DMARC Configuration Service

Protecting Your Brand’s Reputation and Your Revenue

Malicious emails are delivering malware or scamming individuals into making payments or passing on sensitive information. According to UK Finance data, in 2023 a total of £50.3 million was stolen from people in the UK through invoice and mandate scams. And 80% of those scam cases originated via an email. One UK based financial institution has stated that 40 of their clients are known to have been targeted in 2024 so far, with a total value attempted of more than £1.3 million.

The challenge is, email is easy to spoof and what’s more, criminals have found spoofing to be an effective way to exploit user trust of well-known brands.

Emails being received aren’t simply replicating the look and feel of a genuine one using either domain name spoofing (Company person@yahoo.com) or lookalike domain spoofing (Company ) but the ‘sender’ is identical too (Company <person@company.com). This direct-domain spoofing is a real threat.

A multi-layered approach to security is key but sometimes the more straightforward options are overlooked. One such option is DMARC.

If DMARC isn’t configured or configured correctly, it is very easy for threat actors to intercept emails and alter document content. A common example is a change in banking details or payee information within an invoice.

A person wearing glasses and a red turban stands indoors, holding papers and gesturing while speaking. The individual is dressed in a green shirt dress with a belt. The background is blurred but suggests a modern office environment.

Are you protected?

Without full DMARC protection criminals can impersonate your email without hacking into your system. Fill in our form and we will test your DMARC status.

96%

of phising attacks arrive
via email

3.4 Billion

Number of malicious emails
sent daily

$10.5 Trillion

Projected cost of cybercrime
by 2025

25%

of data breaches caused by
phishing attacks







DMARC – Why it’s important

DMARC, or to use its full name, Domain-based Message Authentication, Reporting and Conformance, is a way to make it easier for email senders and receivers to determine whether or not a given message is legitimately from the sender. It doesn’t require the purchase of any expensive technology but a configuration within DNS settings.

DMARC should be taken seriously. We’re seeing moves around the world to enforce it and its being used by government agencies (Australia, Canada, Netherlands, New Zealand, U.K., U.S.A.). But most significantly, in October 2023 both Google and Yahoo, the world’s largest mailbox providers, announced requirements that bulk senders must have DMARC in place by the beginning February 2024. So, any organisation sending 5,000 messages a day or more to either of these, their email domain must have a DMARC policy in their DNS. If emails don’t pass DMARC alignment, they will simply not be delivered. If you’re trying to market your products and services, that will have a significant impact.

But DMARC is also playing a bigger part in compliance. It is now mandatory for any organisation requiring PCI DSS v4.0 compliance. And whilst not mandatory, DMARC plays a significant part in DORA compliance, complementing its objective of making the financial sector more digitally secure and resilient.

Dispelling a Myth

Some would say that DMARC doesn’t protect the sender. Not true, it protects both sender and recipient. DMARC protects the brand and reputation of the sender by maintaining the trust and integrity of the email, and it protects the recipient by preventing malicious domains getting through.

How Can Sapphire Help

To correctly configure DMARC takes knowledge and an investment of resource time. Let Sapphire help you and reduce that burden

Our experienced consultants will work with you using a DMARC tool to interpret the reports and identify who is sending emails in your name. With our guidance, you’ll set up a DNS policy that will only allow legitimate emails to be sent from your domains.

Once at Reject, the job isn’t done. Email is not simply a point-in-time configuration. But once we’ve taken you through that journey to the point of Reject, you’ll be well placed to continue managing your DNS going forward. So should a colleague introduce the use of a new marketing tool and hasn’t informed you, or the DKIM key isn’t rotating properly, the visibility and knowledge you will have will enable you to deal with it efficiently.

A man wearing glasses and a blue shirt is sitting at a desk, typing on a laptop. Beside him, a curved monitor displays lines of code relating to content security. A lamp is positioned on the desk, illuminating his workspace in the dimly lit room.