This case study looks at a non-profit organization specializing in the administration of exchange visitor programs on behalf of the U.S. Government. For more than 50 years they have been responsible for facilitating exchange programs between the U.S. and over 60 countries requiring them to send over 3 million emails each year.

With only a basic DMARC reporting tool at the time, the organization knew they were over the SPF lookup limit and that their SPF alignment needed work, but had no guidance from the tool on how to fix it. With different services using their email across the organization the challenge was to identify and secure all senders:

1. Discovery: The Chief Technology Officer (CTO) compared how “Unlike other DMARC reporting tools, OnDMARC offered an intuitive interface with clear insight into what’s aligned or not aligned for SPF for each service using our domain. This kept us on track and got the job done effectively”.
2. Validation: The team instantly verified configurations without having to wait 24 hours for changes to take effect in their DNS thanks to Investigate. The CTO commented, “This tool was fundamental. We used Investigate as proof to heads of department that we could safely implement DMARC and SPF without blocking any legitimate business emails”.
3. Ongoing protection: After securing their domain with OnDMARC, a 30- day report revealed that of the 566,395 emails sent from their domain, 68% were fake. The CTO acknowledged that “due to the nature of what we do, we’re a high-risk industry for phishing scams” but reports comfortingly confirmed that all unauthorized emails were blocked from delivery.

SPF lookups are a common hurdle for IT teams as a DNS’ lookup limit is capped at 10. This is to reduce the potential for highly amplified Denial of Service (DoS) attacks against the Internet’s DNS infrastructure. For every email service there are one or more lookups added to the list. A popular service like Gmail, for example, has 3 lookups alone! After an email marketing platform was added to the organization’s services, the CTO found, “we couldn’t handle the number of SPF entries on our stock integration for all of our email sources”, confirming the need for a solution. It quickly became apparent to the CTO that “we had no guidance on what to do from the weekly digests our previous DMARC reporting tool gave us. It was only when searching for a solution that we discovered Dynamic SPF. This tool and OnDMARC’s ongoing guidance got us over our technical IP limitations and enabled us to move forward with the project by managing all lookups from inside our account”. However, when using OnDMARC, the team were able to get to work quickly and simplified the management of their 20+ entries within the first 3 days of setting up their account.