How to be more meerkat about your email security

“Is it ok if I send an email from your email address?”

That’s always a surefire way I can grab someone’s attention in a meeting.

Some people don’t think it’s possible and are rather surprised when it is. However, most people with a technical background, who know how the SMTP email protocol works, know that not only is it possible, but it’s been possible since the creation of email.

Email has come a long way

We doubt the forefathers of email ever foresaw how widely used email would become. They saw it as a messaging solution among individuals within a few trusted networks, such as universities.

Today we use email for so much of our communication, especially between separate organizations. The open nature and widespread adoption of email make it the simplest way to communicate, whilst messaging solutions like Slack and the collaboration features found in most modern applications may replace email to some extent they are far from replacing it completely.

So wouldn’t you want to know if something was wrong with this vital communication channel?

Don’t bury your head in the sand

Don’t bury your head in the sand…

A lot of people would rather not know if their email domain is open to exact impersonation (spoofing), because then it becomes a problem they need to fix.  

But exact impersonation is a very common problem. In fact, when organizations first start their DMARC journey with OnDMARC, we find that most are experiencing some level of impersonation, with anything from 20 to 30% of their emails being sent from an illegitimate.

Worryingly some of these emails are straight-up spam, so this risks putting your domain on a black list or worse could enable direct spoofing attacks to you or your business network.

Be more meerkat with DMARC!

Always be on the look out! Photo by Lance Anderson on Unsplash

The DMARC authentication protocol lets you keep a constant watch out for these impersonation attacks. DMARC allows the receiver to validate if an email is legitimate or not. For every validation, legitimate or not, a report is generated which allows you to see the level of impersonation that your email domain is being subjected to.

However, the most powerful aspect of DMARC is the fact that it can stop these spoof emails entirely. Your DMARC policy is essentially the instruction you give to receiving servers, telling them what to do with your email. By adopting a strong DMARC policy of p=reject, you’re actively telling receiving servers to reject any emails that aren’t coming from a legitimate sender, and your domain can’t be impersonated for phishing and spam.

Check your DMARC setup today

Awareness is the first step to solving the email spoofing problem. So why not check the current SPF, DKIM, and DMARC setup of your domain with our free investigate tool? It’s quick and easy to use.

check email dmarc setup

PUBLISHED BY

Red Sift

12 Aug. 2018

SHARE ARTICLE:

Categories

Recent Posts

VIEW ALL
Certificates

TLS certificates are changing: What you need to know

Red Sift

Executive summary: TLS certificates are about to get significantly shorter-lived. Starting 15 March 2026, newly issued public-trust certificates will max out at 200 days—and just three years later, that lifespan drops to 47 days. Backed by Google, Apple, and Mozilla, this shift aims to make the web safer through fresher data, faster failover, and…

Read more
DKIM

The hidden threat: How misconfigured DKIM enables replay attacks

Red Sift

Email authentication isn’t just an IT concern. It protects your brand and customers. A single misstep can let attackers spoof your domain, send phishing emails, and destroy customer trust. One of the most dangerous methods? The DKIM replay attack. In this post, we’ll break down how undersigned DKIM keys and related misconfigurations open your…

Read more
BIMI

Why DMARC and BIMI are a business priority

Jack Lilley

Email threats aren’t slowing down, and neither should your authentication strategy. In our recent joint webinar with Marigold, “From DMARC to BIMI: Navigating the New Email Authorization Landscape,” we broke down what today’s evolving standards mean for both security and marketing teams—and how to take action now with our free Red Sift Investigate tool.…

Read more
ASM

Zoom stops zooming: Why active monitoring is essential

Billy McDiarmid

​On April 16, 2025, Zoom experienced a significant global outage that disrupted video conferencing services and access to its website for thousands of users, as well as their corporate email for all their employees. It was quickly identified as a domain name registration status problem. Despite being a critical name for Zoom, somehow, the…

Read more