resolve any outlying software or systems, meaning nothing will accidentally be sent out by legacy systems. It also uncovers all the email services sending emails from a domain, whether you officially know about them or not, and allows organizations a complete picture of the number and scale of attacks against them.

“With OnDMARC, we can see all the sources sending on behalf of Holland & Barrett,” notes Earl. “This visibility allows us to work with our internal departments to quickly authenticate legitimate senders. It also means we have an opportunity to educate our employee base and let them know why it’s important to understand the risks involved when tools aren’t authorized.”