DMARC is a tool that helps prevent hackers from impersonating and pretending to be you or your organisation when sending malicious emails (known as Spoofing).
DMARC (Domain-Based Message Authentication, Report & Conformance) is a protocol that helps protect your domain’s email identity, improves email security, and improves delivery of emails into Inboxes instead of Spam/Junk folders.
It’s surprisingly easy for malicious actors to disguise their identity and make emails look like they’re coming from your domain (e.g., your CEO’s or Finance Department’s email address). Criminals often use Spoofing to conduct attacks like Phishing, Malware, Ransomware, and Business Email Compromise (BEC) fraud.
DMARC can save a business from reputational damage, financial losses, loss of customer trust, and regulatory fines.
A lot of businesses aren’t aware of the threat of spoofing or the importance of implementing DMARC. They also don’t understand the risks and the potential consequences of not having proper email authentication in place.
Those that are aware of the DMARC protocol, know that it’s quite complex to set up and maintain, especially for organizations with large email volumes and complex email infrastructure. Therefore, without the technical expertise or resources, it is often not implemented.
test.armd.digital, in partnership with Sendmarc, offers a solution that automates the DMARC implementation process and will have you fully protected within 90 days, with ongoing monitoring and user-friendly reporting.
Frequently Asked Questions
DMARC checks that the sender of the email is legitimate, that the message hasn’t been compromised, and if it passes the authentication process, delivers the email to the receiver’s Inbox. And if it doesn’t pass, it rejects the email.
DMARC is an acronym for Domain-based Message Authentication, Reporting & Conformance.
DMARC combines two standard authentication and encryption tools, and an added layer of telemetry.
DMARC is always used with SPF (Sender-Policy Framework) and DKIM (Domain Keys Identified Mail).
- Stops spoofing attacks & impersonation on your domain.
- Protects your domain from being used in Phishing, Malware, Ransomware, or Business Email Compromise (BEC) fraud.
- Improves email deliverability, increasing the likelihood of legitimate messages being delivered to an Inbox rather than a Spam folder. (Think about an important email you think your client’s seen but hasn’t, or a marketing mail you hope will boost sales).
- Helps you comply with in-house company regulations, as well as industry and statutory regulatory requirements.
- Protects your finances, brand reputation, staff, customers, and suppliers.
Setting up DMARC is complex and providing detailed reporting that’s meaningful and helpful is even more difficult (ask any IT consultant!).
We take care of all of this –
- We take control of the entire implementation and have you fully protected within 90 days.
- We use a carefully planned 5-stage process to ensure all bases are covered and that legitimate mails aren’t affected.
- There’s no downtime and no DMARC user-training required.
- Our systems ensure your email ecosystem is proactively monitored and protected.
- We provide detailed reporting that’s user-friendly, helpful and meaningful.
- We’ll alert you if any malicious activity is detected and help you resolve it.
Full implementation costs will be provided upfront – we’ll send you a link with your Quote – if you accept, you can pay directly online.
- Hackers use spoofing to appear legitimate and trustworthy.
- The trust that people have in email communications makes spoofing a powerful tool, and one of the most effective techniques used in their attack approach.
- Hackers target people within your organisation, your customers, or your suppliers, to try and trick the recipient into:
- Providing sensitive information about your company, customers, or suppliers. This is called Phishing.
- Installing malicious software in order to steal information or disrupt systems. This is called Malware.
- Installing malicious software in order to block access to a computer system or network until a ransom is paid. This is called Ransomware.
- Transferring money to the criminal instead of the legitimate account by changing bank details. This is called Business Email Compromise (BEC) fraud.
Yes and no…
Email Impersonation: criminals set up an email address that looks like your email address, but has a slight variation; e.g., instead of email@example.com they replace the m with r n, so it looks like firstname.lastname@example.org
There’s little one can do about this type of approach, except to say that users of email need to be alert for this potential.
Email Spoofing: criminals modify the email, so the receiver sees a legitimate email address, even though it’s being sent from the criminal’s email account.
Spoofing is a form of impersonation, but a more dangerous and sophisticated version. Unfortunately, it’s easy to do and is now widely used in attacks.
No, when hackers spoof / impersonate your email domain they will send it from a different server (location) using a different IP address, meaning you’ll be unaware of the fraudulent mail being sent on your behalf.
When you have DMARC in place it will not only prevent spoofing / impersonation but will also allow you to have visibility and insight on any spoofing / impersonation attacks. i.e., which IP address is using your domain from which server (location).
Yes, but only as long as there is no internal breach to delete or redirect the email.
Along with having DMARC, to prevent internal breaches it’s important to put internal security measures in place.
No, because of the carefully planned DMARC implementation process we’ve developed, there is no business downtime.
No, there’s no user-training required.
DMARC will run quietly in the background.
Our meetings are conducted on Microsoft Teams.
When you click to book a free meeting, you’ll be taken to a Calendly page.
Select a date and time that suites you.
You’ll receive an email with a meeting link.
P.S. if there are no meeting slots available for the week ahead and you want to get the show on the road, please email us.
Implementing DMARC could help prevent a single click from compromising an entire organisation.
Use the global best practice for email security to protect against impersonators hijacking your email.
Book a free 30-minute meeting with no obligations – at the very least you’ll learn a lot, we promise!
About the Supplier
Sendmarc was formed in 2018 with the simple desire of its founders, Sam Hutchinson, Keith Thompson and Sacha Matulovic to help make the internet safer. Their team is fully focused on building a state-of-the-art, innovative platform that stands apart from any others in the market.
Sendmarc joins forces with partners like test.armd.digital to combat cyber-crime and restore user trust in email while protecting brands from financial and reputational damage.
As of October 2023, Sendmarc processes over 860 million emails per month. This makes them the largest email security platform of its kind in Africa.
Sendmarc is trusted by leading companies of different sizes and industries.
Cybercriminals typically compromise or Spoof a legitimate email account to send fraudulent emails.
By appearing to be the legitimate owner of an email account, recipients are often tricked into their scam.
In other words, hackers use spoofing because it makes their attacks statistically more successful.
Their attacks usually involve Phishing, Malware, Ransomware, and BEC (Business Email Compromise) fraud.
- 96% of Phishing attacks arrive by email
- 32% of cyber breaches involve Phishing
- 35% of Ransomware cases are a result of Phishing
- 94% of Malware attacks arrive by email
- 35% of cybercrime losses were attributed to BEC (Business Email Compromise) fraud in 2021
To their surprise their domain was still spoofed and this was found to be a result of missing configurations required for their mail platform.
After implementing DMARC correctly through Sendmarc they were no longer at risk and they were provided proof of protection.
- There are complexities in setting up DMARC properly and safely and expertise is required – companies benefit from working with specialists.
However, one day a low-level IT assistant at the school mistakenly changed the DNS settings for the school, putting them at risk from spoofing and marking their mail as Spam again. Sendmarc’s monitoring immediately picked this up and a notification was sent out to the relevant people for the issue to be rectified.
- Having DMARC in place means that your emails will reach Inboxes instead of Spam / Junk folders.
- A simple configuration change might go unnoticed without monitoring, influencing your DMARC status.
- Implementing DMARC without monitoring may prove ineffective and lead to a false sense of security.