Options IT provides managed trading infrastructure and cloud-enabled managed services to over 550 clients globally. They pride themselves on offering top-tier IT solutions wrapped up in a premium managed service, delivering quality and satisfaction for financial services clients.

Banks, hedge funds, broker firms, and private equity houses have more than just capital in common; they all require robust, reliable IT infrastructure in place to keep assets safe and secure.

This is where Christian Arpino, Head of Engineering at Options IT, steps in. His organization provides industry-leading security solutions to financial services providers around the world. For Christian, Red Sift OnDMARC, the award-winning email security solution, was the best-in-class option that ticked every box.

Christian knew that having a DMARC solution included in his managed platform offering was imperative. ”Having DMARC in place is something all organizations should strive for, however, not everyone has the capacity or expertize to implement it. This is a real issue in the financial services sector as phishing and spoofing attacks are rife. The repercussions of these can be severely reputationally damaging and very challenging for financial firms to recover from.”

Red Sift OnDMARC helps to combat these potential disasters by:

1. Providing frictionless onboarding: “OnDMARC is incredibly straightforward to set up. The interface is so intuitive that new users are comfortable straight away”, notes Christian.
2. Minimizing time to protection: With a 4-8 week average time to DMARC enforcement, getting to a policy of p=reject is quick and effective.
3. Improving email deliverability: With a DMARC policy in place, a sender’s reputation improves, increasing deliverability and avoiding costly diversions to spam.

For Managed Service Providers (MSPs), the more comprehensive and well-rounded the breadth of IT solutions you offer, the better. However, the email security protocols such as DKIM, SPF, and DMARC are often overlooked when it comes to being included in managed platforms. For Christian, this is a real oversight, “DMARC should be a default part of what an MSP offers, regardless of the industry they serve. Spoofing and phishing attacks affect everyone. For the financial services industry though, where due diligence checklists are expected by investors and audits are completed by compliance bodies, it becomes even more important.”

SPF is the mechanism by which a receiving server checks if an email has been sent from authorized IP addresses and domains. The problem with this protocol is that it has a DNS lookup limit of only 10. If this limit is exceeded - and a user has no solution in place - email deliverability can be catastrophically impacted. 

Dynamic SPF is an OnDMARC feature that allows users to have more than the normally available number of authorized services. By using a smart, single include statement, Dynamic SPF combines all authorized services correctly at the point of query, preventing authorized traffic from failing SPF validation. This means your email deliverability is never impacted.

 “Dynamic SPF is excellent. Overcoming the lookup limit is important but an error-prone and fiddly task without a service like OnDMARC. With Dynamic SPF, the complication and manual work is removed. It’s hugely beneficial.” Christian Arpino, Head of Engineering at Options IT

Making DNS changes is another manual undertaking that OnDMARC’S Dynamic DMARC helps users overcome. Rather than having to make changes to your DNS every time you want to update your DMARC policy, you can do so from within Dynamic DMARC. For Christian, this is a true value-add: “less skilled IT people can update protocols through the OnDMARC panel without having to figure out the DNS themselves.” 

Sender Intelligence is an additional feature Christian finds invaluable as an MSP and cybersecurity enthusiast. “As an IT specialist, it's straightforward to set up DMARC on your own but something else entirely to look at the reports. Having OnDMARC’s interface to understand the reports is crucial. Seeing exactly what to do with an email that isn’t compliant makes it so much easier to implement DMARC successfully.”