The Paypers sat down with Gerasim Hovhannisyan, co-founder and CEO of EasyDMARC, to discuss the company’s approach to tackling AI-powered phishing and email security risks.
I started in banking, building data center infrastructure, and later became a Data Protection Officer. After joining Picsart, my team faced a major phishing attack in 2016, leading to financial loss. I was shocked that email – the only independent global communication channel – had no reliable sender authentication. At the time, authentication coverage was just 3%.
Determined to fix this, I partnered with my co-founder to develop a scalable solution. By 2017, we had solved the problem. What began as a side project in 2018 quickly went viral, leading us to launch EasyDMARC officially in 2021.
Armenia, known for its strong engineering talent, became our base. Our mission was simple: make DMARC easy. We built a platform, not just a tool, ensuring top-tier domain security without risks or expert knowledge. Today, we serve 83,000+ companies worldwide.
Despite investing billions in email security, phishing remains the leading attack vector. According to data from a recent Verizon investigation report, 74% of all security breaches start with the human element, which includes errors, misuse, and social engineering attacks like phishing, including CEO fraud and account takeovers. It’s also a primary entry point for ransomware.
Historically, phishing led to financial and data loss, with 67% of global data breaches linked to phishing attacks. However, its impact has expanded – today, phishing threatens critical infrastructure and human lives. Attacks like the Colonial Pipeline breach and hospital shutdowns during COVID show that phishing isn’t just about stolen data or money – it can disrupt entire systems, endangering people’s well-being.
The daily email volume exceeds 300 billion, with over 70% being spam. While email providers continuously improve spam filtering, even legitimate emails can end up in spam if senders don’t follow best practices. This makes it increasingly difficult for businesses to reach recipients' inboxes.
Our platform helps increase email deliverability, ensuring legit emails land in the inbox instead of spam. The challenge will only grow as AI makes it easier to generate spam at scale.
Key issues for legitimate senders:
Email marketing – businesses relying on commercial email campaigns.
Critical communications – invoices, bank statements (some regulations mandate monthly delivery).
Transaction verification emails – ensuring security and user access.
DMARC is the gold standard and the ultimate solution to combat email phishing. It provides a robust framework for authentication, protecting organisations from spoofing and fraud.
We have always believed DMARC should be mandatory and have strongly advocated for its adoption. As of February 2024, both Google and Yahoo now require bulk email senders to implement DMARC, SPF, and DKIM authentication, ensuring better email security and deliverability.
Our platform simplifies DMARC adoption without requiring expert knowledge. Hiring specialists is costly and not always feasible, so we designed an intuitive solution where businesses can:
Set clear security goals;
Receive step-by-step guidance to achieve them;
Benefit from smart alerting and notification systems to ensure compliance and efficiency.
To power our platform, we developed the most advanced data classification algorithm in the industry. Even some competitors use our paid accounts to verify their data. Identifying and configuring legitimate sending sources is one of the biggest challenges for organisations. Our platform automates discovery and risk-free configuration, leveraging proprietary data on well-known email service providers to streamline deployment and maximise security.
The regulatory update seeks to improve email security and prevent phishing attacks that target payment data. Organisations must implement DMARC alongside SPF and DKIM to authenticate email senders, monitor email traffic, and enforce policies that block fraudulent emails.
To comply, companies should first assess their email infrastructure, ensure proper SPF and DKIM configurations, and publish a DMARC record with an initial 'none' policy for monitoring. Gradually, they should analyse reports, identify unauthorised activity, and strengthen enforcement by shifting to 'quarantine' and eventually 'reject' policies. Ongoing monitoring and updates are essential to maintaining compliance and securing email communications.
The challenge of email security is growing rapidly, especially with the rise of generative AI, which has enabled highly personalised, real-time phishing attacks. Traditional security measures struggle to keep up, making advanced solutions more critical than ever.
With access to vast global data, EasyDMARC is leveraging new technologies to upgrade its protection mechanisms. A recent milestone was the publication of our phishing URL detection research in Nature, and we’ve launched a free online tool to help businesses and individuals verify URLs and detect phishing attempts.
Looking ahead, we remain an engineering-driven company focused on innovation. We are expanding our R&D efforts and growing our engineering team – starting in Armenia and expanding into Europe. Our goal is to build a one-click DMARC deployment platform that delivers fast, effective email security.
Beyond DMARC, we’re developing an email deliverability platform and investing in inbound security solutions, including namespoofing and lookalike domain attack detection. At the same time, we are improving customer support, marketing, and global awareness to scale our impact from securing hundreds of thousands of domains to protecting millions worldwide.
Gerasim Hovhannisyan is the CEO and co-founder of EasyDMARC, a leading email security firm dedicated to simplifying the implementation of essential email security protocols for businesses worldwide. With a career spanning key IT leadership roles at notable firms such as Picsart, Gerasim combines a deep understanding of cybersecurity and enterprise IT with a passion for solving real-world challenges. His journey toward founding EasyDMARC was driven by identifying a critical market gap in how businesses deploy and manage Domain-based Message Authentication, Reporting, and Conformance (DMARC) solutions. Today, EasyDMARC has emerged as an early-stage disruptor in the DMARC deployment and monitoring space, protecting over 83,000 companies across 130 countries from targeted email attacks.
EasyDMARC is a leading email security and deliverability platform that helps businesses protect their domains from phishing, spoofing, and fraud. With advanced DMARC monitoring, reporting, and threat intelligence, EasyDMARC ensures email authentication, improves brand trust, and prevents cyber threats. Trusted by organisations worldwide, it simplifies email security management.
Every day we send out a free e-mail with the most important headlines of the last 24 hours.
Subscribe now