Prepared by your IT services provider
Protecting your domain from email spoofing
Email authentication (SPF, DKIM, and DMARC) stops criminals from sending email that impersonates your company — and it is now expected by mailbox providers, payment-card standards, and insurers. Here is why it matters and what our managed service covers.
Why email authentication, now
Spoofing and BEC are a when, not an if
Criminals can send email that looks exactly like it comes from your domain — to your customers, suppliers, and staff. Business email compromise consistently ranks among the costliest cybercrime categories, and unprotected domains are the easiest target.
Google, Yahoo, and Microsoft now require it
Since 2024–2025, the major mailbox providers enforce sender-authentication rules (SPF, DKIM, DMARC) for bulk senders. Unauthenticated mail is increasingly rejected or sent to spam — this now directly affects whether your invoices and newsletters get delivered.
PCI DSS 4.0 makes anti-phishing mandatory
If you handle card payments, PCI DSS 4.0 requires technical anti-phishing mechanisms — mandatory since March 31, 2025. DMARC is the standard control auditors look for.
Cyber-insurance questionnaires ask about DMARC
Underwriters increasingly ask whether your domain enforces DMARC. A documented email-authentication program helps at renewal time — and helps avoid claims in the first place.
What our service includes
- Continuous monitoring of every service sending email as your domain — legitimate and fraudulent
- A guided, safe path to full enforcement (p=reject), so spoofed mail gets blocked without breaking your real mail
- A monthly report, under our branding, showing your authentication status and what changed
- Alerts when your email-related DNS records change or break, before it affects delivery
Getting started — three steps
We publish one DNS record
A single monitoring record — no changes to how your email works day to day.
We map your senders
Over the first weeks we identify every tool and provider sending as your domain, and fix authentication for the legitimate ones.
We switch on enforcement
Once your real mail passes cleanly, we move your policy to enforcement so spoofed mail is rejected outright.