How Chapman and Cutler Protects Their Clients from BEC

Share with your network!


Chapman and Cutler LLP, a law practice in Chicago, IL, focuses on all aspects of banking, corporate finance and securities. With a client base primarily composed of financial institutions and governmental bodies, complying with the U.S. Department of Homeland Security Binding Operational Directive 18-01, which states agencies must upgrade their email and web security, was a strong motivator to start work on email authentication (DMARC).

As Business Email Compromise (BEC) and Email Account Compromise (EAC) numbers continue to rise at an alarming rate, email authentication is an important component of a truly effective, layered email security approach. Domain spoofing, a popular attack method, uses organization’s domains to send messages out to customers and business partners in order to steal money or impact their brand in a negative way.

As a client-first business, implementing email authentication ensures that all mail from Chapman and Cutler’s trusted domains is legitimate. Previously, they experienced incidents of domain spoofing from client domains—and considering their trusted communications role, they wanted to eliminate the possibility of threat actors capitalizing on this tactic.

Consideration Criteria for Email Authentication (DMARC)

This pain point led Chapman & Cutler’s IS Support Consultant, Martin Starr, on a journey to identify an email authentication solution. With previous (and painful) experience in ‘DIYing’ email authentication, he knew that a successful implementation of DMARC would require partnering with experienced implementation advisors.

Email authentication can be perceived as a daunting journey. Teams must ensure that legitimate mail is delivered while simultaneously providing the protection to business partners, clients and employees quickly as possible.

Martin identified three main considerations:

  1. Full visibility into both inbound and outbound mail flow
  2. Timely and effective support from proven implementation advisors
  3. Complete efficacy to ensure the normal flow of business

After identifying Proofpoint as the best solution to fit their organization’s needs, Chapman and Cutler were ready to start the email authentication process and protect their employees, clients, and trusted business partners.


By partnering with Proofpoint, Chapman and Cutler was able to confidently progress through each step of the authentication journey without issue and effectively reach a state of ‘Reject’. Continued support ensures that everything is working properly, and any changes or issues with third party senders are swiftly addressed.

In Martin’s words, “It’s very important to know what you don’t know.” With new insight into spoofing campaigns that use Chapman and Cutler’s domains, Martin is able to report to firm management on how they’re improving the client experience. With their domain properly authenticated, Chapman and Cutler protects their clients from BEC threats and safeguards the trust their clients have placed in the firm.


To learn more about Chapman and Cutler LLP’s story, view our full webinar here.