How to be more meerkat about your email security

“Is it ok if I send an email from your email address?”

That’s always a surefire way I can grab someone’s attention in a meeting.

Some people don’t think it’s possible and are rather surprised when it is. However, most people with a technical background, who know how the SMTP email protocol works, know that not only is it possible, but it’s been possible since the creation of email.

Email has come a long way

We doubt the forefathers of email ever foresaw how widely used email would become. They saw it as a messaging solution among individuals within a few trusted networks, such as universities.

Today we use email for so much of our communication, especially between separate organizations. The open nature and widespread adoption of email make it the simplest way to communicate, whilst messaging solutions like Slack and the collaboration features found in most modern applications may replace email to some extent they are far from replacing it completely.

So wouldn’t you want to know if something was wrong with this vital communication channel?

Don’t bury your head in the sand

Don’t bury your head in the sand…

A lot of people would rather not know if their email domain is open to exact impersonation (spoofing), because then it becomes a problem they need to fix.  

But exact impersonation is a very common problem. In fact, when organizations first start their DMARC journey with OnDMARC, we find that most are experiencing some level of impersonation, with anything from 20 to 30% of their emails being sent from an illegitimate.

Worryingly some of these emails are straight-up spam, so this risks putting your domain on a black list or worse could enable direct spoofing attacks to you or your business network.

Be more meerkat with DMARC!

Always be on the look out! Photo by Lance Anderson on Unsplash

The DMARC authentication protocol lets you keep a constant watch out for these impersonation attacks. DMARC allows the receiver to validate if an email is legitimate or not. For every validation, legitimate or not, a report is generated which allows you to see the level of impersonation that your email domain is being subjected to.

However, the most powerful aspect of DMARC is the fact that it can stop these spoof emails entirely. Your DMARC policy is essentially the instruction you give to receiving servers, telling them what to do with your email. By adopting a strong DMARC policy of p=reject, you’re actively telling receiving servers to reject any emails that aren’t coming from a legitimate sender, and your domain can’t be impersonated for phishing and spam.

Check your DMARC setup today

Awareness is the first step to solving the email spoofing problem. So why not check the current SPF, DKIM, and DMARC setup of your domain with our free investigate tool? It’s quick and easy to use.

check email dmarc setup

PUBLISHED BY

Red Sift

12 Aug. 2018

SHARE ARTICLE:

Categories

Recent Posts

VIEW ALL
DMARC

Keep your Microsoft Online Email Routing Address secure with Red Sift OnDMARC

Faisal Misle

Every Microsoft 365 tenant includes a default domain in the format tenantname.onmicrosoft.com. This is known as the Microsoft Online Email Routing Address (MOERA). What many don’t realize is that attackers have started using these domains to impersonate organizations in phishing attacks. If left unmonitored, MOERA domains can become a blind spot in your email…

Read more
News

Red Sift OnDMARC ranked #1 in EMEA and Europe for DMARC in…

Francesca Rünger-Field

G2’s Spring 2025 Report is here, and we’ve got some exciting news to share! Red Sift OnDMARC has been named the #1-rated DMARC solution in both EMEA and Europe, and that’s just the start. We also took the #1 spot in the Mid-Market Results Index and Mid-Market Usability Index, and were featured in 18…

Read more
DMARC

The Mail Check deadline has passed: Is your organisation at risk? 

Jack Lilley

The National Cyber Security Centre (NCSC) proposed changes to Mail Check services came into effect on 24 March 2025, including the ending of DMARC aggregate reporting. Organisations who are yet to comply must now seek an alternative provider or risk exposure to harmful cybersecurity incidents. This change comes as a measure to expand the…

Read more
Awards

Red Sift named a Top 50 company in 2025 Emerging Stars Awards

Jack Lilley

We’re pleased to share that Red Sift has been named Best Performing Company – Security & Infrastructure in the 2025 Emerging Stars Awards. These awards, part of the Megabuyte100 series, recognise the UK’s 50 best-performing scale-up technology companies based on solid financial performance, from over 800 entries.  Being recognised in this category reflects the…

Read more