EMAIL

Dmarc - Bringing it all together

📛 DMARC: The Missing Layer in Email Authentication

Despite implementing SPF and DKIM, many organisations still fall victim to spoofed emails. That’s where DMARC (Domain-based Message Authentication, Reporting & Conformance) comes in — a protocol designed to enforce domain identity and ensure only authorised sources can send on your behalf.

DMARC

🧬 What Is DMARC?

DMARC builds on SPF and DKIM by tying them together with policy enforcement and visibility. It ensures that:

Sender Policy Framework

📡 Sender Policy Framework (SPF)

Sender Policy Framework (SPF) is an email authentication standard designed to prevent domain spoofing by verifying which mail servers are authorised to send emails for your domain.

It was introduced to fix a core flaw in SMTP — the protocol never verified the identity of the sender. SPF allows domain owners to publish a DNS record that specifies approved sending hosts, helping receiving mail servers identify forged messages.

Business Email Comprimise

📨 Business Email Compromise (BEC)

Business Email Compromise (BEC) is a targeted cyberattack where attackers impersonate or compromise legitimate business email accounts to deceive recipients into taking harmful actions, such as:

Transferring funds
Changing payment details
Sharing sensitive or confidential information

Unlike traditional phishing, BEC does not typically rely on malware. Instead, it leverages social engineering, exploitation of trust, and well-timed deception. Common variants include:

CEO fraud – impersonating senior executives to authorise transfers
Vendor Email Compromise (VEC) – targeting supplier communications
Account Takeover (ATO) – hijacking legitimate email accounts to operate covertly

Business Email Compromise