Why DMARC matters: Protect your organization from evolving phishing threats

Phishing campaigns continue to change. Attackers are adapting faster than traditional security tools, using more subtle methods to bypass filters and reach inboxes. The latest KnowBe 4 Phishing Threat Trends Report (2025) shows a steady increase in attacks that slip through email security platforms and a growing use of techniques that avoid detection, increasing 173% since September 2024.

In this post, learn about the key challenges facing organizations in 2025, why traditional email defenses fall short, and why implementing Domain-based Message Authentication, Reporting, and Conformance (DMARC) through Red Sift OnDMARC should be your priority.

A changing field of tactics

In 2024, over 80% of phishing emails included small changes — such as edited subject lines, sender names, or logos — that made them harder to detect. These subtle variations allow attackers to send nearly identical emails that don’t trigger blocklists or signature-based detection.

Some campaigns also use invisible characters, odd symbols, and mismatched metadata to get around filters. These small changes disrupt email grouping techniques, which many detection tools rely on to block similar threats.

Attackers also continue to use shared inboxes and delegate accounts to reach more people inside organizations. These campaigns often target hiring teams, with fake résumés and application emails designed to blend in with legitimate recruitment processes.

Ransomware continues to spread through phishing

Ransomware payloads delivered via phishing grew by over 20% in the last six months. Attackers are using techniques like HTML smuggling and password-protected zip files to hide malicious content inside email attachments. These payloads are often disguised with filler content and hidden URLs to avoid triggering standard security alerts.

Once the ransomware lands, it relies on simple prompts or fake system alerts to trick users into running the file. After execution, it blocks user controls and encrypts data, leading to downtime, recovery efforts, and potential data loss.

These attacks often bypass security tools that rely on scanning known file types, URLs, or hashes. Newer obfuscation techniques make those signatures unreliable. Without stronger controls at the point of delivery, phishing remains a simple way for attackers to get ransomware into an organization.

Traditional email defenses can’t keep you protected

Many organizations still depend on Microsoft 365 and Secure Email Gateways (SEGs) to protect users from phishing. But the report shows a 47% increase in phishing emails that bypass these systems.

Why? Because these tools often rely on fixed rules: if a sender’s reputation is clean, or the URL isn’t flagged, the message gets through. But attackers now send messages from compromised accounts, hijacked domains (like Google Docs or Dropbox), and cloud platforms. These messages appear trustworthy but carry malicious links or files.

Attackers also use email body images, QR codes, unicode characters, and subject line tricks that security filters don’t always catch. These tactics help them avoid detection, even by advanced filters using natural language processing.

To close these gaps, organizations need layered security. But more importantly, they need to stop phishing emails from appearing legitimate in the first place and ensure full visibility of their email ecosystem.

DMARC: Your best defense

DMARC prevents unauthorized senders from using your domain to send email. When properly enforced, it stops domain spoofing, Business Email Compromise (BEC) and phishing emails from reaching customers, partners, and employees. 

Advice from the experts

DMARC is a powerful tool, but the individual user should still remain vigilant against compromised or hijacked accounts. The best cybersecurity defense is a multi-layered approach that includes DMARC, alongside robust password management, avoidance of suspicious links and regularly updating your security information.

Implementing DMARC doesn’t need to be a headache. With Red Sift OnDMARC, you can simplify the process by removing the manual work of analyzing DMARC reports to spot threats, while streamlining your journey to full enforcement (p=reject) with confidence. 

OnDMARC supports organizations by preventing phishing attacks at their source. By enforcing DMARC with OnDMARC, organizations prevent unauthorized senders from using their domain to deliver malicious emails, cutting off a key attack method before it reaches the inbox. OnDMARC simplifies deployment with guided workflows, visibility into email authentication, and automated recommendations to fix issues quickly. 

Combined with its support for SPF, DKIM, TLS reporting, and MTA-STS assessments, OnDMARC gives organizations the control and insight they need to protect their domain, maintain trust, and reduce the risk of phishing, ransomware, and business. Get started today with a free 14-day trial.

PUBLISHED BY

Jack Lilley

16 Apr. 2025

SHARE ARTICLE:

Categories

Recent Posts

VIEW ALL
BIMI

VMC and CMC: What are the new requirements?

Jack Lilley

Executive Summary: Staying updated on Verified Mark Certificates (VMCs) and Certified Mark Certificates (CMCs) is crucial for organizations aiming to authenticate their logos and enhance brand trust in email communications. Discover the key changes in the latest security requirements and compare the differences between VMCs and CMCs.​ This article: Introduction Verified Mark Certificates (VMCs) and…

Read more
BEC

The future of email security: Innovations, challenges, and the role of DMARC

Jack Lilley

Executive summary: Email remains a critical tool for business and personal communication, but it is also a primary target for cyber threats such as phishing, spoofing, and Business Email Compromise. As attackers become more sophisticated, organizations must adopt advanced security measures like DMARC and stay informed about emerging authentication protocols. Industry collaboration and proactive…

Read more
Aviation

Why implementing DMARC is essential for Aviation

Jack Lilley

If you’re in aviation and still haven’t locked down your email security, you’re taking a serious risk. Cyberattacks on airlines, airports, and aerospace companies are up 131% in just one year. Phishing and Business Email Compromise (BEC) scams are hammering the industry, costing millions, causing chaos, and damaging customer trust. Attackers aren’t just targeting…

Read more
News

Red Sift Brand Trust joins Cisco portfolio to extend domain and brand…

Francesca Rünger-Field

Many organizations have implemented email authentication and hardened their owned domains against abuse. But a more exposed and less controlled surface remains: the brand. With the ease and efficiency of AI tools, brand impersonation has become a successful tactic for bypassing technical controls and targeting users directly. While email authentication protocols like DMARC can…

Read more