Analysis: DMARCbis Protocol - How Sendmarc’s Fireside Chat With Co-Editor Todd Herr Redefines Email Security Standards

The Email Authentication Revolution: Why DMARCbis Could Be the Most Important Cybersecurity Protocol You’ve Never Heard Of

Johannesburg, South Africa — In the shadow of high-profile ransomware attacks and state-sponsored cyber espionage, a quiet revolution is brewing in the foundational infrastructure of digital communication. While the world fixates on AI-driven threats and zero-day exploits, email—the 50-year-old technology that still carries 85% of business communications—remains the soft underbelly of corporate security. Enter DMARCbis, an evolutionary leap in email authentication that could finally close the door on the $10.5 billion annual scourge of business email compromise (BEC) fraud.

The protocol's development, spearheaded by industry veterans like Todd Herr (co-editor of the DMARCbis specification), represents more than just a technical upgrade—it's a fundamental rethinking of how trust is established in digital communications. As revealed in recent technical discussions with implementation pioneers like Sendmarc, DMARCbis isn't merely patching holes; it's rebuilding the entire authentication framework for an era where email spoofing enables everything from wire fraud to nation-state disinformation campaigns.

By The Numbers: Email fraud costs global businesses $26 billion annually (FBI IC3 Report 2023), with Africa seeing a 312% increase in BEC attacks since 2020. Current DMARC adoption stands at just 14.8% of global domains (Valimail 2024), leaving 85.2% of organizations vulnerable to impersonation.

The Broken Promise of Original DMARC

To understand why DMARCbis matters, we must first confront the limitations of its predecessor. When DMARC (Domain-based Message Authentication, Reporting & Conformance) was standardized in 2015, it promised to solve email spoofing by allowing domain owners to specify which servers could send mail on their behalf. The protocol combined SPF (Sender Policy Framework) and DKIM (DomainKeys Identified Mail) with a reporting mechanism that would, in theory, let organizations see and block fraudulent emails.

Yet nearly a decade later, the results have been underwhelming:

Complexity Barrier: A 2023 study by the Global Cyber Alliance found that 62% of IT administrators abandoned DMARC implementation due to configuration complexity, with the average deployment taking 4-6 months.
False Positives: Financial institutions report that 1 in 5 legitimate transactional emails (like password resets) get flagged as suspicious under strict DMARC policies, creating customer service nightmares.
Reporting Overload: Large enterprises receive an average of 1.2 million DMARC aggregate reports daily (Mimecast 2024), with 89% containing no actionable intelligence.
Third-Party Gaps: The protocol's inability to handle forwarded emails or mailing list services created massive adoption hurdles for sectors like healthcare and education.

"DMARC was like giving organizations a fire hose when they needed a sprinkler system. The intent was right, but the execution created more problems than it solved for most businesses." — Dr. Lesego Motsumi, Director of Cybersecurity Policy, African Union Commission

DMARCbis: The Architectural Overhaul

DMARCbis (officially "DMARC Extension for Non-Mail Receiver Use Cases") represents a fundamental departure from its predecessor in three critical ways:

1. The End of Binary Enforcement

The original DMARC's "pass/fail" dichotomy forced organizations into an all-or-nothing approach to email authentication. DMARCbis introduces graduated enforcement levels with four distinct policy modes:

Monitor-Only (p=none+): Collects data without affecting delivery, but with enhanced forensic reporting
Selective Quarantine (p=quarantine/50): Randomly samples 50% of failing emails for quarantine
Phased Rejection (p=reject/staged): Implements rejection in progressive 25% increments over 30 days
Conditional Enforcement (p=conditional): Applies different policies based on sender reputation and message content

This granularity addresses what Todd Herr calls the "DMARC paradox"—where organizations knew they should implement strict policies but couldn't risk disrupting legitimate communications. Early adopters report a 78% reduction in false positives during the phased rollout period (Sendmarc Implementation Report Q1 2024).

2. The Reporting Revolution

Where original DMARC drowned administrators in useless data, DMARCbis introduces:

Structured Threat Intelligence: Reports now include standardized threat indicators (TI) like malicious URL patterns and header anomalies, compatible with SIEM systems
Anomaly Scoring: Each failing message receives a 1-100 threat score based on 17 different vectors (IP reputation, DKIM alignment quality, etc.)
Automated Remediation Paths: The protocol suggests specific fixes for common configuration errors, reducing mean-time-to-resolution by 63% in pilot tests
Third-Party Validation: A new "trusted reporter" system allows organizations to designate specific security vendors to receive and analyze reports

Case Study: Standard Bank South Africa

After implementing DMARCbis in Q4 2023, Africa's largest bank by assets saw:

94% reduction in spoofed email volume within 30 days
82% decrease in time spent managing email authentication (from 18 to 3 hours/week)
First successful prosecution of a BEC fraudster using DMARCbis forensic data as court evidence

"The old DMARC was like reading tea leaves. With DMARCbis, we're getting actionable intelligence that directly feeds into our fraud prevention systems." — Thabo Nkosi, Chief Information Security Officer, Standard Bank

3. The Forwarding Solution

One of original DMARC's fatal flaws was its inability to handle forwarded emails—a critical function for industries like legal services and supply chain management. DMARCbis solves this through:

Authentication Result Preservation: When an email is forwarded, the original authentication results are encapsulated in a new "ARP" header
Intermediary Whitelisting: Organizations can pre-approve specific forwarding services (like mailing lists) without compromising security
Time-Limited Tokens: Forwarded emails carry cryptographic tokens that expire after 7 days, preventing replay attacks

This innovation alone could transform sectors where email forwarding is mission-critical. The Law Society of Kenya reports that 43% of its member firms had abandoned DMARC due to forwarding issues—all are now in DMARCbis pilot programs.

Regional Impact: Why DMARCbis Matters More in Africa

While email authentication improvements benefit all regions, DMARCbis arrives at a particularly opportune moment for African economies where:

Challenge	Africa-Specific Context	DMARCbis Solution	Projected Impact
BEC Fraud Epidemic	Africa experienced $3.8B in BEC losses (2023)—15% of global total despite having only 3% of internet users (Interpol)	Graduated enforcement allows immediate protection without disrupting remittance notifications	Potential 60-70% reduction in successful BEC attacks within 12 months (AfDB estimate)
Mobile-First Email	68% of African email access occurs on mobile devices with limited security controls (GSMA 2024)	Simplified reporting interfaces designed for mobile management	Could increase SME adoption from current 2% to 25%+ by 2026
Cross-Border Trade	AfCFTA relies on email for 89% of trade documentation (UNECA), making spoofing a major non-tariff barrier	Forwarding-preservation enables secure document exchange across 54 countries	Could reduce trade document fraud by 40%, saving $1.2B annually
Skill Gaps	Africa has 1 cybersecurity professional per 10,000 internet users vs global average of 1:1,000 (ISC2)	Automated configuration tools and plain-language reporting	Reduces required expertise by 70%, enabling wider adoption

Regional Spotlight: West African Financial Corridor

The Economic Community of West African States (ECOWAS) has made DMARCbis adoption a requirement for all licensed financial institutions by 2025. Early results from pilot banks in Nigeria and Ghana show:

87% reduction in "CEO fraud" attempts (where attackers impersonate executives)
65% faster cross-border payment processing due to reduced manual verification
First successful inter-bank fraud information sharing using DMARCbis threat indicators

"For us, this isn't just about security—it's about financial inclusion. When people trust email communications from banks, they're more likely to engage with formal financial systems." — Dr. Ola Brown, Director of Digital Financial Services, Central Bank of Nigeria

The Geopolitical Dimension: Email as Critical Infrastructure

Beyond commercial applications, DMARCbis arrives at a moment when email authentication has become a matter of national security. The protocol's enhanced capabilities directly address three emerging threat vectors:

1. State-Sponsored Disinformation

The 2023 "Operation Phantom Narrative" campaign—where attackers spoofed African Union email domains to spread disinformation about vaccine safety—demonstrated how easily email authentication gaps can be weaponized. DMARCbis's:

Domain reputation scoring would have flagged the sudden surge in emails from previously dormant AU subdomains
Geographic anomaly detection would have caught the emails originating from servers in Eastern Europe
Content fingerprinting would have matched the messages to known disinformation templates

The African Union's subsequent $12 million investment in DMARCbis deployment across all member states suggests how seriously the continent is taking this threat vector.

2. Critical Infrastructure Protection

With 78% of African power utilities and 62% of water treatment plants using email for operational communications (African Energy Commission 2024), the potential for spoofing-induced sabotage is enormous. The 2022 attack on Eskom—where fake maintenance emails caused a 3-hour blackout affecting 5 million people—could have been prevented by DMARCbis's:

Sender identity binding that would have detected the spoofed eskom.co.za domain
Time-sensitive tokens that would have invalidated the delayed attack emails
Automated incident response triggers that could have isolated the malicious messages

3. Economic Espionage

Africa's burgeoning tech sector—with startups raising $4.9 billion in 2023 (Partech Africa)—has become a prime target for corporate espionage. DMARCbis's enhanced reporting provides:

Visibility into "reconnaissance patterns" where attackers test authentication boundaries
Detection of "shadow IT" email flows that bypass official channels
Protection for venture capital communication channels that are frequent espionage targets

"In cybersecurity, we often focus on the spectacular—zero-days, APTs, ransomware. But 90% of successful attacks still start with a simple spoofed email. DMARCbis might be the most important cybersecurity development of the decade precisely because it's boring—it fixes the plumbing that everything else depends on." — Prof. Bright Gameli, Chair of Cybersecurity, University of Cape Town

Implementation Challenges and the Road Ahead

Despite its transformative potential, DMARCbis faces significant adoption hurdles:

1. The Legacy System Problem

Many African organizations still run email infrastructure from the 2000s. A survey by the African Network Information Center (AFRINIC) found that:

42% of government agencies use on-premise email servers incompatible with modern authentication
68% of SMEs rely on free email services that don't support DMARCbis
Only 12% of .africa domain registrants have DNS records capable of handling the new protocol

Bridging this gap will require coordinated efforts between:

Domain registrars to offer DMARCbis-ready hosting packages
Governments to mandate authentication for all .gov domains
Development banks to fund email infrastructure upgrades

2. The Skills Deficit

While DMARCbis simplifies implementation, Africa's cybersecurity skills