Use DMARC to secure email

This initiative will help you implement DMARC, starting in monitor mode, moving to quarantine, and eventually reject mode. Implementing DMARC will safeguard against attackers spoofing emails coming from your domain.

Whilst email scams remains a big problem, there are some controls you can apply that can reduce or even completely eliminate certain attacks. DMARC is one such control.

A common attack using email is to "spoof" the domain the email is from. Some fields in an email can be configured by the sender, including the from address. As such, a malicious actor can pretend the email they send you is from someone else, perhaps someone you are inclined to trust.

DMARC eliminates this attack path, making spoofing no longer possible. If you're interested in learning more about DMARC, the https://dmarc.org/ site is an excellent resource.

What should you do?

The goal of DMARC is to define and enforce a policy for how emails should be sent from your domain. However, modern email setups can be complicated and therefore first you should put DMARC into "monitor mode" so you can develop your policy without impacting users.

Using the results from monitor mode, you can refine your policy over time such that moving to enforcement mode doesn't get in the way of any legitimate use.

How can we help?

This initiative will walk you through, and even automate the setup of DMARC in monitor mode. You'll then be able to use our dashboards to easily and quickly interrogate reports, helping you develop and refine your policy.

We'll advise and guide you through the process of moving from monitor, to quarantine and finally reject mode. Using our automations you can speed through this process efficiently and our guidance will help ensure nothing is adversely impacted along the way.