All about DMARC

All about DMARC

Domain-based Message Authentication Reporting and Conformance (DMARC) is a great tool which stops attackers from spoofing your domain and making their emails look like they come from inside your organisation.

How does it work?

Email is involved in more than 90% of all network attacks and without DMARC, it can be hard to tell if an email is real or fake. Having DMARC allows domain owners to protect their domain(s) from unauthorised use by fighting phishing, spoofing, CEO fraud, and Business Email Compromise.

More and more businesses are being encouraged to register their details with DMARC. The more that do this, the more everyone can be assured that the emails you receive are genuine emails from your suppliers, partners and customers.

Click here to watch an overview of DMARC >

Why do we need to have it?

DMARC provides visibility of how a domain is used and prevents unauthorised senders from sending email on behalf of an organisation.

Industries, governments, and regulators are increasingly requiring DMARC to be in place. It is also becoming a requirement for many cybersecurity insurance providers.

Recently, Microsoft, Google & Yahoo have all announced that DKIM & DMARC are going to be compulsory for sending large volume of emails into their platforms. This will be in effect from January 2024. We believe it will not be long until all providers will insist on the same for any email that is sent through their platforms.

It is definitely something to consider for your business especially as the cost is not too prohibitive for this extra layer of protection and does not outweigh the benefits of having DMARC in place.

What else can we do to protect against phishing?

DMARC is a starting point but won’t protect your company from phishing attacks on its own. You need other systems in place, all working together, to protect your organisation.

You can do this by implementing:

  • Review the information on your website – is there a lot of detail about staff which could be used in a phishing attack?
  • Spam filters to filter or block incoming phishing emails (easy to add to Microsoft 365)
  • Phishing awareness training for all staff
  • Set up Multifactor Authentication (click here for a full overview of MFA and how it is easy to set up)
  • Make sure your PCs and servers are up to date with the latest software updates and security patches
  • Check your devices are protected. You should have anti-virus/anti-malware software on all your computers, and add MDR software to detect and stop more threats faster. MDR software from companies like Sophos and Huntress provides 24/7 threat monitoring, analysis and response from a team of experts, who can take immediate action to stop confirmed threats.
Contact our sales team to find out more about DMARC and getting it implemented to protect your business.
Posted in News