<img src="https://secure.leadforensics.com/161977.png" alt="" style="display:none;">

Email - from its humble beginnings in 1971, to a tool relied on by the world as we know it -  is a simple mechanism with complex applications.

There are many things we do today that rely on SMTP (Simple Mail Transfer Protocol), whether it be your day to day tasks at work, or arranging many aspects of your personal life. Your email address is unique to you, and you've likely used it for many years - but over time the technology behind it has evolved. Originally there was no mechanism built into SMTP to protect the recipient, and guarantee that the sender is who they say they are. thus, SPF (Sender Policy Framework) and DKIM (DomainKeys Identified Mail) were introduced.

Both of these techniques provide a method for the recipient's email environment to validate the sender. SPF does it by looking at the list of authorised IP addresses within a company’s DNS (Domain Name System), and compares this to the email. The DKIM method affixes a digital signature to the email when it is sent, which can be validated via the public key stored in the senders DNS.

Both of these methods have their limitations, and are best used together. This is where DMARC (Domain-based Message Authentication, Reporting and Conformance) comes in, allowing the owner of a domain to publish a policy in their DNS records to specify which mechanism (DKIM, SPF or both) is used when sending emails, and how to check the from field presented to end users and how errors are handled.

In layman’s terms, DMARC gives full visibility of all sources that send emails on behalf of a domain, and by authenticating legitimate sources, organisations can stop unauthorised use of their domains using an enforcement policy. The National Cyber Security Centre (NCSC) strongly advises working towards a strong DMARC policy.

A “strong DMARC policy” is achieved through using a reject policy, something we recommend every organisation should implement as quickly as possible.

Why enforce a reject policy?

Organisational domains are being used without authorisation to send malicious emails. When the DMARC policy is enforced to “p=reject”, organisations can protect against:

  • Phishing of their customers, suppliers and other third-parties
  • Brand abuse and scams
  • Malware and ransomware attacks
  • Spear-phishing and impersonation attacks (including CEO fraud)

How can we help?

We work with organisations to provide full visibility and governance across all email channels, and help them to achieve fast and simple enforcement of DMARC policies. If you would like to find out how, get in touch with one of our experts.

Speak to the team

/ Insights / Opinion /

The 3 Pillars of Success

The 3 Pillars of Success


How we access and interrogate data defines our strategies around growth. Harnessing the data we gather unlocks the value in our customer base and gives us insight into how to best serve them.

/ Insights / Opinion /

The Management benefits of deploying SOAR

A small silver lining from 2020 is that it appears that cyber security is beginning to get the attention it deserves. We still have a way to go but we’re seeing cyber security being discussed more regularly at Board level and many organisations looking to significantly improve their cyber security posture in 2021.