As part of a DMARC project, one of the biggest challenges is tracing the business owners for third-party senders (i.e. Mailchimp, Sendgrid, etc). The list below contains methods and ideas on how to trace these business owners in order to ensure DMARC compliance.
Failure samples can be found in Agari Brand Protection under Analyze\Failure Samples. By selecting Show Options and then selecting the domain and third party sender over 14 days you may have failure samples that will provide an indication of the business unit or persons responsible for this third-party sender.
Who is the Third Party?
Sometimes who the third party is can indicate who the business unit owner may be. For example, reviewing more details on the third party senders website may give some indication as to if they are a Human Resources, Marketing, or Sales focused company. This can then assist you with targeting that area of your organization to trace the business owner. Contacting the third-party may also be an avenue that is possible to pursue to discuss if they are able to indicate who they have recorded as the business owner.
Your legal department may have been involved with any agreement with a third-party sender. They then may also be able to provide information on the business owner in your organization.
Someone is usually paying the third-party senders invoices and in turn, the business unit that is being charged against for this service can be obtained.
Agari Phishing Defense
Does your organization utilize an additional Agari product such as Agari Phishing Defense? If it does this can provide additional information as to the business owners for the third party sender in your organization. In many cases, a third-party sender will also send some or many emails into your organization to individuals who are responsible for utilizing these third party services.
Office 365 Messages Tracing
Armed simply with the sending IP address from the RUA data search for any messages sent from this IP address into your organization.
Aggregate data from a mysterious third party sender, are they legitimate? Using the PTR DNS record available from this third party sender or the WHOIS information can you track down individuals in the IT department for these organizations and reach out to them?
Engage with your organization via email and/or intranet with a brief explanation of the DMARC project and who the third-party senders are you are trying to trace business owners for.
When all else fails nothing usually motivates business owners more than the messages failing to be delivered or quarantined for a small period of time, then set back to DMARC Monitor.