DMARC provides organizations visibility into all the environments sending email “as them” (or using their domains). Often surprising to Messaging and Security Teams, upon seeing the contents of their DMARC reports for the first time, is the “sprawl” of 3rd party SaaS applications (and IaaS) with which the wider organization has contracted over the years. By way of example, Proofpoint Email Fraud Defense (EFD) customers have, on average, fifteen SaaS / IaaS providers using their domains accounting for 52% of total email volume.
Not surprisingly, SaaS email marketing providers (Salesforce Marketing Cloud, Marketo, etc.) commonly receive permission to use an organization’s domains in order to optimize campaign effectiveness. What may come as a surprise, however, is the redundancy of these providers a typical organization uses: on average, EFD customers use six!
While recognizing that not all email marketing providers are created equal and likely using more than one is warranted, six is excessive in light of the potential savings available through consolidation (to say nothing of providing a more cohesive customer experience). Consider the hypothetical scenario below:
- Monthly marketing email sent by an organization = 12M*
- Normalized price schedule across email marketing providers**:
Monthly Email Volume |
Price Per Email |
0-2M |
$0.0005 |
2-5M |
$0.0004 |
5-10M |
$0.0003 |
10M+ |
$0.0002 |
- Monthly spend by organization if six providers are used: $6,000
|
Provider 1 |
Provider 2 |
Provider 3 |
Provider 4 |
Provider 5 |
Provider 6 |
TOTAL |
Email Volume |
2M |
2M |
2M |
2M |
2M |
2M |
12M |
Cost Per Email |
$0.0005 |
$0.0005
|
$0.0005
|
$0.0005
|
$0.0005
|
$0.0005
|
|
Spend |
$1,000 |
$1,000 |
$1,000 |
$1,000 |
$1,000 |
$1,000 |
$6,000 |
- Monthly spend by organization if two providers are used: $3,600 (40% savings)
|
Provider 1 |
Provider 2 |
TOTAL |
Email Volume |
6M |
6M |
12M |
Cost Per Email |
$0.0003 |
$0.0003 |
|
Spend |
$1,800 |
$1,800 |
$3,600 |
- Monthly spend by organization if one provider is used: $2,400 (60% savings)
|
Provider 1 |
TOTAL |
Email Volume |
12M |
12M |
Cost Per Email |
$0.0002 |
|
Spend |
$2,400 |
$2,400 |
In addition to savings, consolidating email marketing providers allows security teams to reduce the organization’s “supply chain” risk footprint. In this case, the organization’s email identity has its own ecosystem of “suppliers” that must be protected in order to prevent Business Email Compromise (BEC) and other attacks involving its identity. And compared to other areas of the “supply chain,” email marketing providers (and other SaaS / IaaS using the organization’s domains, for that matter) represent an area where Security can exert direct control and influence.
Check here to see if your organization has a DMARC record on its primary domain and thus, visibility into the supply chain of its email identity. Then start the conversation internally around how to consolidate environments to save money and reduce risk!
* Average for Proofpoint Email Fraud Defense (EFD) customers
** Guided by Salesforce Marketing Cloud, SendGrid (Twilio), MailChimp, and SendinBlue (publicly available) pricing