The DMARC risk vector was released on April 30, 2024.
Refer to the following resources or these frequently asked questions to learn more:
Frequently Asked Questions
- Is the DMARC risk vector planned to have an impact on Bitsight Security Ratings?
- What is the weight of the DMARC risk vector?
- Will the DMARC risk vector be incorporated into the available features?
- Does the DMARC risk vector measure SPF or only DMARC?
Is the DMARC risk vector planned to have an impact on Bitsight Security Ratings?
The DMARC risk vector is planned to be ratings-impacting and will be implemented in a Ratings Algorithm Update. We will make an announcement at least 5 months prior to the update and provide a ratings preview shortly after.
What is the weight of the DMARC risk vector?
The DMARC risk vector’s weight towards the overall Diligence risk category is not yet defined. As usual for any Ratings Algorithm Update, this will be defined and vetted at least 5 months prior to the update.
Will the DMARC risk vector be incorporated into the available features?
Yes. The DMARC risk vector will be applicable to all available tools and features (Risk Remediation Plan, Peer Analytics, etc.).
Does the DMARC risk vector measure SPF or only DMARC?
The DMARC risk vector determines whether domains have a Domain-based Message Authentication, Reporting and Conformance (DMARC) policy or not and evaluates how effective it is at ensuring only verified senders are able to use this domain for email.
SPF can be measured with the SPF Domains risk vector.
Which domains are assessed with DMARC?
Only domains that meet either of the following criteria are considered for the DMARC risk vector:
- The domain is protected by a DMARC record. See how to set a DMARC policy.
- The domain is not protected by a DMARC record and is associated with an MX record.
Feedback
0 comments
Please sign in to leave a comment.