Executive Summary

DMARCSaaS as an e-mail security provider needed an automatically scalable infrastructure for its SaaS solution, growing alongside the business demands to accelerate its market entry. As a security provider dealing with sensitive information DMARCSaaS needed a credible advanced secured infrastructure. Therefore DMARCSaaS decided to rely on Amitron’s 20 years experience in Information and IT security as a specialist combined with public cloud deployment experience rather than a pure IT cloud company with basic security experience. DMARCSaaS and Amitron used a shared responsibility security model to meet all the requirements in programs, business flexibility and security.

Download Case

DMARCSaaS - Background

E-mail communication has evolved into an indispensable way to do business. This makes safe and reliable e-mail communication essential. Unfortunately, the original e-mail protocol (SMTP) used since the 1980s has few limitations. One of them is that there is no reliable way of checking whether the sender really is who he or she claims to be. As a result, e-mail communication is currently a victim of abuse on a large scale by, for example, unwanted e-mail. SPAM e-mail messages currently account for more than half of all e-mail traffic and infected e-mails with viruses and ransomware, CEO fraud, phishing or spoofing account for another part. The resulting financial damage in The Netherlands has quadrupled in the last year. 93% of current data breaches are caused by phishing e-mail attacks.

To protect an organization against the attacks open standards and protocols are available for implementation to improve the reliability of e-mail.

Authenticity checks on one’s outgoing e-mail can be applied by recipients and incoming e-mail can be checked for authenticity in the same but reverse way.

These applications are called: Sender Policy Framework (SPF), DomainKeys Identified Mail (DKIM), and Domain-based Message Authentication, Reporting, and Conformance (DMARC).

Currently applying these authentication methods is a complex and intensive consultancy process that often takes many months to be fully completed as the interpretation of the authentication results and follow up adjustments are done repeatedly and manually by relative expensive specialized consultants. Although this has been the current best practices it is also a very difficult scalable approach.

DMARCSaaS is a new global born-in-the-cloud e-mail security solution company.

DMARCSaaS offers a global SaaS security solution delivering an automated workflow instruction-based service. This fully automated service supports organizations to set up, monitor and continuously maintain global e-mail domain security authentication techniques for their incoming and outgoing e-mail traffic.

DMARCSaaS – Business Solution

The solution of DMARCSaaS is fully automated e-mail authentication software service, which receives and analyses specific globally sent so-called aggregated DMARC reports and combined with other external data sources auto-generate user-friendly instructions for implementations without the use of consultants. Shortening both implementation and costs. To do so DMARCSaaS turned to cloud computing.

DMARCSaaS - Challenges

Challenge 1: deadline

There was an extremely tight deadline to get the deployment live. This was due to the onboarding of a bunch of new customer and contracts.

Challenge 2: scalability

As over 300 million e-mail domains worldwide can potentially benefit from DMARCSaaS’s solution worldwide a massively scalable infrastructure has to be in place, with instant on-demand elastic expansion possibilities when needed.

Challenge 3: cost control

Optimization of cost control is part of DMARCSaaS success. Scalability and automation are therefore important parts of their production environment.

Challenge 4: security audit and control

As like in many other IT environments AIM and security audits of the complete DTAP infrastructure are required to have a secure credible and auditable IT.

Challenge 5: web security

DMARCSaaS frontend IT relies on web technology as webservers and web applications. For this to be protected against potential malicious attacks Web Application Security Firewalls needed to be automatically deployed and configured.

Challenge 6: code security testing

DMARCSaaS code and algorithms are subject to continuous changes and adjustments via CI/CD and DTAP: Development, Testing, Acceptance and Production principles. The new code needs to be fast and securely tested before operational deployment. Code Security Testing needs to be an automated integrated part of the CI/CD process.

AWS and Amitron

DMARCSaaS searched for an IT environment that was both resilient, scalable and secure. After investigation, DMARCSaaS turned to AWS Consulting Partner Amitron based on their long-term experience in information and IT security design and managed service and their network of code specialists to help ensure a secure design and partnership for both short-term development and long-term managed security services.


Amitron designed DMARCSaaS’s environment bases on the AWS Well-Architected Framework. Using EU-West-1 region as a start with multiple VPC’s. From initial design, the 4 DTAP accounts, as well as CI/CD accounts, were setup. Centrally in a separate security account, CloudTrail and CloudWatch were deployed cross-accounts. The administration was strictly separated for various developers and engineers with AIM and role-based access. This is to accommodate auditing and security monitoring purposes right from the beginning.

For web server and web application, EC2 instances were deployed. EC2 workloads are automated protected with API controlled Trend Micro (ISV) anti-malware Deep Security and AWS Loadbalancers. AWS and Fortinet (ISV) WAF’s were deployed for Webserver Application Security. All these security tools were deployed and maintained by Amitron managed security services.

Automation of the reception and processing of aggregated XML reports are collected by AWS SES and further processed with various serverless Lambda routines. Intermediate and final results are collected in S3 buckets and with Elasticsearch Service and visualization solutions made accessible for customers in their personal web portal.

Further proprietary algorithms and AI analyses take place to eventually generate the user-specific and user-friendly readable messages for the required security improvement steps, using SES.

Code Security Testing

Amitron uses Trend Micro Deep Security Smart check for integrated CI/DC pipeline code testing to ensure vulnerability free coding.

Benefits and achievements

  • By using AWS and Amitron security services DMARCSaaS has been able to deploy its first solution within just a few months.
  • The DMARCSaaS solution is instantly and on-demand scalable.
  • The solution is secured with state of art security tooling using both AWS native and various security Independent Software Vendors (ISV’s).
  • DMARCSaaS web applications are secured with Web Application Firewalls again web server attacks.
  • New customers are on-boarded globally in minimum time without any manual interference, saving in both time and costs.
  • DMARCSaaS has been able to cut deployment and scalability costs by an estimated 62%.
  • DMARCSaaS using AWS cloud technology resulted in end-user commercial pricing of its solution less than half the price compared with competitive e-mail security solutions, giving it a huge competitive advantage.

Amitron’s extensive security consultancy, product and service portfolio is the result of more than 20 years of specialized security knowledge, implementation experience and innovation. Amitron delivers standard, advanced and innovative multi-cloud security solutions to customers and other IT providers. Amitron offers start-to-end multi-cloud security for public clouds, private clouds, SaaS, PaaS, on-premise and data centre environments. Amitron uses a 3-phase approach which consists of initial consultancy advice, subsequent implementation of solutions up to the final unburdening maintenance and support, for operational IT, OT and IT development environments. Amitron is information security specialized and AWS Consulting Partner, dedicated to your secure journey to the cloud.

Amitron partnership

As development progresses additional security solutions like encryption using AWS KMS and deployment of AWS Security Hub will be put into place by Amitron.

Security Services

The partnership between Amitron and DMARCSaaS will continue to exist as Amitron delivers not only AWS security design but also the day to day security monitoring, auditing and reporting to the DMARCSaaS management and its stakeholders.